From 42fbb0cb02bdaa875673e704f5415fbf9cea5b8d Mon Sep 17 00:00:00 2001 From: Kinara Shah Date: Mon, 30 Aug 2021 09:48:14 -0700 Subject: [PATCH 1/2] add index.yaml assets/ --- .../fleet-agent-100.0.0+up0.3.6.tgz | Bin 0 -> 2333 bytes .../fleet-crd/fleet-crd-100.0.0+up0.3.6.tgz | Bin 0 -> 21922 bytes assets/fleet/fleet-100.0.0+up0.3.6.tgz | Bin 0 -> 3127 bytes assets/logos/alerting-drivers.svg | 31 + assets/longhorn/longhorn-100.0.0+up1.1.2.tgz | Bin 0 -> 15685 bytes .../longhorn/longhorn-crd-100.0.0+up1.1.2.tgz | Bin 0 -> 1813 bytes ...ncher-aks-operator-crd-100.0.0+up1.0.1.tgz | Bin 0 -> 1136 bytes .../rancher-aks-operator-100.0.0+up1.0.1.tgz | Bin 0 -> 1642 bytes .../rancher-alerting-drivers-100.0.0.tgz | Bin 0 -> 7877 bytes .../rancher-backup-crd-2.0.0.tgz | Bin 0 -> 1693 bytes .../rancher-backup/rancher-backup-2.0.0.tgz | Bin 0 -> 6863 bytes .../rancher-cis-benchmark-2.0.0.tgz | Bin 0 -> 5081 bytes .../rancher-cis-benchmark-crd-2.0.0.tgz | Bin 0 -> 1463 bytes ...ncher-eks-operator-crd-100.0.0+up1.1.1.tgz | Bin 0 -> 1154 bytes .../rancher-eks-operator-100.0.0+up1.1.1.tgz | Bin 0 -> 1638 bytes ...er-external-ip-webhook-100.0.0+up1.0.0.tgz | Bin 0 -> 7547 bytes .../rancher-gatekeeper-100.0.0+up3.5.1.tgz | Bin 0 -> 9393 bytes ...rancher-gatekeeper-crd-100.0.0+up3.5.1.tgz | Bin 0 -> 5724 bytes ...ncher-gke-operator-crd-100.0.0+up1.1.1.tgz | Bin 0 -> 1380 bytes .../rancher-gke-operator-100.0.0+up1.1.1.tgz | Bin 0 -> 1638 bytes .../rancher-grafana-100.0.0+up6.11.0.tgz | Bin 0 -> 28619 bytes .../rancher-istio-100.0.0+up1.10.4.tgz | Bin 0 -> 19695 bytes .../rancher-kiali-server-100.0.0+up1.35.0.tgz | Bin 0 -> 10486 bytes ...cher-kiali-server-crd-100.0.0+up1.35.0.tgz | Bin 0 -> 618 bytes ...her-kube-state-metrics-100.0.0+up3.2.0.tgz | Bin 0 -> 7942 bytes .../rancher-logging-100.0.0+up3.12.0.tgz | Bin 0 -> 12561 bytes .../rancher-logging-crd-100.0.0+up3.12.0.tgz | Bin 0 -> 74738 bytes .../rancher-monitoring-100.0.0+up16.6.0.tgz | Bin 0 -> 317124 bytes ...ancher-monitoring-crd-100.0.0+up16.6.0.tgz | Bin 0 -> 118511 bytes ...rancher-node-exporter-100.0.0+up1.18.1.tgz | Bin 0 -> 6734 bytes .../rancher-prom2teams-100.0.0+up0.2.0.tgz | Bin 0 -> 4302 bytes ...er-prometheus-adapter-100.0.0+up2.14.0.tgz | Bin 0 -> 8488 bytes .../rancher-pushprox-100.0.0.tgz | Bin 0 -> 7103 bytes .../rancher-sachet/rancher-sachet-100.0.0.tgz | Bin 0 -> 3606 bytes .../rancher-sriov/sriov-100.0.0+up0.1.0.tgz | Bin 0 -> 6433 bytes .../sriov-crd-100.0.0+up0.1.0.tgz | Bin 0 -> 3157 bytes .../rancher-tracing-100.0.0.tgz | Bin 0 -> 3692 bytes .../rancher-vsphere-cpi-100.0.0.tgz | Bin 0 -> 3712 bytes .../rancher-vsphere-csi-100.0.0.tgz | Bin 0 -> 6539 bytes .../rancher-webhook-1.0.0+up0.2.0.tgz | Bin 0 -> 2294 bytes .../rancher-windows-exporter-100.0.0.tgz | Bin 0 -> 5943 bytes .../rancher-wins-upgrader-100.0.0+up0.0.1.tgz | Bin 0 -> 5857 bytes ...tem-upgrade-controller-100.0.0+up0.3.0.tgz | Bin 0 -> 1701 bytes index.yaml | 1259 +++++++++++++++-- 44 files changed, 1162 insertions(+), 128 deletions(-) create mode 100644 assets/fleet-agent/fleet-agent-100.0.0+up0.3.6.tgz create mode 100644 assets/fleet-crd/fleet-crd-100.0.0+up0.3.6.tgz create mode 100644 assets/fleet/fleet-100.0.0+up0.3.6.tgz create mode 100644 assets/logos/alerting-drivers.svg create mode 100644 assets/longhorn/longhorn-100.0.0+up1.1.2.tgz create mode 100644 assets/longhorn/longhorn-crd-100.0.0+up1.1.2.tgz create mode 100644 assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.0+up1.0.1.tgz create mode 100644 assets/rancher-aks-operator/rancher-aks-operator-100.0.0+up1.0.1.tgz create mode 100644 assets/rancher-alerting-drivers/rancher-alerting-drivers-100.0.0.tgz create mode 100644 assets/rancher-backup-crd/rancher-backup-crd-2.0.0.tgz create mode 100644 assets/rancher-backup/rancher-backup-2.0.0.tgz create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.0.tgz create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.0.tgz create mode 100644 assets/rancher-eks-operator-crd/rancher-eks-operator-crd-100.0.0+up1.1.1.tgz create mode 100644 assets/rancher-eks-operator/rancher-eks-operator-100.0.0+up1.1.1.tgz create mode 100644 assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up1.0.0.tgz create mode 100644 assets/rancher-gatekeeper/rancher-gatekeeper-100.0.0+up3.5.1.tgz create mode 100644 assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.0+up3.5.1.tgz create mode 100644 assets/rancher-gke-operator-crd/rancher-gke-operator-crd-100.0.0+up1.1.1.tgz create mode 100644 assets/rancher-gke-operator/rancher-gke-operator-100.0.0+up1.1.1.tgz create mode 100644 assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz create mode 100644 assets/rancher-istio/rancher-istio-100.0.0+up1.10.4.tgz create mode 100644 assets/rancher-kiali-server/rancher-kiali-server-100.0.0+up1.35.0.tgz create mode 100644 assets/rancher-kiali-server/rancher-kiali-server-crd-100.0.0+up1.35.0.tgz create mode 100644 assets/rancher-kube-state-metrics/rancher-kube-state-metrics-100.0.0+up3.2.0.tgz create mode 100644 assets/rancher-logging/rancher-logging-100.0.0+up3.12.0.tgz create mode 100644 assets/rancher-logging/rancher-logging-crd-100.0.0+up3.12.0.tgz create mode 100644 assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz create mode 100644 assets/rancher-monitoring/rancher-monitoring-crd-100.0.0+up16.6.0.tgz create mode 100644 assets/rancher-node-exporter/rancher-node-exporter-100.0.0+up1.18.1.tgz create mode 100644 assets/rancher-prom2teams/rancher-prom2teams-100.0.0+up0.2.0.tgz create mode 100644 assets/rancher-prometheus-adapter/rancher-prometheus-adapter-100.0.0+up2.14.0.tgz create mode 100644 assets/rancher-pushprox/rancher-pushprox-100.0.0.tgz create mode 100644 assets/rancher-sachet/rancher-sachet-100.0.0.tgz create mode 100644 assets/rancher-sriov/sriov-100.0.0+up0.1.0.tgz create mode 100644 assets/rancher-sriov/sriov-crd-100.0.0+up0.1.0.tgz create mode 100644 assets/rancher-tracing/rancher-tracing-100.0.0.tgz create mode 100644 assets/rancher-vsphere-cpi/rancher-vsphere-cpi-100.0.0.tgz create mode 100644 assets/rancher-vsphere-csi/rancher-vsphere-csi-100.0.0.tgz create mode 100644 assets/rancher-webhook/rancher-webhook-1.0.0+up0.2.0.tgz create mode 100644 assets/rancher-windows-exporter/rancher-windows-exporter-100.0.0.tgz create mode 100644 assets/rancher-wins-upgrader/rancher-wins-upgrader-100.0.0+up0.0.1.tgz create mode 100644 assets/system-upgrade-controller/system-upgrade-controller-100.0.0+up0.3.0.tgz diff --git a/assets/fleet-agent/fleet-agent-100.0.0+up0.3.6.tgz b/assets/fleet-agent/fleet-agent-100.0.0+up0.3.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4f74a9ee92db59823af581865072555e87303fa8 GIT binary patch literal 2333 zcmV+&3F7u2iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI>{Z{s!+-)DV_fr4W1Po&6B;w|)+%WjM9rF%iLEpTXy1uczi zo+(l#DW|UM?|vXD$+E1(o88pu0-lFNCTE62YJM|AiWx)H0hu7zCzn$qb+{lod-0?c zMNu?5JG1|zDC+)?MuW2#gR{Y4I6RAnqtT0KaC$mAeF4$an$b_C(nP+9K6|Y0plJI1TvX^a2(-e6OzLq8Wy)2yMs0xx` z46ZS7&ZibiW8NzwR1A#r^0(ezi42Ltz$lKP<;fl?=#MBB6+DLd&?80B{EWiWaO9<^ z5=jefo4zrU@IB#Vf)Xx_1_fx#9&@34Pyj_8m1`GJAyaAk-T8IMj*O| zFcEn?Iy*Zxpue?>f4I4d!S`!(jQRp|K%R&cQ?PDcTXuQzi8hAb5xmWSVWt7|LN9=7 zpbCgmWsWK6DOFva@2_qRi=q>bDU26D;0_ss85egPE-%9M94;@~Q%G2;w6O*!RB37B zwVQ{h#mvTC%X>w}$P{P+Bu&jf-4ZSf!8bJs&K98=U;#uTaG{MHra&?yV1zT0=+HZ2 zR&ned0c1kNFeY+s8#Mv*?dy6W>+y^gN{NILjc`Zx)N`zFU$>{$WQDHy9a^KD!REKq zU_0NfQ%RquL~u=L^WG{UwK;i(iA1eDmws+qT`ld-*J}lJs`8HD+NK^zgx?`O0;b>GfV~L6OVF@k`rdI=!V%cqe+yxb;0z; z<-d1Z8Kzzkk>V{fOtg?dxN!)EZi)&r;a;$nfD{WR7P%3&ifj@zrnGg$uv{6$ueHSR z(=Xnv9Al!{7PkigFl!Ld&F5`3mNkGGF6!FAaoctPQ5a5RfdA&#k}$t&w+M*AZ^D%! z%rZ=L4DZBkGR3rH*w$_=3=<~Gw2)#>Q|s*?{>WCcnU z>f#AXfnD|g=`iZ#|MOSp(INlugOc@W~ct$5VDV}6AuoM5M z-TnV)I6Bn-d!ZTSX$+V4eSc4i&7JeW%Tbe*XkwH5R-IAzICqKRkHF@mWt9q-%XY+Y zB_ym?Rj=q#ygsWi3@Vu2wD;ubyQ;{iRVq{@3N; zQv`q=_#d3U8g}u29v$$%7i#036oopO4?GtWUaz+V4@Uu2U}ASI8-;&PbTYlFwv7(A zq$oBe0cw}4WLo1GVjJSU3IOWi4OJUIl#P%n4CZSML1q8Di|^muUSC|kX?m(^{u?Rs zxYY=dQDo^2W}B^5`!&(ixUoBIwxA8KJ70m9%Vjgy2MVnaR;zVHv$Em3`d_W$Zl@-b z)#_z4+V;zF?F!|bCU}t~qU3se!&t}J!0xh}K)l`xhV89m6NtCAaJ3dK{!4NOA^ZWH z^3?1wzg~;g<=RHWeFJZ7VjGF=jpn0=es1LbHK;%SbJTZ2&OQ`^(PZ&~FedKI-%ra1 zJL|tuC;kryXM@op{_lf=AlRt+sy9#hB%FP14@8=T@XmEzTc7C32~{`?thboIRZn$> zwOlsvuFtx{&Ow)fWgX57k#^3VD4$4FHqr#H1-lK-U*9hZtXkhX8TfnDkJRKbHzYpr-e{A0T8uQZVi3ia6 ziVWaSk>#P9o=k<9`7sni>40*j31i3ZS6NIXNpYJ!NRgq&z=7G1!8WQgNf1*^k710N zkQmtJM4}zHi5r_0WxF{1xFSfRaR}|AoC$h!`^Edd>e4NUU4)H-&wot8*F6-g4tHCn zAK2ROK0Zw*P;Yx18?H;n>RD`yc39RGl9^_n6Z7(a@~Z*-WAN=eHxHZ9z_e7;GLJ!F z{w{y^NvTC{7;ZOK{k@nW|JjcrBTV7S|7Bg<%ZV~W2HZdX$XxNuedS}bE_*Fn>rwx- ziWOi?l9|Y|E1FXs!{7;WS%3VOW0E}GJ%C;D-#mBD|A&L~L;T+dwPU}1>!j3EA?fcH zAzL-zrTY?kBN#q>Do}l_4BAc7NXe3!;w%7C&~K$Ei>gw4`Hz?OzJU^@OmL%dj&j^; z@VYtcad!WU@|5z)r8!1nq*X4O-#NR?6$-4bZ-7^v9|j=684_W{Q{R4hQCIf0mY8EF&09bH7LH2 zedc}m|GXXFChfxiAnM}()#>n%|Mx;2{P*UThmZfCdj<#k9O}paoG_XajZaen?5zK{ zzyA-S!};%CXt|^raD?sR@S{#^mrKY9W$?H9j?eokRbVg2HMp38q}b ziS{0_yGwm+Z-M4QX<&4QYypHR(JqGk_Snzun+H13fev(_Kac(&00960MH>~#06G8w DGv<(U literal 0 HcmV?d00001 diff --git a/assets/fleet-crd/fleet-crd-100.0.0+up0.3.6.tgz b/assets/fleet-crd/fleet-crd-100.0.0+up0.3.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4ad571cfb8bcac710e9b92ba4a3f95bf825dc4cb GIT binary patch literal 21922 zcmZU)V{j%<*f$y{8(SOOww-Kj+s?+mW81cE+jg?CZCfY*=Xu|%bLz~O?z*O@XS!>u zyRRScBcM=${=2>@fv6266d8;pWZ0zLIav*vRT+$xSS>V_IN9V>RoP_JtSt>}joprO-PfYv$}Y3{nDv|nF*@+ZTs+q>a3`MJS5_cHMN|w1 ziBy5KJ{TzE&v7 z?kfG%A@0Ff9dg!nDkCh2{!9J%^fbm$_N;ae)fwi#NPpCA~f)@f$hG zY6B+vlmW01A)bfoXuVk zt+Ky!t^4H~C!n?o3RRCn%4Ms3#|B9M_vrLWE(@=pVL#M#C|cHG9ShMHcXBn?@-jVe zR{k1Dm-_@ZBgkK8gHuc&GL^|1{Dv3YnSa&*p8Lo5qLWOu=LsG48>iDZC@Ok8+7T8f zBF*Ktx1FQDb9TEzY0e4kZ1wsOJ<+@(j|-0;_jE~hy-@xp=*cg=5;r>UsH#=kZ?7DC z6&jHUFQ%znbSXNuxAc^D+Xz&aDMM1+wMLE;ahHpxkcRaoI5n*0PLA~r)@jv8lYQ&v zZkxtPJ(OqFLe=sF7}187TDLbS(%)>&x4#KOv}qdBQhkhH?LKZ{>}K^9@Ignk`f2S} zyU;m^C+iI76Fv;t&ZN6%17sKcN5ZZ4g7X+cCgHl1^2n`Xa~$gfKGw&($-a7j3%9Rw zB3a(po$e5M4#-Zcg4?yWyOg0>+EiPoVp$o<(=bmpprb7=F-|q8lM!WjszQ)iEGsg} zNbxFA7r%B2iaf8;TNfRoDYY{->#|>o1Htzm(5w!$L~b%F#4tl8mmr*15Vh=0z+t{s zgf#hm>KqFHbp>U|k?l~gaUVCL)f%Ki=2phgV8W%};z?AC?l-mx*GDIZeZvNVR)CW@ zmkMMC7L{{pxe~>U&#sO*CInh8hJcx$8+=a9wKcl`Y7ncyN=K%ETe^DfwRN-1eAfBK z_p*CwaMhd)vCkHasS?%g5QP4NFE$+?$_f&;LPvmf9*&G$C$ry~7ZY*ZtJ(=_XCN>IFl zpAwW`mX~`5xE|fhD<6S%vCe`O>8QZc4WIADZ4f`IAmsOB!!oEXmaGYGSR1s&q$tTz z?8=|X$G=jt^9zalYDZ}VNoUk?&496pDJ}`x01nX%_ zVSV2rf{gnO%fD1x`e}BoF9{5@+O62KTGOfbhaR~hoFzbYz1_C~ME;-norono{)G0? z?&@1Qa048P25D}>ieQsdzoSV4l|BNM(TK(5b+@n7FMp}oZ~{VOKyXJdHGH6?krD&A z?tomyEoMwA`VvuExmA}@#bZBuu{WlLJ%@771iS9@3Ztd~hL;!+Gsti$D5`!vX?l+r>^8cQ?Iy)D#BqH2w3O%&DK zuXz>88qVIk8<%BP{gt#db$Vahbx<$kPN(L~Il>_c4Z6~ovqDbMJ72jO=b%_&_f4eT z#tF6SxjVO;^_cP?tKX#@|>5q{=%1N zdu{Y2Ya~YTvyW2ytl|J%6lZ``_ppK!sAqIdYNr3LP)hlCIKA!x@}zeH(Z3_bX)F! z)R@1pehh8Ck)kDzscA+b@8G!UlYGTiQGJU>9$gEaMjmYgg+?Ar=EJ9Wxkf5nQEWN| z)o;UstjNv}M!46F1GGWO<)}m4J(af6nh%u$PzC(o9=CfJ7n5cYcgE{+>lzJrHYwL< za_=@1u89A(eP(-kR=wQ^RgYM4mtyC{9>eIKeRz;fbU^7$$QqR)i2*z>Xeg9CV?FD0+I)&_s2L9}Iv*na(2H+excCYGm;kQm}y5*$9MB3iyKwfSYc3ySrLoxw`p^nh-F< z(Nch>*(fn$ErMY_xm+_b4W0Gu+)DIiKOdjeR`AhO`ZGw z=pE@)+{E_sp=Y3QmO$|s-NN-+DsDQ*8gEEDa**jeaRv94W7w2Upt@P4T}{9nehvCq zUWW(>mI z#Xpa$fP7kLj)`4nc8Klteo2f#wOwu-J5RUaIjrMDUBl)12Y{uK+B}&Oe$5Lq3J?g< zSf5%|8wqdB(Xp*{>cD^#Pv<_S-ZNT@X5a^D-OEL|2rhxUuhr_$jnInJTjmrdSlexG zCl?fWuLM~$o7$h{0|h)kB&D`q?W&%VeJZDr#W1zo-Pr(zTo)p{-_jCV$V?bPG9mFPMWD5 z)yi82F@SU(n?Mdk3!(dG9g6qsB z9T1D{5#cj}j5ORKU0c$2Z?uwcSh(#^x7Q|{KoaYdtN~#ZS9en`jc6KcKVACHo$|1C zZ!~<0)=)K2>D5l6yT)+Uo#Oy?qKO%Q12KNTEpqQHq-n+154HGMrwbM2jt^6;o$fMvI9E{L#gZ8pjQ zoHv*)91);5DBO>SS5Y5-$RPJsdsbpJYfZB69Adi^YASMOTmXPB<( zB)G}g^10tu6;`lZRb|W6To$tf+VF8s&DYSHZ#E#=q@b-6*T~&4&4P@nx;;XNuueP` zO>!`cVp7eFf0R7|pT<>ydLtI8;$<}R9ZdN1{`WT$XR*n55Us0}_`pJdU<>#!& zwy#>n&EHLjwp`6q`xH@~@V7?Ne)!FUJq1xufq1Lp#9ABV5cgu?Nz)4|D|pH;0C;^$ zcwNpS56!rQ)2~dv>nKk+StY}G0d`4h{^$$tNllf7BIXIC9Q(Z>mAbgjp`4AthMDXV zB5zb4hb|mebSKr^_(ZmIkvp&FMw@L?DP<6fx4BUmnH!46yS^%0{lv24%!vLwi8nz( zoiZq?A2PRgUO2Z_5t{lE1e&_&ze-Wgy9RnUL5u;B4IFMN8{HXm|4?I2oRTj^{WU@t{r zdw4s}d$yb2cWffGXXe&x<_9t=O_9ob4sKof{DmK=%Wc|hqn!@2>H76HIgzqSk<6;W zc~K-bdB*9&Wr{ZAbSa1joYC%L!3vX2_Zdr;Y&~6Ll)R(`V)bf9-4%N_760p9RT%=V zM{Eu+WDS47gWLOXf(LgX>!lImTFTyS8P$Bn$gjbFgnFpPPW0<>;L){u5LQE-*UW>_ zZ;y)&3D7336gTB9?dABs#kap1W*T9L|5(wXko7s5Ugl0)mB~GRo~I*5ImBJ0@fqBA zVQ5Jw95o14hushD{cmRx7XHllY~}%)65=ca!qI&eyVpgzQ54BUt}z{|Vbcj#JfW`C z94>V}UxKR7G3MinZwyF|sFb>Hq^y#dQ4Kh(Ep!kEnLCWrlku3FdPBUo4u#rg!y)e4 z06T9I2#0PQR$wO;U@GAGX@HOhjO&L_)&n5d;uF74InF~`ojLYSI1hT$N$gMEUXDC9+_L6uX@Il04OST+M zLkT-VrEM2CD3H{v)7>YYUwJ_@=Ycj_;|t;Pr2SjwR6AEHb~J!X21|W3waNFegVJ*H zL4ydq7Ajy7+-<+=0g7$+6@!Li^5*E!+5DSiKNZm+Lo>em*2un~*o?CYOz3Eoon)a)N_iR|Pe*xr2ZadXE!kdJD8+%4=(LJ~MXJ+0 zu;LKV%t5Mi1x%{rZ;@9x!TTVHXKFgaPpYHYDfuTQv`|X!HF-&oTagx6BYB@h{VEW( zTFo@eRONds&CosbrU|bq+G6du-E~Pp-0-CRodR4N-aX7jd~r3R_wZ)g_P$?UoFQoI zB2UYVYnBwN8jWzWPFA;@wplQhuI!%+Nv>)or5F)BF5f6RgGp>&4r<)&|v7OQ^;S=)CswE@j|fyW5r%gyip21S4hF z(%5TUZIw@>ydohLX^FI>ps(>GNQ~gSWkh;dtIt6xuAT*8USqLiCN##iZJnxlxMd>S z^Fh$skJQU9MbgfJVVFkazWlBADRpqYt){r$17@^|_R6UMFVhkH^LBx#t}56m0^tpl{P`d?OT__;L5Z%30%X-V9*Tt?bb^pY$>d-)>7V9^$0Au4Hvc=Ljm zL8pq7?z=1+wRq26R=fv)dK@{;dlFOgtX+M++|h3vcji|0d<5;t*|nJ?s3mc!mjV2z z^H($ZK6*Z1iwdllhAmcYZOUtX?W}My6bUZMB$xVbFGKCc?$?&i4GULZo;B^OJm&Ug zT&7{T!KL$;qV)r{v=~Xn1-Ccx^DbW1GK^JdUKg-3zvx->_U`AztT?wo7mtAO0W>2h zjNFPQ+>mE)H|lhb#V=?JxB2ddTp%KoYM>H0Nfqyc%6f+;q|#hMnvqEK(ZnkZIm>8O zv$$|aw&)!N-5Yz1BCc)1su*mibccqR)(z{;?29R6hZWstA!rW2T@f`Y=) z&AGrBvtgSofb&sb%bZKeL;n)-X~27cVV`n z1!C|Tva>4lQ_EGt$#;y%le(oGC^eZl4&J4zR!g_9xWi)8FM%*9?wd%~37$kBCb8o8 zzF(nYu2GnO`_7N-lpD6BmAMv*(H63j*&nJ;A$j5Paz z@w^}Ok>-KDpA0@yxplRjWbTloLYU82!VV2Nc>E1yJtConuK{H8LK9`_`9$<_`y~7h zp#YpcLVSFnF=%Wo4;XU%6H9EY6FJG0Bzt(Hey1;St8)80>gwj&IhznSmT7eL{;-zF zH#hUg(GH0!CIFG^ei#IvpWgw*W5?ZT44ahX#`j)*AN>2anAk)jhv5cj08f`VICn)W zD=NK{*+SGm94rYG`HwtqUjw4@!YxYULkWpZJp}T+umL%tjL_PV)}M?@U$78rk?x+HRF$nH0Tr;062W2$m zcMyPaGHl!x^l^|P#Wk6WT*ObRe{E&4HgU_oJBb~^mSg{o$6(X*9AP-$ng*YtNb$8x+tsv}Jt2vn8%JR0rb5ULF zI;EVoCzE&@j0k(P;ki0%1quAtA&)Z7t`0H2YC^)|t|tsxS(|wQPEKwi@CFwT@V`fE z<0}Bo2+M2(GGjyA(VJ_k!GsC_7Pt8ps=?cC?`0N4PSP1Qol>VIiy#)%*v(usI@-4{ zne3f=elb}+mS;mT8MZ~dGh5oiD*(eOlP4GhGxPPS6yGYM`yP?Ll<=(MK*hF=LZ11t z4(Gj{0KxH-6Dv{JSp0nuxQ88P0A(B7xmti?o^+(V3T3E!i2{iJR%VbwU=stHBv<11 zlD5xz$}`;zj=hQyF1amuUxE)1e~zdUi@sWh4UVc#(K_xPh@9iwDwkW72Bn1Lw;`%7 z=ulIU`%qiorlK)BH!b1zVQbFAEv&Jwzq~)|9I)nfS>kpMcyM?w34q&XT~ss`l4@fA zH`28Y6cDwN?y@f1^0oj-Sj%E9UERsmv8jK*6ZyT&w}9RtNB#VD7i-w-3#UBZso>ze zK0N8n`ZlE5tg^@uZ8`5~(8L1!MlPKetUHWI1t*{9w>$$xxt4t;voga*xp*{D@}33| z%bM9iW6EUzoi-ijv%gcUyB!U04NWyD@BOVhiCv8k5Y+>Y^y&{7?a z5n6V-<3Fv5VOrqZHXXD|4p(Zwd!*G-uGQKHRBmOEt)eaib3f^_+#ulPaEy1UF$N+( z(*GBTljY_agFSW)O?FX1c?ml3AQ=B3*Af&DrpYg#=W`EI%;k*;#LZ#AN(nKCM~@Fn z443&|_FsEsSAeA1RM-}mmUz>zYrTJC7Q6{2QLF@SQQNAYdCwlHXMECsT29nI{_&%w zPq{msZcM7jyr)G*i3<#iNr8;5aKOqkvEhMY{e~n8h>S9}zHrNkjM9fSwk9zm#`CNB3m4O|b2b zlp49Z7rf|TgNSAqvN%Z1fP8AC4P*Eljh=kws&$c-zz993VuKJeai%nH>oT>uZjnv* zIX_zzs-?Y>;abA=73)|qV|2L&l>kQWm8>s>$!~D=kdEuqDy;6jv8LgR#itp)j$b%I zl1}YjKt_BOUJK-}&BpF@_3obkDA|VYC=U*dcpV;l0r`hWcOK~Q^Rx&#(6pxxI!k4F zs{rbTrZHzFZtseLt|hVc@0&B*ux+0YI(oI^vV-Ac$S>a`rO_tkOLG|nD+#-o?C4jZ zSr}${UK`Ujdc5J1&-(ZGhv$ihrpQ)X3S~-!D{9S)N1AfJ>f!d+)5>;=9&>e?{n94n z2JVwLjEz*#<<`)&BgeAr*4IjampG@E+*F4{EpL*wT@gHL-DXcvF+k8t7ZnaN+P=ai z3$=KF{7j3kaiQ(%>S@iJqHW0J?3GtWDPVVPtAa*lgb>{ifoZ2D-P)k`8gn+REm;af zCi?sdlj}}CJ|vzeQJmzWocBs6jC@JgVc);4Hl82SPPiy`d0oPj+xKigmeb5TyvLP; z4vzk*^ut!?P2mtGd3C3eW~Vi}Yq;m6;EtFTVg-a1!dy%=3V1D~U>Im*=H-um(J;^= z<_=~tky0sR@6JgXBM=iM7Gp~?<|K$Y%p#^fWGSNnJq!&iL~T1>c0Kn(0{KGRjJ@5Y z9MkIWy0@N9H*l>ZN_xl@tn2o-+ly1RUN`G$X7B8JAw9?J%g9GRw6}}XmYdEBPrSvm z6wqUfh;65Gx&_O;{{azJBsf(|e5XCAqao~O-XRGXtipFHeRk4*EyzS+ZImd4m0d0L zVxuT{?yy=|0^ydH=QD12#HgKBzRgk_*^n)V0!!5*HQ0sdgsYpThecLYzj07>B6+bQ z+mk~tcrWs62%~jnA+$b?jFkONHS+0b-^EC3|Ep71m7(C+OvMlu zYPtFA+_{Xbxn!ep6W4S2OL?4f__4L^Zz}@dje4e$(K+32ocBrXIUM@qk}3CU z{I&#PZz|)QoZ7$bO)5{S3En{qiuAqg2|Z7Wc*A`6_5duBby6ztK4^}0Nz&ChJdPN2>Yio%b%(n0T95my3pL)v>)jW#-%W)*9tQ-AmoLQUuY8f- z+#a^&eSbCa-D_=VY~8BfEf2cJy*8)107tx>6r;34 ze?y%g#K2Xzd*#a)4!TSZ-l0zg>3k4O4WmKDT5TnrAv{k>B{4# znPLE7RKxzD);+mExT!Da_}Pux?mDt-k}Q>q#-mFK@TR`2!LROdBsC3{9Ohhz5IA?& zFX(VcD<;b5$l5CAi)tp`3?s|Ps3Kcj0v)rJo?6UoaoxINF3m_yb}K>6t5LRN;CAQ5y1n-P+Kop5meEwHwLip8$$Knn+kS|u~L zHbbG=QT0%=V1D^8*58)j0kVNJ^qP-}zGH;hn&;_%kb@(0Vr~O<(sJJaMGmxO`iE@) zx+`%jTU!@rv3gOeW*QF3(6`v;!$ovbimK*9C@-P!;F?cNMTase5yaK-1^i#&pxVs^ z#a;LP=uM@GY_o#p*pl{>8@=Y946aV4GK%4vdtiP;7dEOdrFN8CpteY>Jt}Ws!fE(# z-~Wr!yXdKz zR_;TCsd6IVA0JLp4lciAcpFV3K!jjr;tAWPOW{<8A!uQ zNe0qh%b^kP@&`NECpu{+zWUq08;fEwYd2T9qSHR6T?eaxa!X>e#bqLO>i{qmC!+r! zg8xxhu{XN1z49CI??xcy!^nc_+P(h!Up1_k4*%bO4}nec+Q&WKtJAaD($=ZHpmA;= zBId~Uymc6m8m6A_HM<^jb?2H-+ULJzsMgZU9qwvU|7n{TAUgHx?9VrDS%yeG!+3Rq zenfdLyR@E8jQp%oX6-r@M2!_5rQT7NydQb!j}H{mvesH>53wLtg)^>I6^Wxnrm~G+ zifT0w8=N`i*m*)y;L{Lt{|gd$rUPCxF7r%fUjWeQ>-&qB2RJup3;06ZOSv9jZ(c5$ z!x!chC94H((xQ=fC#s(J!B$A@&p8Zhy3%aQWyo8W?BJ_01h-Q*!v+5I*XeW5UkpR_ zE*(|J2v(m;I<)MxhdgRN31Wh(1-SI^mr3IHdYZ#NDp0cl;Ir+u#N{EzFUN$KxC`q?!1W zi<%w)0f)b&8GnSzU4bq}G$kMt<`dstDX|CrIL12dY4G;$a3baV<@NY%`$rLU_4)pz z{`r2L>G@v%|7(GMnjOykXn}COjmRsZrxp?DJ@>gjTEhg|cn4{?dh|Ivkjf}#?(gq( z8@F7Jd+Leav?d;3><+8_HwvmI$4C*fm%p1cq@usJtld6aI#)Xat3&u({r>f=>F_@v zDlb2Ff4u+5QZ99Gj)m-`=6N^owza(hb41Y@A*C=emvDDA^fmlCAJD&#O1n1`TyO73 zVy=4(Azo+5Q0(k7eSE%_AD5T)dUOJU*ZvNw$JDHfZO)0??7n-oXKVShZA-`5l3o0D$e|fN%lUg-K6x4q zPhO#JGj7eu+JW?1q++aZC~BuwAf=-&L&~KMt4G+1zNmjrHGGoNqYmBmBffzI4Xfwq zP^anIxtMm4G~8C*i`uLKAwRFwpPA(RpyMf=8U8PgMzf*CH8$69RxhfQQg(QMH)Y4E z5;PT^Yf`{0|xg$d|rsQybY^u}? z&=Ufvz*iZ_-p+0$wl^D({GVq#_t`vnGSmDN2gZ=IT5+`MBd6T!+29||45X70d6sGJ zvbz;Ae!r}pfn#SUU)S&`f=CpFWw(MRjvcy6TI%pa$<9^5ukDrs(dRp^+D*qh(ck;M z#$6#z{2(&)Uc+cJnwEstyM;shGF1EPGlx#v)vRY$zw66pq z{$>&UnfxjPGB$W4GvxWz7Pbv`sq@TKv2%J6FlrkzY^CkEOaV;ob#c1}p4$X!+q~@? z;z^gGVrv>ugy#2yPna<6)(D=&k?f3?=FrU;4kb*ejA1X|`jc0bS55LH$np2M@7zLr zh~!a$>z{5GwJ#FvT(1~}%j5Z)3doG0TaQ%%?+BYiM6AJu_;RgA1D^$%2j8BCyfUWu z#j9EVy*cgT-`WM~4R>bgf$5C87N#G!v8XPD8B}+IB~kw?;2#7w;fO?|y13=YsMiSA z;*`f|wcaJsKt~Rq#WLih_iIG57JSaFPkW1m&5uW~t^eY0qX5Ap7RY`MveWn+<+HXd zr(zD{fBnGxLibtJoDVBP6#c!ot4(H{)SU17IqmW#spAE;*&g0>7JXnBqPt!`L%H%S zhWLmw`U!tiIzx!p#s!Cy3F(dSKv8OU>ewpojqozMsmzfEI|5_mx+DGx|2aCO_K=64 zNHz!0Mp!+?(0z1aj$8TC`?geq*^);W%xhLQf*s{>|Bor9ER+8$m>(8*HX@sxDKy3! z@wwVZi+bSSg#?*BRHP3e?l7E2ZDz<}Ny^^2pix#6NvNhF>qjTX*|ajjYdYwFTgkX~ z(@})HmLRs68CbkYNZX%=ZjAQdNZ>Vs3@Dml-Lz%N4+$3Gi7(uqFxBn~hnj^QckMsp-k32-<-e-e7-fRZrBv4z@w~WklRf5L zrj`aX^m(fP>%#94vY9} z8=#Y$%6pIfKq08-vb;o*Sz2a+ z%- zd)Ec5*xl#$=XGnA0}JWTI6H{ME7@U3!Ys-^1&LQ%5H1Z(1FFbNy;m{b>~QYv+x%9= zJ2Kb-UNK?(i#7ecB&A~ch2K!aIgD}DsNe1Ko$8~gJg+Ywc7@UWn9Bx5*Rh-`|Jpl; zx@(trOVH0v${OToy6tB_L@I6hF39@JX$KTTmiq!^&r#E6{fkm~Ok#3XPeNK5LL{e? zV#8cnhNz<56=45L=G)OY$*LmWp^rcshLNUFU#3+l7z@t0^~}i~Qgz7kH$#6{EhtpW zOPeV%m2Eg(*9gIq&{E!if94(C97$SYNr^z6$TtR|4wi99fno7Q3IxZ9c^SXB4MXE% z@oDnO9Kb~X4mOkq|fM@IK3~KUH%pR91g*B!|%zx+W14EnyF`;+Cvo0 zZ0wlE`-7+mK&`0DgPtBx!41#iYMInUw?)}@moehs6Q>;L9k0RZNjSaQ;vYaA0motj z{!LK7G;mxlAm&D{JATbkZaGq`#z|^mf;*g7?Ln!2rW!iMz~X%3SiNIUlk%Dr&kSr9 zw%Z&RsiFDmV-Kc@f|W%yli#+dYaG@|FN9WoZ_-DHD(6-VE>&~yrzlYMvX`oAZ8GO4 z7d+*T&y=QXgP2a)HBK3wi$W2di-bRf#AEagHH6d%G=%g*l(Gj!5xsMR7EYYY;h#G* z7TfYdIf#VHg+%a7GL5Yb_s$vcXw?f>)utI<=}-YU5bZm{S;HT)LzV#5@k2dc!WIFu z#kw+X*SwPgkoyW!=sN1fhr??ZWC9zJ`%7c|q9iRiDjrwkOZiG5A4zFnZN+%&`XNR=deNWZWipGKh?yhRN=$KYg3wDLAVQLJ>bF ztBoCy<=PhfVq;c%vuj@{>lXPD4}dO9wakJW)}t1g)h48mf<{zkJ#IF@*mBJlOpz2Q zmAqLgCxXf^#s_M&UruJdPhhG>>$I@=aXr;1hj(?zM>0bZmV(n-K7 z*=L_3V{vyJoPO8UB0DlLuZx<9H*rV;^&0 zQ)oYv^Q-d3KfT$LV4(u;rv&xggTlU5!0BUtijl_=gptSbqj#W;{)xit<#B+76GOda z!n#M~2;uaBWi&Ih9>0OCdk)w^Ksm>YD~V+tWa#($MiV%y3yq`X$=)sg+2Yq({FBW! zrbO<3BAwWhv|Oei^v8kAj#1mN+GC8H51NJpYitO>ZRopaB%6Y@t*7H82c)c-65zep zzHx8`(dprHYRho{D?Hm^AB5kTtF4*~46f@`xRjm&&nH6K-0~DJva~4q3QmA_bKOs~ zT}kSh4zmvAV^DiyrU-$$$tgq-K{Y@5iUBjIsI-V1*&|k(b~8$#91Q4w(B;fgf%Ik$ z2{>)7tcV-4l+}egYjHkHvwc~>YyB9!2cE|AbPH;69v5O!#Q{OA6Y8PQIswO^3{y#M z45C)o^^7Xa7q5dlzdC+k4DF2SG(ho;${p6JzOi2!bKPHqMlw@D%2l!3+kouQGiP`# zR6?;ENno6vayu(9yEa;A+!bYZY#v(4!1{Zf{mkC-6dt5p;$LVCRXp#$B(-u}C3q=O z8ofgq5ta%Gw^tBVyn<-`|5+-ONni*M(>2?F8?*{2TAs?%ZpzFkO1Waj?iL{7WASCz z35f^Cpc4#)&^wIX2nNRtsEz(t{GX>W`F>`?W3`GQ&pk-99e+13`AQc7!3&$N$%$Vl z0<_7=u3wyX(|bXbcGDA4jCQk27OTlgFCgjWXP%!H6{MblTacQZTm^8`sY{DIQPgk2 zo1C5niq(FDH90~4EN?7(1swin7x;M`{^+?JAV0r94)72XPPdRf7^*np11HuUI)4y{ z|F34JlB-ko@lsC@6j)4dB;$4o2}-O*-mLbL_mYVA5~XLSvuyaRFln+4>lN_=R)BNZ zb9xESzhZO~wz`DUCXgBw5A;YFs_RzGzoxD6*>|u9;rAwoDuER9SFa3eLR1FxS#xev z7;SKS5s7F+nA|s%f={>$WB`Y)@s7^lYCNB4C#3u`rxk98+BhMPOH>PnW8y}=M7lS| zNkTXic(Fzx6G$h!8Tt@#JR4rWD(@md$1vk?Dvc2`R?Y+I=#t`2$n#wm7jL!Jd^3eKs z_s2mh&^>OUI>S&+Vx+qbA%%mf!_#}Np>x70DYGa;tDY~e**Eu)A>e1%zSCz|WI7B7 zHg0w_!p)g-yC8qYBh|Nc2eL;$Y-B80Focq9hV=_&tta_azU{A4z0i1UnKq$3jbHQQ z&Tt@X5TYiF+=ZWZwH~*1gLbT0+Tk@b8FSKZEBxUy6-Q(1Zd~kd1p4ZOb{FIs49%pu zsDXW@g=#H7{!!;{b7l5C2ksHw)7C?JY#8k}s&u>xQyQ0oDIRcs{vE@swtMaJ)LJ~M zeWL|yIs^1I*lF}NQkdoo-CHMxa!EUwC;4q+*eR--BYjgR-Ci~&Q$<=YYXCPZEn@Jf;^+@<^)qBDW2Fic z!wmgloWWq`PiAin6aAsD+{%Ctnmm!!7+%oO6CUu2)tk^j<=Zge$RViOyKmCe>aDE< zR?aX5&B%<-7K6ymMU#6+eUjPd^8z7l6lXG=?pp5DO_>?LM+HcoyRMi1N6G@aInD@y zm-r@XTZ^3>>g*&!Ty0@&tRQFc5(c|egQ^Q#HfdF| zr4x{t!0|rNy@yx)kLO9=#G8#lcXP?o-=5TtjiGL>!fC{u47m#=<0;6lq=Ee>VJ2hp zs(Z&CUe69|MFD5yVZly1fb*0NF{SoHKGOLuil%q;Hm8oY^T;Kt#m5tz9Bb9q=O$GvVsg6_={k=w}&#`q9J2n4~SnUepJx zd2X_^Gi-4l5F`Lq8Hp)mRzusAm_;VMAyVt!j;Pfg1er=Hzt7!{%DRo)FmZIv#w_2r z;4{>@=Y&NT?I9SSCycV;n(u*trJyVKXPRjT?nmX@uQ-MOrj+`vT0w^DaOgd}gu%BTZr003-60@elC;zM z$HeQ$dh|B&2xoOb-^ZG}5~OabImUwfiCO;*CY`*_7di9Cg_fm&z+5jZO!j?Ib|$K2 zLeVnXkqM0_%Nr4kqR+$2lGe=~R;Y@jMc}Ei(q)z86`Wln>%s6)*Tf0OxT(qW|gPCA?zVGHpm;YLiAYNifsm}|A&=+OF0WIL? zFif9Z%=`lp-1@5;OsdoZngkY;H-hG-8P?wtI`qqSM7pAA<76DR=s0%nO8HB~|2fmR z5@y=fl{vS;@V=Bmh%4eg-fY_H|)OW>@}*(sR$peV{A-(_sGJB`^_{ZGyb(N_>ApJZkbYROaj zIBr5HRCq3{zZce@km!tOOu*Xco_sLBQCkHm8kZI8Wjj=^z@yA62`L-riVkg8<)k0N zXK5pfBndp=)_1o|-PMXJN^{NeLDIXu!B$#rW!J}%W-);=V`}0dSf5>yBYTwG+ zu5TA(C6R3%s2lkOT}VAp_x4RTKE%fG@zQ~1WWss)iE+&zCEW%(K%EJqK4Ju2Vh^;p zdS)0sQzG+g)#(!ka|uxuLNx{tR}1Pi!Q;qb?iH{1b*lwo6x}}#m$xI(ny|3zUqQ$y zdjA{2J3R4Es|b(q0ZPlYWR~SGiTUqnU)zsDq{uEPr9@$;eaL|w_OJi50n(_YeNowQ z-pR6uADC5$+*nIq&g6&kALP?v*scl>A>F#nFUZ6j& zsq_6tSCC5kMZ0S=lI?2lMrR@)H;7sZVCp-|%Ze^VpfF6nd(Js!vGn6y_{at?CjLph z@luu-q}q&$YPD&Rt!GO>F|0-7y2m8XdYcYulk2NVIOQYBiS{zzfxqUt*2$7F;0)i0~GCI`K|sCX>l_l2@}wxpgpZnese{1Y6tdkfwci&K0br@4Zhc$j zU7^V+cxz=q0H}iOA}LIJtUS5S?eOz%ybIc0XlWGaHe@hBmz&s5kc>k{=xU_lSLum; zPX=1SG(R3qP=k3oW5YJ>@Zj@`-2m>DvP{J}#pm`%OS5?YAH}%ZP<=l3tChH%Ct?bg zt8m!0RyM=b=f37${>fjRcENlO>NO?zjUDqno@EZFk=)=l^ zEeZGcZb8-6m=}C^$IW`cQ$X_i$rNaeS~@w#G^q^d+oKWseW828S`3X{IWo`K4>H4* zjX<2r-jb6nA>~=Gnj}(BTpm{!1E}Qp45@E=YJ8tKJ1QkV^*9#y`Fh-&;h!POM(5#r zKd-^y{u78a0q!%)Q?UkA{vc$boNBw9I@dWM1Rp`g|sbDvO$n zUXLP#Q;jEO>3I>eyR+@>Bi}$UU9Ve#CIW-I=KFl&Tn?ir9kSH)s*^9+Rk!Em<97eO zW_CG;?RpyO`|G3Tyyk~I>0pDePusj#w{PaugPBTxo&H;M>}8f4kDzD0_nluLTB@hn zAl}t{9r)GKSq2zgNHRQK!2YLA`hQKjisUV?$o4;9lE5)lGP>t((3z@8RohBsmq zwD|R|QQM@_*4kRh@rhJ&mAc2~oB(EMZc;;k3EXDK^xlqV-?G zersDX48pZs1D2lN_V4x)nA1fVhlzY^CH;)W*<|8Hm3mx^TrJw_LyW(8K=uiN0e5wN{m-`xHdh%2-Z`6jv$jO0Jv?3sm~+O7^wQjVdoyiguLHji#JH(7$Ljz z$&Fx9}rcx z0mWYI*kM~vc^F5};&zjKzxcr%DO+av+iXal!y?=5p%-<|w7&J5Y2QxDuReo`Zu~FD zf%?O75Xdd|3eEi3Eq*wTj8eZi1*}eSZ8Y`34E_&l#=YYh!b3Jb$lhotYH#T5X}-|P z2L1r8$lxaDu*uf=5WX}WpjD{cBlC$GW*w-NN{7ELnpk}ldE(+^C|}sVm_azg0-x6I zhE&VD{Pto||B)u%%$#Pt(WewwWredQNAIq|N^ zhgTkI8V%BAWx%E;cER?PAuFdDeeDGK3Gr@Sd~2(P>&i_Hqj=?cuIVVrYmyGBaI_-= zLZBcdEb;1VwBrHj|>eZ+cg&@`9n zi&}`Ye}cfc%4FXQi5~yKlCZ=I2<wFEb=0Y9x7wT<5*c|J(VxKdimi+V|Sm+UtJS zFXk~IkM#DhuTLR4!_lx-yPUnyQ6sgvrVR(Z-ywSNCY>k#9)BetPE7LcbbTxa8W(im zpxh9{(`}S5Ewi^|lK@k(A<{5fT=|D6j>EF0{9w(K2o)!mWK< z9mjFxNYY^?^}{bye@q55vP)Y=kgfBL^c?yjtfCfD&+$CriR7k5;I4J-YRUJa3!mob_Oh zQRq}0z7lGymtq`h&1Y7R4v4~6665-zw(y(YG*H`Kk~wRG!bp52hi0ht6UnDea4wcP z>;8H)iqk_(A~QIB+wadg;-J%x4CEPe0T8{xIBX*O^iZ-oRv1^j5vc}T%+A2kKsC{f z*Xf<(*MkSS?mfzc-;^k|*xC!fsn;y(e^uGbgYr;`SAM5kVXDOa6GO6L4bx{> zW#gMXk{_zug;}HNZz__`0?m2%bfcR5l63Houa;_7Gd0ar58MRYAh9HluvCeojEn#r zHh)mzz_(&|osUDL3y<)#PInrLk(P0v4Y!=q#MHrbZVMGS*@WhAE%&@wNgTvgT4j%W z=pfkmNVIkKv>LvjUw}!LQ=@Mrk0+cV>T^^t~JDVC)cN83l*NhWPqiKdrI~1PlGJKL@7Ppl)$1=h?z!KbxX~g5zTL6~v zh9Y}ChDJfymFP5gq7+MNa?AJ}Z)#^W_e%s-h&H?C2_9!FqOY3!kFD^8kt#ag<?D|A(`c8|wQ#gm$T0{`PGA_aS65m=zkg{!c=a_K4%>dPs|kG&rB#k7Rg zMQOVat{a6zoyfF2nwBJOC+{#;=plUa>H}k3B_crC!8&g`D8&NnN(R5!#%88I7pu4< z-lY|*W6q?HEnE?2fSP-g$q3`IypObna+B-z$Ya#FAEAu32MaaH0W!iVT3t+r<0Afx zB5YR_ly(X|iCGnldM!0g02Uw4BDx)QC2F}_v*u;G%3c1vvy=K+&%z(}Hf zq`fDh+5?l;3>GQ)rl|Mcl3apw-UG5cm?nLZqXBr4HAC;kXuPHWWcnQ#kTjd@J$;mK z(9?@)l1Whm&UUpt+c#(#I*N9j3>`Vq+>M>0_t`uN{i;7rMqQ& zXcQSz-HBJ{cN&nb{C`K`^vmt_-vmbyrXXEn|BNM%(Ti6Jd+8|Nfz$r&D2Of3#1Ysm zBgc^*;`JXJiL|Mjckf4xq&csz(P)qyJpO{^y^A1>Xjx?Ya=7MVU}p3)#oYGgHJW2o zO#8CcQoGgBV-{rwA_Mlm00_;g(xcl^{nY47LBakJ?{RnYtFqDZ6{0 z5an?y&;c$?0o@IwH`F68P4Clm{@rOw@s45|(^7gckTfV~{kiQcqEyg$Fn5F@ivB}- zantB+M_&5UtkAkv&=b>X-8W$aUB9w6`P}wiwld9~TM}*b%>+^9f~1fGGeY)37VzAy zGnkZqxn?zFF&GY%x=tL^qQOKVFO#;+|2~QA95Js%&NA?86+%BPz0~9SEbc+AZrAg8 zmJI>bUK--;AN*qPS$InV2%2#?9`vPK;7pM#uEoYwKG?x&}jJA{ztnAfo%xZTnf|y*q=^DcBM{>nfT@!{@ zQYe+s6GGPmfd6sU5k?E+6uU-A=;Fw+*=0K*vjhEG)yaInL+O3tu!p%24v)Kl$(<|+ zM^2Y^q9xkH7tTJWP-N4e5yGPs3E{Zgg#r?q;Ujsouum9TsuaZtAWK-c%5sP*V2x&p z^x$zDf7%6`LU)^4#MfvF&NlMu6(h8(lLtg#5?UU z!Gy~z6c&?VEuehA&Gm!QugXkSTNzPipOG0i(2K*gdP><=7LGfZY<2F3tCO?4Kd1C& z47yAFmBxf>hW&A#wdmu_0CJhU`va$P;%iol(YQ+EfxsNZeEXg>!WOD+1%{RtcLN0E zwVX-iwFsb~OiWWQLAhbpFOS^epsxT0Uw|U7bqPu~HvyDv?*9Sh?BJ1jH6?(;BwlVr044nblyt$$kGj^`1W-gxFG2aJYnoC4s{aEDp(n)hTK^ps zQ2ifJP#2(FwsQ%JY04!iC;}+i+!vsbJ+e5Fk z!k*T@U=4Lq6OeoBf$U^nS+8zbnZlG`T8-rEb*oSR$MfJubx>BuuLz9&C zspvGw`5w!hP%}?IcK2&Oyp!~kpdHHPJ5h|CM=0P)ST@MyMgagszs||tzUf05ScDYj zm11!Vbmcrdh-|%~+5Pq0l9tvEpmx(T90`EZ13}KU{+_-3f9gTUnkt(qAL7l&D@%nj7ezv{or(v$2WDu zMLcW8)~K)jtv`zrE>y3rucOs)?HN3LYQgL{neQymUAhC+*LOpq)aQ9{Z=%dhg;K%? zPu0+Zau8nfjM`-Izkq7`Ikkj9V%-)*UKNiS|#TRB7@ap5#mU zER)!_$?xu7KhCf^eXJ{NJ!SUOJf2pRbX8ps_D4E6u#Ik%pZYsCZvIO;>{rpAD|ZGo zujc))bnwMjb=wnvb9JC+TvmKIn#TOqRXqeweVc+^fv9Gq^f=SaL{R%(orX=kOZ-YG z)H%_qc@3sLE>aHYiR8ntrkV{-(hdFTAFNlMwn#45bcTA7MY(qF{)#JysFP{$nASK zwYbTMU-P_Yd*#8h>|L^Df1hSwlBkWScQ{xKzm#5v=D?D(tS}oXXul zDNKVgpEKYZ&t}AgIDYra(V`VP(2)n9KdJxVwadj%0F^TPlUW*BlPCz41;eK|%vy98 z+QC4CyM*tFko$VuAl-Zr-!Cjzk0sehFsLE-q8jE$4Dx&h=7MN5zos^VkgU> zgYw2%o`G&&_hEJ7sh@IXC%?KsaabhpQ!+sIXYt8*3dc`a7x{ljEq5<_^oj+Xh-S2p z!T$E%P^9ew-BMEjHcGl~Hxh1q2Hikj);O9=(DJtFrVLU7O|)-xq>!v6#ypfQo<_9hlGO9QfpLJ=3Anc=?A)eKs+ccXeSz53t?sgDW$ny`w>yGJ?R{rqFVK589fiwqKpw_6M<=kH%kQ}C|wqpRZLciZ;4^bHJiBc$|) z;oJtR**})N){B5<@e~8iiPPwpAE|eKhCj?Ol9@tqiyQ=0&YcL?i0;vPfceykUX$EJ zG4yyA<9_gn1iclAr0l~)x{jX@G9Eo}$n=7}tSjN+Zxl>Puz#BZ@r1U)%G910Dz#3| z@4ck#R=GBfv^?(DA4nH3Sc!x_^RjJWO@F`qCRF-`*B~>wWT7vU2JC9cyrk=bvg3jl zH0Z;LCroWc;zlut3xzM~tZ%OaYxqid&pnl!KYIFuKd;Rvr542F5G!er2qkhc1 zS(3poHnkP&9ROf`$=$cNmrzpj(WyZm3qV(@q6ibrdk*CS1FOWd@7HFv>FbMZg-{aF z^~F^`uE2P5Z`JL(*T$H?eVJL9lc5gN^WRP2OY)})S=A@a+X`7dG8JBEW-G+*nDv~) z*@vx52?d?Wt#@dy_s@wksOISVl?boUwUkq_JHUMdwO=RczIqzt@xB%?TuLwbM_{;sG8}`X0PIu zH64d=(wO$ny`&fi$#Cxn+OAR6+_>|Oqif;;AJe{vu!tWJ z8q);EMvZjANU)Dwkt40i#2%Xkjb<}NWEih(bQ3SQ_r)BwYe}DQ}+G%5>kX&Rq^}Lh& zS%#3wy#l+8c43H9;LljwTqb`X_MZkC8^W2zxasbSFS8tMoSkd^&mJ%BuL={l?bfFp z9Q}M6QpbkVIM`?niorh?Q|!qBa$@9eU1v9n3!caIi*FcC=r^zt64QE(p50gV^Fb_K zPr!ZF^?>GcNTZG7v4%db6ORh^rhOpe3+Ub7mFwzgN$x|g>6Z@AIO=D7N6s=eeyb)R hGIYKE`gynlBq1R|g`WH-CB(7*mhvF#B%+`o`accD$=Uz_ literal 0 HcmV?d00001 diff --git a/assets/fleet/fleet-100.0.0+up0.3.6.tgz b/assets/fleet/fleet-100.0.0+up0.3.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9bb16443a1b7697cfdaa6401a2469a4fcbfea66e GIT binary patch literal 3127 zcmV-749N2ziwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH;Ba@)Ak`OT-;Po8hmrV&NSww!X(OkF2;%`}&I>|ENLPA3DA zD-tmXumC7W=To1(1Aw9^O0pE$k$V^I58DKG7YhQr*j=nSWQe+RmJ+G`G0E7YuK+<1 z1pT8U`#T7N=I?H|fAXk%)a~|qM?vqn|0wA8dMCX{5PS_`nouZBKuDD*?i} z&_q+gRpCnFg`#0sTRD&KOgp^dtPPM zM|=Cf3!oWEFl<gNLrck3<&skB$zF?Y^|+KVG~Eq19S14Q7Bm5;4YLHEb%> z+36RH_j(8nhZ-=;^%$rIs(>g}WEg`^scLe1|K`%5D4KALVK4>)*T@)LadFMz?9`u4 z=j?Pkn^TC3Qhuc+cAfcGgvUOFA6tL60Ajcvv| zwOhh2Y8)FsqI4TU)2u#zj5!lygSRlO5AV%pwwpp(rh=ov92Sg?p_-r@`zcWUSQ#H_ zNR#Q#HPbPJ+OAk!bEPGcta9QkSIRA8l?v^bR>~>?fWk;EobE+N(Rt|*T~IJ2AJ2am3v_3v3nDjS zsK$UxFzOuEL`JO;X1vzmP9_!C%J(+(Wg|e#dc^bcRhYi*tceEDGE2A$-So|4J8ygy zzU!T*a4vf*gykfzd!D2UX;zI>A=Kz*FXkEtsSsBe7$IG@KNkDzipxBn#1Ri`=xURFC{ zlT$$D7=<=`o&~r7_L8W~$CMkM9l=var?&Fr>)h3mne3mhI<6r(q@h%x+Y;4KLbdq$ZOE zf&Tjb{rSi9i+BI{sVR{$-kZ^1-i5*2cN?eXs|A zqg#^%CX>h2h%5H!oIv#)b8CU)5>KEaw>dx_*LRT}YRO3Da&w`fX3}f7c=NBm-Hxd; z?QMs(`mHLIBO2jp6p4cCx3|sL&|XuWRua_GOEZRzoYRa{i=Rlwz=vOeQywGN@N7o5 zAlSla^{m$nt(gnkV!Vg8oWBidp8s+{qWiuFTzCI>*gbCMf4YbJ{LfCHe*W9FCxuRh zq(56*;9oscuFhc^8J2;9V7Q4_APeTo7)VaPm!inagtjY3nAJ+y6uc6JjIhLb{KS~^ z5z0ZWVS!Jh9%EZJHrL;vtj=y_A4`KvoWWIFGIarq<5*={Het4MX%@#Q?>VGkrRcSW z0p&5}iEE!>G`bqXco4HfTDd#!+zn>ju95^Rm&uu+ zjqK8n^sFxQ*VDM#C|j>!jmIWh_|S*xuMnF4-~2guKc3*a`@h~{)Bo%D4)^*0oxsxk ze?vPrF#HR)YkOWboqy<;^9_L0|G6sRd;f2Mb^6~uIc(;CgTr92|GR)&3erb`-}QUl z`J(Z&N>5!umn=AZ5(5PTqA&)*O>74^LK7s-6{wGzd>?x1dsw0W_gxLX?*2dME!_Y2 z`uqEzoq${NRh8P+|CUUPw5{TL8n3kAtB720yU>)WdD1P4CcmNT-T$Tf(1+fZd)N^y zv;X&94Z6<%Tde;)IqL51|4v|E|M_jh?fPH4I=F*7xX%CU1`Yl11&7^z{%0p}ui5d^ zT`V)<#xt4Ag}Wk$)_~|Jb)LsuR@`+zHqoRj<*3r*Wsl97FXy?MT`uAk?2PyKc=niJ z{ps2Wxy^Xx72iG1V0NeT#Y~&`tSbj8F;#1!rK2>_McL69y7i>>(EE1}cY}@Xe|bN= z%`vdf|2t~>f4y%1xWBjmyMV88-{`hcyWBDNdB<2DFthta8~rZ7QC#>wM&kw%7OxQD z+w&i9*Z=#e24AE9z25P0)Bo!p@ALmVfi3I5r;7MRRo|sc(b}%syGA`<<-M#Hwx;yU z%D|1;D9e(+=wFiRRlLTrT3MG|_PfI5R;`G7!6r>bY}6Fbs^sRH+U+vCYNem++HN9_ z-Rg;y{fiTstD}cCwe+yMo*r(gsfUg0>epA+!@BBv*sMUl$!D?3ehWrRs_mC^SyFMo zNfGwGtG_7~M3S8&^_xg+Z-`@WFe>;KOYIfG2`?-+1G#*n^mTH~1p9Q7z z8iWvLk5Xt62^PZpv-7DLA~HdJULso5d3R#&^nd90^;?6D^#6|4fa~->IBEL--5}Wi z|Hn>XyPCby3_P^(d$=^g*>Wcm}8yngvgc_yU$gpu}q8YAgAbSXZ0{zye4#?C{p?H=~9hdtZ| R{|x{D|Nr*XZMy(q007yvVzmGO literal 0 HcmV?d00001 diff --git a/assets/logos/alerting-drivers.svg b/assets/logos/alerting-drivers.svg new file mode 100644 index 000000000..17ae1a692 --- /dev/null +++ b/assets/logos/alerting-drivers.svg @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/assets/longhorn/longhorn-100.0.0+up1.1.2.tgz b/assets/longhorn/longhorn-100.0.0+up1.1.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..1b33876bf42a82ad9b2f226c30dc2610a7c6dbba GIT binary patch literal 15685 zcmV-LJ-WgliwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%b{jXcFgkw^pQ1KBS++H5ij-t~HuuW6jv^@u_t-L*DBEjx zCZ7#|3}t`ofDOTF&gPo>?)~jZ0ObP^c;t3Mr%08RK;C zc!s#_EYLjt)3%>(x7&Src&PvFcDvPo_YYt0|EYJ_>-M^byYbhi#k z!;=e%_@BD>?yHL2zsQ3qWfDoksOYx}{Iqt)2+je77RYYVc#sLgsAtatR7H6Ul zDWUmIYOHxgd=8;i}g{Sr+`+>2>y72^KLYnbhwb-GB%{kPsm`8RrrwFiu%~ z2|_ZCrWg#lV8S^3Egxe}vBaX&nlXjWOv+63_x7el&hl|5X7fES8a!YmR{go699?%z z@mydYGb%Bax@Jt{$sXeJn(@oMIZ{MWH2($1QWVXq*7jnSGVb3+>RqJYbuv0_UE;+x zAR7*tQ~ruX>BGNUS~+5ew3afKEi~G9P14$EW}6TSdy3oo>XtPg`?D zs6>QfuDil>MAAM4Z~xzbNm>A9h7Ak0D%>Gh&SR`w-H61S6^k&P5{fr1t*0-IaWqF1 zO)=lJo|qxNX{9lWFA1GSWR9k{?&y}qbFyhkiG>t*g8a&{O0V1PbUWR@L6ycWyW*OWJf|{>?ohuPqm)?mq5!_j}!!`#m#e zYKgdShvjvqp|``{Oa0o4>Ve{hJ9gSE?VI}CS5%FK9VjFvQjOlWzgUpS)h%_i-`Vf< zqI71)POGG9!MR%xLG=oAC>6(bLRo@OIJv^y&MtJP&Qvo|qT7kMYpBxgzV6oW2*-l_ z^KN+As-?!eofiS&1Vx#cF)8oXK~TLiIz8V>mZ#~Er6gYTVK6yka>%j3RJK|IbERpj zj@^Vds{gT3{Rcx&_aWo54>V7eDNvFvt7|CfmnmIDNK8#viII@UDH5U&lIOVc@*HO= ziP163m0fYrQY48}MCJ~Q6P#j+&HJ2lLZ|=9#=^-|CB^$NL8&mZ@fS9JO@!>jPd~R> zc0wp^I>qvwF?m9GAO26Pm?Guw)t7)h>mThH*FOYfQ~lVo=#H?IgibZ+YG&uz1>#d| z8wlSVbDUr*2}(ye=B@-vQ+9nG5aGj&r1(8c^Ep1j8lA+Hj5$UU+r{aGh|AYVQ6M>E z2^OY^h3N!IG(>V%d-=VeCTLL=yZsAjHy&> zVOZ=9p=6HIqbo#GHF(uxc{b%J!N)TkUt(T@t4?+M!5KFri6n_frX$O81#J}oc*xRp zKqcl^C^a9IF(fZoia9biss>gs??!AV$Ik8*ihv`W;#e~7xP>rIka2Q_B=-8IrnLF}j;D_F_JweybZ>@8 zi0h>Mt`IOSx7q~CN&|OGKU0JjvH(w>z+j@(X1GRFDverT8J5#}x_3a>=HUe4Iin*i zcOlV}1LO?Dr=NcQ1cd6}DWMq9m|bDh3!(|+G-h+fO(2!Bk8jXCOR@E)06c*RF0oR? zFY%(SUjVR7L84}C`}EfwrS849BKpwQ|GJlWGQqK0%g&gcfBF+G&HUd!FU4CG1Yt|w z3iIDS-w$(0m6VSz@uJsO2HFufw2QAG;@*F?@BB~qrERs|@#Ao6&ox>pLPvH&`6tP)lXm&GKg77|(ksT2%C zr@D1DFk%-_@=GrC_qpnT;us5o_+nS%&+(jHnL&+no-Sa_k*3W=Vh&FWQa|n3M(0Fo zqu>cZoaNe!J2!vM@myPmz5TzwAr`@3b1XJ4-)a#$T%gx;=&Tz`QpFj}g_nAc_q|E{n|^!uD(vomjO2 z#rB>W=Br+(_t(F)pw^GpRRCs8S$Q`k>k!rokW+l*FeDThPcRQqy?8xRtt(i{SX;zE zkOW&10BmB~yC!K0V}$`SY@u{LH6g4`?F+<=Qmx4Yl8`Yj;qXwIv@#WC0uCk`5+baW z)bQ?V_M9u;O01*uTJ7)djqE?$pJZ%(cA-qBRqbCFDi1Hd95 z?5Tn>Fcd>8@u@`vWQcGP3c9CUO;|#wdL*M1Pnm&Q1Lvj{N)pR&`>ZLXYAk=W>QQCwrX)6P865Y3g)Ak=J#7`d+Wr1Ji6AR~+-q~w788GzAmwVuE+qZ2aCIR*q7Q-Uzg zm5Kj6(&+5fY1(_*2*gJ8=qRf*jo#d@p?Xiqd<_l zIl{_BsM&uoWQpj&TOAyM(oQR!|4I}4+BK;dnHF#9L}&7mT|Ow0BP!MSozo9^Jflo5_R{Nl;4uiIYyN^_~bKL9ML`i*wbQ zQ5ul+`brqorFD_VdEfXn%>R!woMxDdj?A_b3bJPYAH3?ltjzxxhmZ6BVV>W9+uMOF zGVdE5j-*&FGW@MFm{2^!ec0Li{JEt{wN7s`?TeV1h23aO*yu`~mMs@Sf+uQLxBU!M zh1(DnpS6RdV*-w~mD_o5f{#>5rvt$6N@bxjygbl9$$XSgCgcX%QPG&P7u9bA;IY;A zd>_jAS-`J3N_8+Qpe)m%cUm8?Xst<*RfH97dQp*LK;~+}XAUq*BO#~<#Qac#1 zRY!<`XXAw?#>v@8l~r1j(xslSqKksAOq)OJZu;MDP9#?|z#SsrFn z#t;}~S;Yo72F`E4`FO6{RPQL@lpWO(vpp>ybor2(KYxyjH#RC4e)n#z_Fvl2{-_79 z4uIjpBpNSFvyRtC)^XHW$;C94t5{eX%KPxo0?Z>HhYhPaPn$I#?HvB-MzvsAGVv^6 z0^wXpcw+!u!yMmh->Ctdib7(v>l3IVQ45S53LkTxHlnd=imU{GlZpY@;04T5B6q5T zQ^RU+r{yryI|EK-ty!&2lf)MK=nFN{qh`_iLhDPEMybT9#*|()YPVni8}vV`@pG2q z?Suob)BlvRSJwYt?!S7B|9y}rJZr+oDDJ3*ka6-)ZBcbD|7xURuXRai;-l2gS&Cb8 zEK!0a>iYu`-m{~4r)9Utgp#2V)Kvqw%yi&)poAuvN;p)rm*=TDF@ZAj17~@rU99>~ zd?PUx+M#SfGx1~YkcBE0=R&f%d#UFw(cYgHz!m0WTdcj)F7*IEwc9_JT7#e38B0Wa z7uxtrS*+@p55<#LIzp!LrH-`|?cF6G_Jl+-*EK0iY!jT_EcS{&St9mQHdVi^3)uYB zOPqm;CK)3ZtXTUF=O_~z34}CsZkVt&v(vQyb2=v~By{HN6XM!&WBna_)FE7Q{1BEQpEJ-2gcotkqcuhUI)) zyatW?(D2G05?k@b&5d=y2L7F;00zATQ_ckahd+alHpZ^>JNPVYxM_RW1`E5#Hl>5g zgQm^jP4iv<2tGLd)S6h0?|kuU=Q@5qtXX;y^kU=b3NTAAmJ|#dZhF7zkj0GggwSwd zsSlmjcGkBw$C8s+ET4r|a2tBBkZNCh{r%d{YW;6aXrhGO{nWs9{{I(;uPXZAtCt6_ z9`(P6c!Zj@#WZ!S>)V8MPG{f&Wm-Pv{EDNSoaq_M**UBGmF~>xPqy_7^jS9uMN~z zZ(0V3n*z3CfVFyVkNIC6=BqkYk7`oK)Hv@@7(wRSs01<)%cYPpaA9|ZrS}?b`Pqt`0Y23imuS9ZXtAvGkWm(bANq#iKZbnN%i1L z>0F*GyuSviQjF|^fsO<u3zS^tR$vBHwRZ`#U zwSt^RO*O9&-%H83$edCu$61D^_Q>aVBq1EfCJb+BSCQSpiL7g7!>(QN0t8I2>ZBXK zJ^6Tc^yYLlJUTuNn%0rn-*YxE4~^d7w7)3!2ON9zoKe52bRu&74?@*hmBd>IPKq{tY4EdYwB*e{c5AL zz24-trcn{O9zq;Q;7yyXXqPq6DhFUYrE_mZtYY@KPp z0T$sAJl{=tey^q0Myr-@(8ljz_4b!{r)+qZuBcQxVYdNPrB*yx%gl*9OOV7P$&tj< zg<&Vo(v;BYJN?OV*c{!wqsZka=tH~L?S9j4MNw4Ec2{!9Jh16$qmb@ydYV)o0q0uo zDm0iyh7C{x3x#u$Uf?(-m`W|@%NFc1;Jx}1HK-;PEko)Y7)GrLi&c243a(2-;^yiX)>AM~P29w4$d?vKP4?%~3c%Y6%gSQEE~c>4aWlWlt-!AGt1k z+eo6wD9J0DtYk}ajo4lHNU({F5S1iCeu-Ss+LCNa-s@>X8X|Uud66tlQ9cWDC9PVP?#$0iHZ`auh`Mm3Ip>Qh~9 z#sMxhR<*H0P1k9tB1c_&Sa*Hn%hOnur@B4^9%U>|BjU3Qt)1kx^jEG?od7G6K?bZ9 zZB?>mc}~(Hu8|9OE>2XL1bm{%o3VnK*5}-E-8rLb1KKtkaXL}Ba5=hGNv$H6SE;Va z+!19giLPguRwZGSmvVZo>0ra$V4mMh)~u)q@QQRIYLg&L6MQwdtk4z6yH(8 zHRUD?)$=G}*HjZRu?fne%p9h`!|UkJU0${ILt4(nRvkzlCS!}P5s{mTk9E1+>VTUi z$B5`P!oE2L+!C>pu|(MIi7ZdkO_*g}8o4sh*l8TwRC0!K5}QoUEstdFVsVSCbS0@0 zo3wHEuzBRp#w0%T=UP#+I<=kGuY7X5$S0z3+kbAQ&M-GqC^aeWRw-P!$dwnaWW{Ea zLws|lT$63jbyMWibNIO(BAq#BMF-0>^)@-}PHgJE2lN6spQ{Vg?nCeP!9R8IA20~0 z-g!AZN9lIQwGf@c->W72(%_UoOsq~3Qv*Le6|<+i@HC3mf3?E{eu6(gi*uerG>0BU z0wQL%^=O`^5M4w2o8M+qW*=jg;LmNahlZ<8dwq0x@2dA4{_R_6?{~Xx`1wB|VSwWq z)1)GF`X3-tj5FB(51p9n>CY_(;BqRj9IihYp*IVQY6x;#8Rk?8bkdVXdHSDcWFtyus3q`Q=;ln?@b1jt97J$IVdzMW3V7^Y??}(~n2T z$8X=AU2MDO`p#`orLuPw3(_fPr7zD72lC(EeRul$^y1_B+qV}VPX_08m`iHrx@K$J zv;k;{CKU!%t+_P$Av3QiRh#4vk>kr<$gr9cTub+q${+Nc;~01!GCR?=NjN!Mxrv5_ajSi z6US=OgaucUXLNQn9R2wA;$rJ0S_11bGSwm8lvLpg(RB6622%U{bohF3eDrb2;#pgW z8oROaPn$1GVT(&{X4y=h-WL32o!twAhU;V2&&u0E-qgvxpk8vf&1Mtkw$Lx@Y#j#8 zfoJ~$(S~MexL>egV;gH@4OatnpSZz>Chik9Xq&rV)L>I1Yl8;iZXuaV5A*Px9tm?Z zOZU;ud&_6F|2HSwH~_jP{_C)Na9BP6`C|Vu{_8=WTl;^v7KN*?v8=e*{JT5E-rma( ztUG={*RQ?9^OlD({mq~EcRA){V_#ZMwto7uB(mMhb;q&(+HE+FHIp*)FPC`bUcWv2 z;m5b&SNx` zFXP>CG411NjsIa!gZ}R>#Mw&j&p)l#|9h`$`9EJAb|3S9KFCv%HE!(f4P~HnBNq!) zk$!XUsyD_GIb*?HP_`mcg!ntm9x6hlE}9D%YROcV5JIM2Q@PcZRQ1)+{K*lWV)*kV zUhKl3&4pn7Z)?3aiV~-Tk+rp9ah%NY7e!W=5!17d*MQ}U}e=3t~P_K z-c#3i$~82jJ~+6w=IyjnBxfZvz@H>>S@GNLT4Pyog2X&dc`s@Dc4<6Ys+iP@I@6E@Jf;HvZ!0{|8P`c}syM+VjKiRk>&ub#H?Q;Cj7`truK{1Ytb*>jE&Ufg9ynWCwMIOiI4!AL% zFpeYr)&+~#SCL8|4;^fXVo9#>2}VguC?4UMX_^1;+B2a<4x3Eu{pG#29;MZ&!To$r zw{$HvbpD5lYx|=l`)Z`o*Ume`vA+7zk>)M^9+5QX_+Qpv^_VH-zh9=1uf57WKFgja z{ZC}uv;F_HUjN&F@v5r-9lkhx-2Z!!ry?r+g|Su3-)L^nY|+Y49jcAFWv3q=H*~`Tz)YeoD?AV{VpvVm3iEUbM^9wF0?!OHKF;Wn`c>y^(B~Taa&45!64CEROBAhe;FSMx3&+Lr0dg5L|qo$(oTFRcaGWdEj#iP7GGj+*2P~0 zqdv`4r~0Mh5pg$-Rwnn?9@)*FhWT#=r8T(;f&|NTAXimF0{dXjuV2U zX+22L<%pNh$C$sJocpNkWnG4dSB^rtpj#o4PsDXW=9uNO5A6dVlsn;U{+&+9*N3)y zIYt5x%m!9_S@dohbDu`j`N0ZbcIj&$o-QX}(8w=r{F>;^{-=Lfmw1Exm#MI(-z{8xGcJ2Fg_UHAbeQ z6T9fz7;{M`Bvv-x?=XIOh-vIYe>#`grmwrii_+&PioQ_j&Q_j=`JYpL4^x_MC;DfD z_@BD}=SA-^{_{bet;YXwY=eAm9sSdA6wGnqf3ql`5HEPp5T9z#kMTW~_?|j}B8Z|1 zcktO>HzV4+m8Bb8V|pbG8aICjP3Q|({Ey&+ zy8+iKCynoX@p||AKH9Ku=|#|wP4!&>T6(dhVAycedsod2h6#jGBekQ(=MG^mn=%_t zh`b}Osj82x_Q-0Rvf35F*LP$!RrQh8{`;`n6iZblB|`sujbuDiL-w^-^xHiR`rj2w zNurq6xdCII+)EW)qyO#qy4CzouU;KI`u`r}d1CFxsf1@KrtmCf>@v@wy-H}dp&ba! zHni3MpFf8#M4vymo@guZ&l8r@1p41XLSh+w5Lmj8p|o?M<$LC8khY1XzC}H|KY06! z_6CvLS2Vk=x36a~)O(Y+uYAUmJJcFjX=@GnI}k~U+&kC)F1T6dezli^V7I8k=>5*o zaA1`H5tJkom?7~uyl|a9lWZh8p;PEQx8?qy3S6ZkY6%b8!!%j?mp$(PaTorKZ-|gW zO$gg&38H8CS6@Vp=b0P$x(+&)^Hyo_g206nJGtRNdnBKTo zRUn=rF2S6&bw$-TIU~Y+?CANt7QNt)uPwtKpSwSP{qM|hIww=gINo+2YxnCc_k6Sz=fLgblFZv|q8(-fvD z8=DM^gid#X;}l79g>~MJ;60*A>j_Y04-rP;S;p~%+~5SRiJZZ|J@3F`%qGLBnM;F!(ljKcfl5hR3*R%c4&p8l@^zttK4lke&Ox)-zQp8Ajb zQ(V!#q9JpYCrn6+MQf)cuCvxoXN)deI~_UCT08%z^#tA{PFOBraB?bI9eWI_)gcK+ zd!`&`zx<1-{`&Fr|NQjm>L{=vciTHU;7XxW(h5P!u8UWlR_nW+l*m~=?!;{FGmaLiM~#Q2wI8(aRCur|u<5DR ziSw&KN+vj7#3=^j$(Um*H|yLr;kU>S0x+~85W;Zw{U{7j1vx_!@J+@97DYAdtO6w9 z9HZm|CsOJ13-_V38ED$`^yuF) z9?!6lX8U&6MRf=`9t~{tE=(AQzxlYc&2V?!zYMy6H&8vFATb*=#FNb$%88ySLyomw zA&A66^YT#|;I797e2)~Pu0H@LX$a_>gSZ>O#O?lFF)xENa z3@b{NgjyKM_s)f{nAAzF3kDg-S8CcPNVg{060mmR8W#Y8xjC9nHAX?{YsN2Ah7tj} zGCAwB``OS1Lrdcv*@fzx;}ntkZYe&0H^?=vz95Mwc{;*!7fv*t^-nD0=bcvTd$k(a zEU(UO52rU-$~flmZmA_qk(5C z-HJrxPOGIi7wn2CFovH}LN9-Qw#mGEu4nz+7~T`c=f`p9<-e}@Z=m#lQI-EEZMMJ(i*ua=Mak67 z+>>1p)V!>D}^tqRL+(u9t#-1lk@Ga3R2 zy(y(%SZb}Ut_v@r2#j15$Y!LFXj-O$GVMD1x5w@RP49%(g$3ZA_!xJ~{YKWhY&JmM zdW!Biu1jifkqq}3)e>-<4{EjAHjpXZa8$-;vjMfYrmVsE-QcbR*-&#!c;90HJy4qu zURY%t2#|8D!u@7t&6l|W4Qig&I}Y&LcD@9)8pi(Pes{mueYxMe2lAVk@8w-_-kcSd)ZPY`<9bZco!Ft-!@mJ#nl~Qq z$Q7G4_NC~yoJsaKS~FHbzd5t4Y2_Zshc{>6iAiEXBGtxS;`giKbr$ z>!s{)3v`1m%RBQ#(8e0dgd3z^h%<&k7h7kJkXlXJ<;zZY1OBK}VS6l6M}He!LRo@M zQG3=I-JM%hTanrSjks%V4aLq_f*q_Lf-l8E&7EzXmzrqW#8dm4r&cMg>nOB6?pj5f zZSWb#g8cIylE~IyLo1JfF8rm~sM5>U`Nz?!&NJQ4i;dQ)MmlVdSsDqj4K8teHu4^v z611@yl}1H{FU&DvPh01jkakTPPVY9HQ>V$+xu;Hy+i*}wgJsD&-tn|>vJXuma3A5_ z`RlsB{`@ttiEGf8ts|ag>B4OQI|sin-3~nRu3HCONt3UTtJqE05I><=d>Mkd`CQwP z;Oa|a$8UzIG%3F%tKt1nhzyYs*U1W0GF5=_q=wGWe)v)-l{&s1QX_Y(#4@Bzb~(M9 zT*J$={xwNcJf~9og=f<_)nr~%gRA!P z)Dm!+k8z6SIb+h?ZBh_;h1j>XfHNkegz&qI`M=qg6aa8SxK5+9eq~$c+z5^KFmY-C z1F?U3K045U>iilu=`FhHL$A96e-~J+6Cf$^9~$Hx_-^6Z?!e-|(tjLp9 zmLV7>F){=n%BWtaug*^K%z@r1TOAb0_yXIM5@+Rd429cGDuiMyrQksX`L~p!p@Kk`%sD?5 z7Fxw|A?uLj+?;dP0j7i{rq`hEH4@EOBpvwRn$ft<)cP+OTq7bOr;?acQ3bHSurW*s zC1Qp}=jrYFqELz&b-+~&VnShU<0nL1zE+HYlQWiJ5pu?{F6hBfMS)SU#i1x)<_KFY z39FT<#>_EJ(?T&>bhjoqOqjfW&j9SRFAm4$(MEz~q zFjRb1DKkW4Y=eRme=-AK+tV3(;B_1@wI{ud5{!}rCl5Sa_U{uUk-kbV7$83~NFwkb z%cJ4S=(DyqBwMk)64#0m6IE9cKws8ZTCLi9SBUSWWLyNqw(o#@g9vMEdUHCwW-&^M zTr8zUsX& zNIX+bn1Jn~R;P6l3QnOF3SuRq=hqTMnlDix${Yu4W3+Vc^4-9kBnpr6=u10tcj_$9 z5^dwpFnme^s(x~(HA^>SsPzwBA(HAK|GAzfh~s`Mf}I^V*LHTSiAc&=7>iNIymJh5 zv;fBSKS~sjl_Bowx`dKW&^p|oIkEj*12D!yMtCw|TzVL+nW`*Mp2spcYA6{fOI$Lz z#5lWG@14pbrw|g7Wx+V_ns|FM(WkU@j_hi`hPUkDtL2?RlIv9k(<{Om)#o)+GAGiG zDDF%<8UjpNKAjn1r=xWB8N=e7p8g=wRG8y;cbL?e=5zh0p|VYM7D3ywLfgFvhNfK+ z0%6%zQ{R$l#3u5HN^&$&D`$E7TMgfA!@R~p)3xJ_G3>!*i(A6SeEp1 zqF&E1O66=(9L=x-K(mUS&!OzpqWyta3LBgK_6l=vN)kF9Vjg2EO~AD$n4R39N<&y2 zD&^~HFuTIM*xA+zAbb@C6rotaj9tS#k7vah7ew_`PZhH(ndQ?!SiYYjo|x0GPX)v% zLotzy5>fZN-Mi?}&dk$xUAIixeVws=1FF6ul+00j?nhLmTMWfiRoq+X42%;s1?PA$*t(ndqo2M^7;9HsGaj1$PS z@(8@x(g0Y)x;h#!)(l3TO*u;N@eIe8c6-WF{?y#Z^Uf52uta&rS4tSM9jiaIUZj-3 zLN&1Gii|yAwAT)Nux5eN3{(|Y(vQHd`oQdcAl_YyvJ4~c7Fe}L2gFr6?e;{5J5aHK zPE~V{RCFpQT#EvAq2Q1xr9d#E@{4IL)hnbLHJ3&Q%-z{H@C)sC>)xXcsO|b3sbxE^ zT|-u(eGw|DizTx|0VQgf?3xh~a1VoF~ zuc9lP!;2+Iv};6(c$5mJOS3)izdhiYZ~6nHK$!@LzbokDlxx8 zY29U|i-0Nvr9zeUgn}@4l9-_inuko)CAKakSYkf+D>j=*Ov5vrIKHeo`MjL8?>dSs zYHYgNCu5X4YyapyrScTq{vv*`b`eLpWFwSbRhH``=av8we5|d_-l64A8#@O=*{xyQ zuzn+#3CD{;v-E-nY+-bDtIty`^%hz}M9e6~v9^}}|NpOST3C}s3quTw>5XY=J9s9Z z>p7eYv;6411!{iDnLT73n4Yy|=ME!s_hm*eQmuyDp*DYR!+ik>AoLiBPokVo90#T80u~6UXRt=qNnb{mcw_kj6sT zG!_EOU7IdM*fbWMPUpEnrs}02LQPqNQ66CA+BZJTKm=NiX%}oN7LLb^$z9M>xXO0V zEo0c^9@d4i3q*<#7kj%*;p0#%Ntmn#(Imyf!K_5H0$JOu=6w5HUmV>kx#{YL^c`v4 zfxol7?1!Brn(N`SpnJ$A^WcS`mE1HtJ7-Md{>~1R95xBV#+Ph@S*#Tk0%}**gy~`$ zmNJ|kWr~#9em|6(9yx{nhsf_*8sw(x#ubz0ks;q zuV62$)ppyNb?B=Wn)uYZFG^Mkij4(l?3njn5(}Bfm&Q?q!mLDlMYbXhh<2}Qf1;CI z3A?5p<2q##Wpbu-UsTt8M-1&8&*bG=v&7MS-qrtqum+RSV^P~jC8^%C;zO+ zvj!Xx9loQ);Z;dE`!sDFTl~Gp%$pGbcIHmMV5y5Tmh9|QgnfVu4l${LzoauG#!VuU z8l-}m!l6h(6huZSn3h>@^bdM}3kBh)=q>#3mxp5_cmH>({HJ?4XExA& z?UXpjI1=0=C&sGb*g9VdWxR;B zm>`nkq@X_1AuMu+C?q=UH(i7-O=SkSvf4Kb3D#zP;w7g|pw=&kXfu8(Y>akg)1m?a zp(Xdwkxpk?G&DyGD`|~O%cp)f&|K?yG22Fr#GP1Vm51-;S`VL}!)8}fZ&j3ch>A&U zia=Oq#VjV4f(liq#5hO!cv0EJ*)?P%_KpsiV??bhg%`$^ns3BH5gRB>0%9GRfZ|KF zUhxH7b0WR9=f>v5_;{?h(M?WLW6g~C;mXtyYds)Ee2Rr^=pSi4EFpj={RRevHzxH293Yqvw(-h_B+#gcFfk`h7A{}xItOL9}cwAi{-hgyQ^yZlXX*wWa}Il9qdK1Ha6 zgCWB_aK#~R!lkawi3v~`lcW&0~Na8euIU?Ho047XHBWw1}^Au_20HtxBn&Z@FNKLFkA^waSwUSrhTP;1YkYuhYJ4ZLQy>Ew> zIcevIWe2*Q9_;A`8W}~Db~$#S*X5DVj%u-bbdBC`@wLIl2q?CXSs=*Q@64j^!1@`>$0p(Mcbrm<(N@H5?q|~a-nEy z)vsDC#+41kJ#~1aj)^+#I+qFtky``2T1lH`_jE+8ZfsN=I7uPHlN8PHX9q}O~iB=|@&Q^pPn;BNP z*3I5va16o49xWxZ;XDVHiEjzK1L4sbmL^!pCCIt0r6PU}QL_}gb(p2rN~|2?(_T-r zVWog{i=7g<;HTE)n@r2l}Lk<&O!s?q(mp=z_6t3$5lmh~a;+xw#` zL=8N$kw#QWKJcg#J*q?vDpA9H{8!S68Yai1QuL@4H7Z55MR{vlQPU*)pQIL*GPb$< z*J6L6k2}9q_Z?T#=IBHzUU-%c=%`_JU0AV0zvg)-1u$N zal159uD~WkTsbOOAKbD^5)Nr;u-A=m?abjVh!gU*KeJb4athAttr&QpK1X!SrcDi7 zd*ZZ`(`6OHx4@x%s;Q@s^Y17dC!PM8l5E)AJHJQX*C` zLC0MlI95s~$CEr&Yv!*xlje$CLbF_U^oH^-{PbI!qB(B&+veO^dl%XgiObT9m^0e$ zw|DmTVaNPWz2%1M`@P+^Cah@p;kUMP^SAr${dxQI=bxXJHqw{V96au~7|~T3ok|I5 z>6ByPxGvcw$K$EKOIu%3Yc)u;z#Lw|Yo%0vhf=i+bBJ8qO}P~vCL_$Rh|-(Y@*mW< zk*ba_H|p^otmmjOW1^Cyt$jnX4q@#EBRXwFTQ#8>Cm00xPQR)N(;`7zV}n1s$|1nQ z&`n>iw8+YL+u6&AqakNEi~8`{H6l0!?OM~&wpWOEEz|8C$Ah7dL^xv!9{PkEk>XF3 zIQad`8dweYHd%IXBdJEOUE$DgJy&kXLybI9f_W8Z1cauxN`*n1Si`jr`X*7c^ZHCO zZ5Jrxlf*=(i(QCkOfj}DHOBH9V+se|Znqm9?7w>X>iJUbNf#;4w1Dl$gDc zVQyr3R8em|NM&qo0PI`MZreBz&e=~vbPw6Z!it(Q+Qly+MVlLP?6w%Q|jD_+ZaY7GvnS9^( z-%h9I>HB{3=}%A34klCo>~uOketYa6_>+^(%Di7OsW7DysTk13{8FMj zF3RfOXoWcSn8FO|a5WQmjB8g(8wW zBZ8;x|KxZ&^&9qoI(<7G?EfW_Yf3mJ@IwL9Z_>N}OKLM*PDb~HMKg4fNyU>nNS=uh zF5!+aVvHpLg(Ix6<`0SkpoU41HYo2t3qUYXAPWYlY|j*mfhL}ek3#Kw9J{pUwpvVr z8D2m%4jyOdZ=gv>F`}7(g-yhE!DYoIC2FaN1rsy$o-GK25kj^VU|ywHG7I4&nL?=B zz7RZ1D_H%>R?B zwZ&XUMY}d3l`*ssO*{Q6Fr^BS0#~$^k`0BF0e;?qj;hJv zNGZtE3k8_i<1Dx9RF@pwEM=y_9mo`VVBN`4mheH((VM7j)}=e8)i0PN&w(coxN ziXTY&m6Nn^X3ER4bdK7WrZ0)S?|~T+dEXCH*ZAeGVO^KMh;P_%+z02dXXkJOO4+fs z&5-te8|P4obe%(<+j0&CV5f7C4d)tlOMUB0k6>2!R}T9&2M z!OHexWw&~)s}=Inyl!J-r9jujY-Y>CaV>HYvbk?bx_Ee?avLBD9g*QhozLmZ(k4X_rq^> z-N?^gqd| zfv#an^y>1U1~kz0UT8Y^(zXrS2X8~nrOU4vS!cDV*x+<>Fl$gSvr-4{-5>YP0Y{G; za^V$=NT|8sAqEwLFoa;DJ0g*A1U((e8pzHl_MB4wkcZio9#*x0a|)PktXn2QpomBu zP>7CznP<8ADN7LZb4k&d4r0eE^lGdMwD{+CW$9x=%*qu*c^ZK@drH4{A3GX#_w>NW zFUiO4&2!tF0wyoG4NI@upRWkJ@wLU>O+`9soFok%Z`2$peXo?h)pkttpl022ynPt< z`7!N-uFG_Rqu=vzlZ%21|LCA+RiN%x#eu)}%3po=JM*E-f0ALi z^JJ*K**Q?g-YBCP_qYbQgYaiHR2PqQ1w*TpdXiO|VbKZ!1H0^%U3T*8<+E3teYwqY zngfYa9-#+9Daz#LJomiltR9l}{Mqx%mprrA51;iVEXb5INdgM!j<4$N;>XVt%+){_ z>Z?JDRoqm=oMk-$UgGS`tL*!J)~`;r`+xKI=a(Pfdr7ogjCJ>aCzIy=zmv)2WVrwL z66v@4RoHVhx0ig831RHIkhHGUX40$)ooluGZpV;@G^8O7sbBg(00960%w^5c07L)) D=udfI literal 0 HcmV?d00001 diff --git a/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.0+up1.0.1.tgz b/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.0+up1.0.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d12675ff4667809fdeb8de92654f7ba847254603 GIT binary patch literal 1136 zcmV-$1dsb4iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI-JZsRr(&RI`E?6t5XrTHm*bG+>$NShjQvjut^lVgb$MG`~O z8>i^I7n1BGYs=nbL#Hh^b1}@JzK=7SKZ-!}0;vb3>lup#-cXN|I2;u~zQ2G<9lTW1 zG)+&BkDK2#P1k?Zlar%^>^RHPG&?%W&JNP-i>)fKDLT7>FfVGP~ zw{RY-&dtURn36i&c4`R~g2P@7d4H~r7*4>-k4R1$Jz(>r1gyRPoAuLvmI!p5r1j0x z@N&X_T|Ul6!Ff|%qcedxzQ>u=vhh;#1N8(1$WbXP9X^uC# z)aH}^Num;Nz-FKvCX6|5EDqS!s`!b7v1N^Dn0iYW%(Iq?7g#}i1jdX-Jse+r{C@J; za!pz%tCy?Owz6{5gLLn!1%fZm!Ql<5broYeC#&LmE3_LE z&g5-m&_I}q2%t0!cN+tc` z52Lqj+rjW8tDa!pvyis;u2#4Sx}#$~n?Y)id2_?t6x21yFnBZJpgP0z*?irh+DZkt zqgODig4?kXTVHi77O7vw7$Z7r(X%Ob1Z;Oth{<4x7wCL*6W!Y4q7u6I(v=f=hab-O z{C--h-|BsPHfjGH^Qv~)J~>*onf{5~$D8)85wV9wOL7h#msifHZF_ZZjy}t*fPXga zgc}pvwbOoVH#=91!&FIriBSg)7p6Myh0jCY(NRE%=8Fla@y;>j6|TXZNi~<`1E{NZ zpo{5`&ylb96VqEPa~^zfPyH-11E~VxFX$ZPQRjMFfQt%9Q{X=~Ls`ca@~cZurx!OC zn=fAC5xDb)YKJ{q3DZ@Lx%cw&U9i9Y{*QhRf0H+PlQ;QhDc zVQyr3R8em|NM&qo0PI@-Z|k@X@6Y}#hzvu3+u5gn*0bSp)8@6kUwma-_I24M^ z#9Cy_5aqm=1^M3xS&s9~ZF2AR(%TUJ5=Ws(k=BPIsc4q-6t&MLm2n0L~1PY8-H8jKn~w9xILVMNWoE8AIE4@wrYuWX$liRRBkA#7JP$ z%x+~%MUr41L&xY6JFP4^%a97jF$Op2(~Jyet;~vIkRmTXxBgmaH5CbxKc4Cs*o3$& z$)M&cABiyqY(i_?)2LO*(iv0KBvc+l_fH?7A6y2Z&t#FZZu=~h$OwIFO}j%|rx8~L z#*nd`jWNUAc&rdVEHzL29xICGYZQb*XOpWlMv58;gC#4pOD&NU`T1EUocn6ox?|b7P$N$0L@)ZA%L1U?gOxn=zV(CX5u~M1`91Ajf7DK1w zd2B*=_1>_YB4cB;4*(hqMZze{*@|b&WY{={se`d+1HrvkpPlF`EUdofYW2*LMA*>9 zHmZnBH{90FG&TsJufEEe9!^?c(g71YdKB^$JvYK*kX z?8uE9xT(@FxOt%9gz=-$9{fM2C=1jSnBvP*fqnQtzu3nA)y37-3IE5S`MmcHOhpz0 zp@ET*Xl4a|$gEpU<+T&D1>>r|lw{$f!viV*}qxD?W* z7eQ-o(eM{qE5JP2d46wC|2An4{_8-kmBcSE2lnCr@@fnJ z{qQ1+PWV3tO+=o=P#?b!O5#RaK@S-ZSZPwF#eb?UQ84)<)h&?>4NI6|wi0knfUV5` z#eR)0C06YwA6Oy&s#RG~3_o?dKi5UYvT*=EbqTpfL-kKn)Wd3cjHdf7bfuu`lWSxK z?b9b_cxoTYBC$h1@2c5o?zHLL=?Cr6UaM-fzlqKs8D`2I)s0zi^ZpOV|4`(K$j4t0 z2KM3K7W!3aOKkp9)+vopze{jP8F=!qC ztSD#&^^eV~f8nHe=hQ*?p#r&`tg(=SGm0Vd00<@Wx~B+G-5~vg4N;OC0GQzVh0d}A zX_b2b%S~F(UR$CixglteD1hYxtLKeaaoZLs92+mSFtZz#8~kimszy{tvM3C%no(Wm z*Yr<9y)n*JZkWhXH%s-~Lz5%dd4>7BvHq2EEP%ygK5q)DwI*&*$q81?TUadOS6K}k z!(y?yj{8!|dnE;*#qhV$tupr-39IPp2=nR6D@(h+dwRNmzJIv;*N@Fl0M&(qYb@1E zXxhZxflyZA_fQY&y4ZEdnTYq|8&F?l|A!K$lQPo{r%>+9~Qjyh3};Tky5f>h11aFo8dF9od{TNskfO$5 zO|0)$c+X54Lk|sa?&pYPk28O@>Y%9ZTvz1$X(ag@e7-YbgO$pmQ}Mb)jV!s#%`G6WDn5nsl4a_* oRV{6&e=qz8rzLNBZ|hEUq7$9yL@&{Q0{{U3|3DisbpR{?0IOjrO#lD@ literal 0 HcmV?d00001 diff --git a/assets/rancher-alerting-drivers/rancher-alerting-drivers-100.0.0.tgz b/assets/rancher-alerting-drivers/rancher-alerting-drivers-100.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ae3ee8184a07865f5bdca02062cf1e7b562ac9eb GIT binary patch literal 7877 zcmV;$9y;M4iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBjbK5xbXI}GD^fH%noC~Q3%XU_EsXCA2$@n&QT()PYwz5+$ zh=e4JNrDT2aAM|?af4ki-|L=4U51(~#n^ zgOG56*t7Pd%PKeSI|(R?s6c|yi1#f34+#{|k?SEL0_+mn^5nc2672UOohy~ee8S@Z zO`QmZxDQ9^Y=U=sHdSV!ybl41lFyZ~3+(6BAo<*tO28;%EzZ% z;4p31WtzPYwrv62CIjq=Ko?*#*R;*8G=Yj2Xw-*E$L+S=t|jZkv5*{<>&^l)ludy< z6bV&To(vq#B-2Kdhzq1DC)=$^AjRQ%j64hsi7}Qu8bxXA6mdmDc5TlMClFxwQp`5~0MJ6#945JWy>LnqLv}CDx3P#>I z6$jO`N24JbB}}KFN_^q&*Y1uVE;LyGH)9;cQl1m>dZNIR^?%Si>=xI5x7|BvZ`c1O z!u`DiJ|2$y)pI^$p{s%qa2$Qtye8wr&({RSVzV>26f$;4%}iXk(h^J zDV->>qMzoKFYs`PJ<$jIoL;3BkgsVh=~31P`{X|f3hZ*%R91uI0DFS6!hmudPB1&B zVJxLK`~P&@PS0uE;2xtG4M;!)!QA~vGQjDH*?mt$`cu&vV1ZmIHL(awX|8axSJetQ zRw)-IsvY8!&oPR8wY^9g2em&KjCc2UlNfol8R5Oq3}zp$fi$ zU`gb`!Jhg_!mDIBB%i@{Y%r>q*Y22MBru@7gkcf{Q;>tAZcPBiv8uOg{f0Gdm0rja zWE(gPu!jGg>w;?YR1gG{ni?}*6dXLSpJq)aa>pVqdvV`Z9R=NfDwi_H5oO;Q`*q`&3-Nq_$@ zRrmhe<^wvbW8MpzhMDwSQqvUO9;Ue>=e7Vt%$q5^rEvH!OX_Km&z5~5*9BV9vYUqc0?k?OaI_xBZ9 zzQBJHDsZXE^HlU*o9_&!nou@tt}vSrubf|Z*;QKkrJYu8rBhi2ed|`$OM0QZ)iqaV zgUG|hdYj9sYSxw+IZxY(JdY;wAWh};UDPC%{zxZ3uj53;WUi+RFKq`e=NdfYZtiX! zt;lSlvHmlvcKX9^M4)DkXP2%cBF4$U^=R0VvtIupoF|yKdi#6(&(&{_hVr=O^bQXX z58v$ly<`2#(Wo@29tr{{!dzhAhL-{10$i}Ke*NkAm!r$;oAaZy6C3R7le3EtN7pCz zuB;4pM{WZmBZh`3LU#UZ){%CLh^PJ`S>%q(9R=xGSFuR%zN%6KM~CS#{0zm} zl~u})7VH!%M~GtC@6}7MpwmbN-sN*hXS1^(r5RN2Y2tx&a&F(!{VaTpI`gr z_B5fv`9D*nF&f~t^Z`rG|K0s=>He?V>FphE&;OeU=~|NVi;(qOhz)0 zb9crx{vREz$1Gw=$KlA-TF>7RXcf3xU2C$HlI-{B%rSbCF-|a*E44%lDv}yH=>;xkeAZfL zt!bGBWk}Ko+ss|71(QVNBrYnjQhO11W=jGO5B>Ud0*&C|!7f+gA_;|6URh;Zteu z^E8PT?ckF=!fFxdrSkhc$+Th>gk$Pw3|S>2xI|orPjQrPoz_}l2@v&cdc!$370I-8{KQINoRls z%4W(1^{>(it+%Bgc%o#&Tg=FW1b8$vqXZaJF3z#IqwKc$^7P`k_~PR9-R#9o64Tru z32+~F&Jr#z4e?E$DmnfjrKCbSmF6g#s`w<11FUTA0`rVqCaF)TO21+78+8NK$%Tv% zeeT1-{{G&+1u*1#O*|1fhLQg<3Z}AQKa&7!IcwG>6B;BrFLYpsV~@#Gc6qu+y0=L* znqzP2Ks;u`rm~QOf`H!1zYRr?e2&OYVA* ziGFzE^Iz@x|MKMM-Pws7`j0PTssGo0>HOc>@3r^0=l@NF=WwZKz`W0vb!`}@krQSuCsdo{aMgou0Gu`hmGktcPyBaCCG3xP_wq_&Is6~t{t>?%f z@1!0=PUgI{3onU_-K@5|uB7$B~Vus_YTFSA}XtOSUUQ9!sr zhR@lq<-pb1l}Y7FDR?R=gqU+Q!UMwm)W>YsvW|uVvuqy7%GPm?*AQ{8)#pb8BNzB;>VTG-bfv!@KT>wgZnVtquIW$S;x zTlW9!^!B#vek&Yw}^vs1i#=QOvNoJRa{6) zil@wkpn_o1P?WOffM0Sqkha_X?jT84SpRDyf-JNDJ=`nX|8x!xyW91@iBO6EVQk(T zhWuCr-BE*pVS4-Z3nu+m+1pTOU^otlhmL6yDO(*&TY*^BcpxERj56#yIWuqypic@T zL^B{zNFlrtiImE5rOijf%ip+#e1a?LRgLVcob=@s=ySNGqLj25QW z|6CFg%X$u(G8R&MFS$lz$+9uGDonwi=T`P=;SK{dl8X|jvTli(i4T(+j6I*JC?yHC zQ_A0`@3eENpfZ6r+|SIi3VKbY_v_6lDP3YlDrQ8Eq#mU*O%w#Obspwif&7Rui2y~@ zSwWfWU`+k2%v60pD|A>aF)s;mPCbGo|B|HVS}>d^Rjs+K?Ae;68i@_VFX+EG@DLZd z`JO6U4?&%RRE>yLGR1qatb$qHr{66L4TmHmVydDW^8Xd~|Fsc;mdXF!{dQ^p-|KAU z|IGwLEFL2c1B{~?=8p@w}?ce{tQhE9A^e%EEJRyY&?wa(n%Qdn#KuZRe=Wc~NLdwZqz-)ncb_+J|d_xG(=Fd<=IVcSWGUW$-! zL)k6f824cw*k%h8w1o-!?qPzABkrGo6jWWs9|tR_%9XwmT#)k^ydcNK3X`Lw|S*2$~GA}Qd`2XD9&zzTd6DT30GQo;~ICK0$L4VBS5dDe3Nvi_z zq$6C9&hrf;9XWp)fQ@fFtR?^F{?g5q0ZZ@y59j3nz25fzeRVX3(#j7r=j23bl=^6xd1S*|fv5}=H zB^A{3%V<^pKk#&6A`bR(_S>$jNx=rGV9j9A@ldoQV2mbGrkhnl?hiiXWx(ASN0k(S zaCz#QZ*1!o7+`7nYSWbDtJGqSMv{cwgmNU6Oa|6wZ$@69N->cNZ2{*(zBy(?7f^be z#9&W4w(21b3uPM^Y1MnV3%k{6OenQoy(3h(iRLBE`D@HvE|%6nc?vDuw2N*YHSS0i z^1)gjNemkfNenOWN4mpgG!}Lr>^-{}ohgiFzDlL&`og7|k~p5}m1KF@YeR0x z9#bf`TReTO*oNd!i`R9YS>=L<2UUj3TV2d2ts+pypJ`)$mS?ECz9_4>GBO|NNay~b z6+_jzb0(N&yG}P$o%ceikE*kpDkhyh(ll5dp);TG@vgYTfcQ`xEhklqM1># zZ{$E2SIYI1&#GFEQN;-QFBAsVU?C+&U-B*m12{x)qy?CbR3PaaFIS!SupF+$yc#gZ zBnKr~2a`l)t%oAf(Hend5dg_tmYH2kF{g53DE3pA;Rd83)9lX3^AjEdNk<6 z_3?!fr$_Hhfi_eZH#dwjC;*d-Wo8*hCLB#n@)_}?i;J7%kLN$1zQ6hT^utM^l=LpX zdf(P1m=`4T#4j#Co^`KJj?S)bE}$(s`q>6=kM0#%?|{u32&Gc`Ep;Qg4{L$VHuDrfb?4t4!yH zKxDGvL%{!mmn0Ik)N}i>U4{Ow=IQ-?hO#bLqMo9{YBFrj3?@)Zc`j>e@3kziJ}VlT zhYfNLi`h&(?yoKR>#)}OFXjzzesx%K{_Aw+>_7H82V47(jf5u$0;-jYotVc@aJsA7 z9G7o&TbQ0d3#KPOF71?od%pJ6-i8KYE&jjamjIU8{~mP8_kVkPTl>GwgcSh<8(>W? z+W?9LoSD7T-L5iEb%SRt=r_d%)o1i5yzyUa{ipZ-PKu+uj0Y@R|9f-$ z|9)?Oi~qlo@ObF%Z$J(+XQ_FQV2)2}f8E3AKa zjDwJjBFgY;b8OlA-|v>?|IR_Lvt9q22+!dH34xh*Xw##s?Mw#=38b74G4gKF2+y!U za`Zwz#z6q1fDW|%42edsf#E;_A%Zeio4rSoZ#{^^>%H?;l^~xQfTkDl8!q|HC|E=fnPs9jKIGnya;g%aSDkXf& zB|b(iosQ8zEO){^>f_dTB#W%D{)?7{E0nQh{qOCy%le;gXMcT8(^?I6KHTPJyR_3^Wp`2V5#=+aSMyp>uD1E=t zH*OXQ4-atvLhGjIlYI*L=tk*)GdP>yvkZ|>hVbGct4RiHv$z^BFVlxzlg9l$%*xSp z;320hhzL}FUF4v<8q^k=7ZjN3@054NSi1giVWz(>yZ5sOU=|0yt*~k-QLd5hs ztKY(As4PR|2~9@TJWs9sBVRn+7tB*M&QKq0W!Y_zQIX1Es9b840ZnAd9$uT>Tr4z` zzUm7;jg&I6QPDZIrp0Fys=oNE3_+<$`8m0!ZM$7}ZwdCR#=38g`#KMRpQ65|5BjPJ#mc2b zeIhJ(kngx{xAPsbq=xH%ZS2=)4g9}*y zc8LRud~MOU5byO55{AT|avC|g7q!Dw?nOwiDI)Bo?e^TZW$7yQQyj@5W?0?YHex!h zK|lws5OIN73x7so9OU2&YAGsnNID@tPH|XOoAmclQcTD-!ETMpWIT9zn>8!8=AE@< zMPlk78GDVYZ9KCr&8^3)&`jsQTV45)Ytx!rrE7wW`}a482bOkN(3kvs?RL9k0`_JA zx4&UXc!GjpDm$5mA&z|IIxnd5iX+2mj%YLU8c`1U6atJUSYt6M^dyf)+#@vMinKST z#KSpEXu>gb_1Z%Lr$8c)$<0xLGDRLv!I`*%OQjLuXhIl`G%Am}P7R1$SLv)vtMVFn z;*DkTXCxxG$pE`>I+UvudqWHNQ4XH~anFRTNBwWRZvVaJCassib zy7mQzLpn*p3=$ShVZe~;8}&_@omp4!xGB*L_xO1UA^G_{NV00;3{ZJ_jz0@Z^}7rW z_y4uAU!OI>f88tZ|J}Xq_g^*>ih{P>>LYqLLx9bsa@Lvz+?7zG1t^M~#!WP(d3+(!B1G{bq6EV^?G8s z+N#R^IAFDDzpe&U`xu;B69sl{l-j>ANbM37*L1v01lNt?uoi$>bX_ve`XRSb{PrPM z^X|@(5|(s$xsgqwa|?XST?fh5tn&6$@T6g7`G0m7YQP*WRtzk=|L^n;%l;pSy{-M% zMuOx3>Y{N-0<3QO<2aDp`l=p^ zmCHHD6*a(jU&`Uj?d5foat*|8Wpu8O*v+ijpRf9X@R~~`O$!<-a8>H8{9I|06F~u) zCeiE}KpuZ-bVGderR%!s(@f8jM`yrQI|8H7;bDrtpmSzr_F+erwNpWL87fh^$Fqc{ z5~vcK=wJcPYE=n&->YTZRK%$06$0NXaOq9&4}yud^b1vqr27*V~{@ zytYC`B+(xS`!}_^F+&~pZ$KtE!kk|)I>5#9WI6A#C}WeRA7XY|GHW?b6DbZaj1+SVX=a1;lxVjVE2oUYoLb2#OW`bhE32ev z1X#aZO6gWwH>JFF3kb2%+(bx+)$s{?+q#qTiBo}W?SONK2kN9BVlk%v+lw;1vynu* zyf_~9@!PJlo~ulju;6X#IM?YOs;|O#`t|PdYU-!PkgHDd+J-Hf<4X|S=NCj{AooSv zlMd;$I-@@BL;LXX@GouZ!C9ed4{A!&>Wq z1?<;nP4Hj4bKie!_qO)`8wr0J{_9s~15b?kTHl_v@m{OXotqv1mDm4@*ssr;`2QTv z<3DfDf13%9$AA5r>c6kud*6Rpcl|%*_kY^$GXCpcx4qr}HxeF!|N1TH{Wk#mYN&CR zg1*8`i=12K+vllkxxJv00HzCiMg6kK8U-e=)Yvz$0obz9A3HSU|7&CaK5KISvsdQ- zopxvY{qK#0E&lIP{9l(cGWx5+05@F!8TPN10%b#=@cy?mhyT{?9d5t>v61jps6+w> jc*IbsrpEU$@wZ_cwqYB7@bEtY00960AJkoi0P+9;*IAwM literal 0 HcmV?d00001 diff --git a/assets/rancher-backup-crd/rancher-backup-crd-2.0.0.tgz b/assets/rancher-backup-crd/rancher-backup-crd-2.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..76eaedc34c4e82532fbe4cf43ebd6713d45008cf GIT binary patch literal 1693 zcmV;O24eXiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@bZ{s!+&$IsuBKNR&2UsgPAA1n6xJ{jHvF&!du+x1h3M@^H zZ8j9Cl9Umn=>J|&lx48uslP3i>+03H=08QNcsB8VzugY=4eC-}46% zC?aX1v!-`kY0Q{HdI@MexmIW{WC_+A)J~??34{nI38N%Cw!vzDvZog4f#k4%4ROM- z2K6#Ojr(2&E%twTb~!59|0{nK^!EQ4R5Tu(P`J~;%`fHM{!bb6TLm-FI2hbg9))O} zDlOtkZnxJkr<`V15QD}M*4SJk)_AP)C~s@zJDVP;1c(`lqbOs??4zVygB%N%#`Y>2 zqVK0aefWs=GDM!zSf|QUT1dQr_ae7Fgf_G7HCZE7T2j8KL9(m6Stn2c+5YSRFsBR* zS8)x-X!P)#47wdB0kS=uDd-RTV3S=>E7a!jJt84Hg&P`!(l|~EfLDv+-Xg4_W@kij zD;4$2|Ns5QGvi;sKAixL)~EmZ)r&zXyeKYpn(?_-xsW1FLgZ2b%bZCXA*)=4gG*Q{ zG21H903k($fgZC|>C6YIbhgE{D0clJ`s2?5LMzN@lpTic6bbOFkMBO6P012sY#R|u zq)3d1+hAlkxpr>IHO3HdBG;K)84EtAizyIk<+wi%p*;^|1|Tud9FS!}L~xBMr+ksM z?to3toGwamrBmKfNu4?`qo8bPJV9EZR6*t#XFHj6nqLFA2axr zfJG+S9VxPeC}qt%8B4*pBdt3Jl1j6>f&%SH?heOE6&0cD99Kvcq8D#s8gaT<>KB!P zQ;m6qWrT<{vYTZ}qeA2(AN|+-bv?4ul~!I7PZ`5A1|c$mRjIR1F*Dq=YFi6j8>FFG zN^afC)wt72H`8;QB18{h3d>z0!?Fh3{8u^$bQ`}U)FC16#jB`vH~ zVRdHJ4!Lz;Y|zTaD>6_2q{QpJo=r5^S%r+SrW_|~DfCTc>$Pkg?zU`Kl`E>2P0SR? z6-3_w2kG=P4KBFZLDf69G>);XTst-69ReveZS(9^u=|x~3N{X1*|@@PwIIHH2YJg= zXI#&V8uR~cd=2+{4{XW*FM_jD{y*}ApwIswg}z+=Ur?UrM}WhU#ByG|$rOvzJ#M;a zk~b+B137^?NZ@4O%{yX(`gouqj~b`t^k^>M)5=g2CpU0O$lg62uDafT?6T4WrmFGJ zwZ7Tqmv<2(1CnKQk1Q0pBP@;J2g)PIiPeOPErCl*0#_HGSnGKvtC+w7?vjI!lHnOJ zryx5ms5$d9Yvt7!$r6n@umC+sEqFsfXzNXmM z6f4x%6f2>$!v{2=99mMGIv>6IqT(UEUv*LOK2^KieUC+)Fvv8Zdy%oP+&4MS&C&M#e=vGg{{BBWANBd)W6;0Q#A-mE_n`6QdN8=!wvr{58tEn0CITpZ nIiD(s&}@x9?`zR#uQ%16dg`gC=T3hG00960yd9dj05|{uVDc zVQyr3R8em|NM&qo0PKDHbK5x5;QV^}E4r9`H_4uu%-wO0LszC`QN|7gCzKp{EED@D^w~L381?HbT=9epvg%b%#r&O5?rQ9?|4qQ z?5@Zn`tIRUzu)g4?(gfr{eHjtcd$PgemB@342B2&{_w@{yZ&Imzkm20^dFFh)|3iK z_;>w#Q9!VwhX)Gj(qA`@&#SeJ+Ukf6G zd1KW8xujEyVP3DXSV%<@k(D2l1&-m|l!PBN2GLkUl@tjHa17?9&rz_H2Pk~85)v1U z)tDGVMC0^xV{XFPl7=Y!*^-YT2UwKo=I>DUmV-th93vzGZClE{)mT9UEWt4>NK9t9 zz*shxk}Fjxh*BYu`;xJ!u~sOAjDWw5?x@xQNAV%1UdzQ zau39urBMhIqn(uO1DopKrZ5C7mV_$(1V_JIIKV{LfPc#%6$qzCKf^hTa1TNje=iku zkaH?vN-+wR3T_}{44&7LW#=rN&vB-ekA5(H=G30DC`4`_Fb)$&l}ax?9v|5kG!_`7 z9N)gWxVWTBt<&i$>n=4q9H&Olj(fe!To3EHmj$Ai3grGQr6Kkbr4xn3So%vAr3(~2 z1>kfFc}{>pMK&mVkPQ}G(I~P53k1&I9m5rsb6Bu6mS;rHp|>Qw7tx7jE75U4j-fu# zW++al5aN`^3YTIJGQ;DD2w^(wKiyaVC$FIgih<{QO_e-v53c4km_tZ~LMb3z#biMP z&_;lo70ldaprx^;0G=r(3JtG62gTtAQJhB69>lDM3`BwfP+?$!;m=^sm{82;Kr1jK z?*crVB||lH9{qBmT0r8E@DNy>!TIs0lReG5{}bLM7+**dTt4rD$v(#^@_b%x81R6_ z0VY!PEV)g?{v=Rs@CO=X2TCm)tDY^!XT?&uBC+lX+oO#gs>EHOl3K5H4wuMufxJyFIWbTS>%iS zCyLmWGH~c0iqf-p;(xF0(n-W-y5y-umTyGf=x=?7SQ=dZ4bJ`es|dE#4N-M zj4+UlkKxPLPDipxNwZ!J!291i9WtHLn97yO7RZ-0z@s2gLak7`%LiQ~;goSIS0!=# zH?^()45?!ONn9imQH=Rn(Mp0#J&qf86S4%jJBjr zoiAT{f9d=}| zIva$iOs6Sj2%TfJ=!&^QIblF!U!Y1L)j%7`qq77HjOp%&5CzH&)x~HxgoeXze{# z@OHPkCEAIs*LrR{G#h>W+G%jO_6l`Y_7Id>T#|+Ag5O%KK#a+%BsdkgxkFq#_q8Li zH*9=`zE(V=!Z&auar4B;dk7&jou$_3y0i4E1g!7cx_8a04dQe$LB3IAB+H<^5usNZ z?)>RILsOyhv8|$ipVVsqTg!>F2q!cSX*|2LS9pW{-#;8x_Wy?c7ybR6{lATLN#k$~ z$7Zn4S%g2B!7gnV@d*jKB$ac<=^xr&?Oy)X%yEOx0woEFB;yXiE$0ZZ6O?gY=-IWo zUX;(m*AUY<#8|?lx70cNjMXVizt-~>i|`z$stL8e z%&})XcO+cUxC1~E`Xgs)vZiadqyt;!Kg1+rs|CjQKMt^Q{l7n`tp8sO4tM+iTS?ZW zRdar}G8dz+^~C3|98Z0oXQ%8bp%Hk$#=pkL+8GD|i>Gv!a)b$!a}Xm9{Onz6N62mg zRLv7t>5wE5O1~JXdYQB1{S?kkMEU{LQi6f1omtifl0GT%$^pF=czp#@AUQN-X3}cG zJN=?kRKj#;Tz@sVRH_^nF)5g1a4FJ7PmD?<@l2b5@U;8ZQrZ212-G`4UQdjCp-o?{ zT)gKRqnMN7!J$YO1x5#avJ7qxKUoHAA!h@mf7d2}J5CpQCl_wAnmfEG+2AQx9J#ro zBQLg#%yuU7d{q2GFx=&X)2(LTR~5*ZXpR3*wa=kV*X!Y7fF3ygQPxAcSA+|<@OI$x~Qf^MM4B^X@ zza9Pk)!UC3qmMrv9sl(AvyT^V-<%))c=GYpo8zOmr*B?2($K~#rR80>PFHCZo4BW0 z?Y2>Uc5;4kdhzz;_3_Ealh;Q-ygGSVC)aa;`WC2{7c=`*KP%Q2?s(+8xMT3D`?#Ki z#1ND$eY?NcalwlE2-iw#$;kK3-syVB5uuB*Qve`PuQrKlz9?<&da!RxJ7IarHos&6 zMelHDqvZl|5vqcc{eQBE+VpCT7izGxeK4_~|(Rrmi6UhLNYTS>0PJyG^)VRHXJHo1qb?I#MF zFUW0;?ll-%?d=BB)XO#m=8Ro>V@Q~g**WGt^OPntPC~2~_d|?OqMvA6#T$cuDbgT7 z3^Ck;2~HVDU%%Ezo+yiRqhHa?rqfq+LFE_*H9P(8wr6_}8(2ZAO-2?={49%!fv542 zc+KK-#^e|zPqCc!cY%BigMPnn-*Z$#Av06$H7@nh?b=LPBDHZtu|>a^&Y83TX`gV` zS-vIP_fFjiCF?i`aZ}^i?rYmqH|~hj<0#A_@!S$(iv>~Q`rfm! zygl&z*xPH7wPNFG4?Nv=Rlzc%-6v6RY)dt?ME(EeSC6EUX;ZN5WqZpmG5*!F2lu{u zzjb`yFCRG1luE@tx6>~-*DuvRUF(&t`ywBvtN-ks$kWKIL;TzcE0pYbzu5zHb{A5; zE6aqiMV81XI(vp%IE)DWRtISbYXF?EFjLmL5XA~`mEL=)z)Ee+(ZwSF_5*l79?JFx zcC4gXsqp;Y#Gk)zf8h4rS8RMJMrhgkxXbpjhW(93XbiQYOG>^cAHFw!=kIH*8=Kyy@vNo-?Lge0d96+5>m%ms{~H=F zIj1N|at>?*;Ebcl8>e3xCVaa}ibkKtx|n@BF%NqE*Sh{sMDkGAz&73g9UL4~*8c~G zgTZe7zm2qIu?>FsqYQw!BumT@8i5)pHmb*EInwNh<#*?(VExsT24yHrc<`rq!L zJ^+qQ`hVE3>HmWlqn-ZWMrt_!(X{L6R}N?7rqNlG;NNPBsP58j_k;!s0ufH4 z*C%;P`Ogierpv9x<%*Ufng$nF^I7!DPeoyIm(sv??^Y_PPX3Kx?)LZ|JGJWnEW-(U za@YA_)A`?n!-LxS-xs^{e_Kfj9k&5+sq4W^4eFq#TO_$0gEMPQG{GypH}*@ zaJ}YOJ$um4D|tG{;1wrO?GY1$%Coqz< zBaHtGy4u9;{ur?dcsfEwFI%ZQ?C-1gC~A6tF=xy4tZ3$grx^&82DCHZ3~LwI9(&N8 z)GGhw6MFZ;u|fWaqyBz%|Nn5X+yCE6YCj&=YVw&wZMU-V8c)J)$IvsOv)&}+_Y^xq zavINGTB>V?oESka(W+A#qs-_M&4FK3Gg|7v`j9YRzG#z?aty)yWsb3pZK0#*G=#0W z7`ahv_JF{WM6|HsTT#Ix6%r-}Nl;M*r`A#r_`-`n&zV?W8AGTxJrUMHs`g zh%seGcyQT0$q;IZY%;xOk3-MI{`Jgm z)9tD{Zi>6sSL&r+*SHPJ(Ql5%y4{ z4`KCz2`a-lN0BgnEKF6gVP?#6m#nA>bx4KD?0Q)Ur?t&<9v)jp{*_Zj|DT^6z5My4 zy9gf=#|Hg>cyL(t|BUtr2Rr@0jr61vaJ|!cn@eiuBe-u6@b(bk-A>0u)_kw@!*9>B z0Gl%^=jo&yutje}EaK-*%uBs)ri<)^g(e|HNoXXxosO?kr}N~=6ZjD&oMXb^G@i1~ zr%#_IM9g&rDGf~ripvDU^h9fra;H|BD0@kPDmsX~Mq1I2N2j+Eyv4->6?-057ySq1|DuFan7%Oak=d2tPSoa*b&wVx;FXX*L6 za}Bk-&exzCYHppFTqxyk;8!SsN-{H~R^h1(owMwB2i?BUgMqH*IA^c(-o}b|DC?W5 zAE*n*Dd%dTk_CtpX_7E5g#w`Z_GcQOzA+RT$P#U%MQveXstp8kQkUA z5)zpRdtJD=q=^$&8)yuShsbTPt~?4iC~H&!%o_Bzz^uKR7QM@MR}3z3CHCNx+35cX zSD$oaKbg%9{j8hpdF$GnU7aa@->&5WiD80T3+6)Ets>5Sr|0HJhGGOin3(F%&Rq}T z#b^&=CaptJz0o81yb8AD;&eyNLah|fJ)1u$YtKGiQ8}lvTkBaij5U0YyYVFZsi?DU z$r#g4E?ify*FHY7BpmJo#sLeJO?sqbHm`+NqN@Pg=4dqBcX9Dbi3OczGuO2v0!`;( zj25s0NSsqJV2;65owIdmJeB(FNg@Rxm3rnZ1)?^Q*(584RNn)}A*37w8LjgA3enj+ zD=tPX>I6|?F7aasM8c=)CH_xfhc{PL2@6}hp>lepOt=+WHAprJIEkWFITE;RqA`og zu7kBs(1fpSh#FH2tV>hr>`6lhIAq-jo;{@l=jJF6hB{DpCOdWb&yI}cqm=N~9Ag_* zuPG3^!MaGCG{OFwry*jbVtsUWZFnw6~YzP;zU}gCG+O| zrMS1b`Xu0?cn$(}Lyf^2PZ?jBPGqrJcgs1E&XPH^+(Z|SBEf*)kBFY+h`j|-7I+Uo z6J;@r=b5T^rZS236N) zF*bM*v^Iy3PW1sZ+3aKZ8{@Dr4#|?PowKXVEKrS@B2jJIv-(vsU@3?9YQ8GeY_{}Q zdREV5nX+9DyPta)X9kseKIlE~mO3=k;|5*6Ovyjmrq;4Pyl>Ilck++u^LB4t!){LE zP>rgpp|Gck{y>w{bGh2mV_3{c*?5>))8v}?)FK~YZQ@3G=PNsRMwERk?D!YJCoA|p zMZU@mLWhE*vr|1MBj1CB1eY2`=5;P0xaP4We4-<#`6)zz#&9w6oh3NaS947%0U{0NYB_N9%SCCWy{CWD*a>%)U90KBOLOp} zI0Ct+zp|sK3951LtF73BNvf;|dI?$T6?KS5s#$F=lG{m)w6mvKVNier{%N8 zkVvA`k#7|}_;8ewuee0--aPwcGCw^xB${B~!mMZXhnOyNzE`U?#bUWUIQ^kN-lPCH zJzy1Wu|Dr+-}uagOhJ!wFGi8$H^Rb^oc%w|l3G{da@I&*bv9--q0||39dF|7SQn=h#8~fX z7aRWiLa=8;Scr3+;pb!wUf1iCW0T}Lib?W)^`~B^isrJs?cNBw{hC0z=m+Pbz*EmX zXp~>+s$LCfjHu#kx_qOla|5bI$J&Dtb>f^j`i8o8%-;Z|4c&id%#H9XadGb6=QZq) zEe-#E>Gt{`A6ozSUmR4=e+>_YyYpXLNfmj=Z>pG^6%gJ)=|0rFgzM*}Z=>7s(R4d* z)ULOe|7nD`ycD*{|JQ#}z5hAtk9OyOwvui#-xqUxjn#@mnl1e6j6r?#d{cuW;8-;z z9G*9ZM24XalRZ1`T=#_RqYEdW6OKZ-ajvsZEouiu5yIU0g5ql?Ph%%Ex;bnD?{(xa z8K{wII zbs?Ei`42XENaUNbw$BoVnr}AeRwU!;wZXS;9V-QND2UE&tjfBl{Px0UpbbiQJeHTu1jy`^R5>=GZzx2G^a z&ib#6xoP}wFaPdAw&n09s$ir4fB!{A{`X&ucJbe~l5Qsdw-J4pKU}MiU!uPt!JNjK z9Jb_EUb~Okse;eGA+4@inz7$d#jGRo_8{(3_ttf)J(8Kq`!}h)aWURFz*!F^5sA&f z2}vYAz0NW!k0GZ^N*quRjF-^@mg- zSAW*{5%p2whuk76uxrpyD^zTEf9T;ia@IEQKD#)rhjzBUTXUNxe$%a*oSu3$|N4XZ zdY?XS>stb6eB!67Jm1>JPII5RvUmL<;p`t6Xz#ua3LqNJ<2}%{ZZ6MpyR=KYv`bq_{~Z7T|NjqI JWn2KN007}qiYovB literal 0 HcmV?d00001 diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.0.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f701e8e9c985e6b4274cf87ef8b36578ce8d9aef GIT binary patch literal 5081 zcmV;~6DI5*iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PJ0TZ`(MN@4x3yF>s$l+eIwDCMk@24#=jtMQ)pJk#zULqR%2_ zq_NG%5~-3@yuNI{%YBynWCxOxEX#8I5?e`kH7FWcB!}dXznLK^jRaxt2t~uCvT=jV z9R);;o2MfplrtrP|6&K!YPDKNy`K5oYPIrz+uhFLi*~Qw?sU4XZnyQK)jsUD4qrfP z7nQG~NGc*;v>shozH{FQ5yrS8igG6VH2{|=;`5>75~X}}C~uNT@djm55#R4a;dE)Z z!uxwblshWq;G$4;K+#K!7iROQ41F?fFcM%NPS3C4`=o-x{5qcuiHm*Et>GaGqPS?t zsZ%`s<51z zhPn^7hKAzYFU%IvhRcJHGh}KRdlJ%LP)N#IA8y+<5{8+dPRlv0c_>{$LuKxL8sVJm z02#UQQG$pVqikqKA>|Gd-AGV11tSLF3^GaPRwmMk zTWsc(l&ECW=R+==x&fMt?S><7hqWgDzSVXs%||1#($yu$&Bd|jXh4Q&tPhom zD$+jz1cqEv#lPF*wusYbdQ6pkG^;!6&cxkB413GRq6 z*ZvjCD1EKdk=;_kS%6GQm{2tWpK2Rqc&AM{02#R>UHt`RRO@dC&IfvI!Q(I?Y_2Dn zViB{wRi<$R?)!W~+0bzJDbrbq_peBr^gvg@&_yYUm>!t^3ktk(PUBL+=ih2IG8j-s)zl^reSSmy*x6D(+9_temKckdIHXePO6ql!8XMLR#sr#s zTH>zqm(R~Q!yH07EvHkf5g&!^o;CMg9|pviXuxxe!nAZk1hc~upc2%TAGuI{c-wkg znb$uP72E$*J2$UK=!Ynzqr$CSfmQ3jPP>z{|Hnti-OB!#L3ek}@8FEdNFbyuDsAE= zS`95pfS}dFbTUGL@Llu%zIJ!l(AJ4Egt}fRr6udoxYq_wXK*gKQgi^$FV=IlN;X+N6)M-XSSTn{1E~MIY}U78fWE}^ zM}4suxgIsYtNnvAk56Qx*I`0^ABg9r;!%V$WlXqPuY$HR@}Q=(+@Q}V@$HPM(dKr- z#n|V>li>2m*I7ZjBlIF4jo+X~Tw<1EZDBM`;!qYQPw^P0B8)wJkE9V?Qpd zZ{T2nuIfYm1HX#v*SAyO4(exLBjVTRB=gir_-oQC{coHF%7!BHaohFa3jN>e9k=K8 zf2VcaYgPKc49e+E>l-?;V`x#|Xw2;^1)OPDld_@Xa)DerE)SZw?b?_!uMZ!&cVTnX z0#w8!ifC7JarY+VUL)oer^mZ_cX#RPaKXAbaDQLZtBStyR%5r@IJss6@;$jhU)mcm zzlYbHsh`{uGUVQcb#l*`7jnw1cie!`_`EKau@9W;t3QvrT8012CNGtZwsW|J5?F=* zPN$p0f4kGG_Ww(vJi6y0lcM_6Ix1H#VY6NNMSRC|Bt>ZK-+Z(?>mpve29*7nZX2gH z*V|6}&}r5GEXevcXjA+jm4*MK3jbx$KJb6EHU5t({FhAY;~&R*Y+HN5f3LFtPei-L ze>_K);~&SeasZwat&jiV7)!)|w_V}C4B9RJ<2kY%|HCm>_x-~a0#wyWnqN}=82zi5suR|ezmgU&#w^?tI%Ja2JWA>!+#0(zk2?= z6xtvDcVYi44X|(82>+e!HUKuqfA{F9dj7W*+ByCg=g5Qb?>vbAw-x^POk3iABL`qL z{tp-I|8e#FUn#Ul{IBT%R2twZX)FA1xB;-0{jZ+?DTVfi|1~!N9z=h2{n%b-2te;4+@(g1s=RruHU1@|8n3~B}bJMC8f`QKK%TlxQ`P#*u{hPV!i)QAiE zKj!6sXZ%(c>4Hn{+6OoVci?k%9KL{R$>6^KYc|{XPu}LEL%recw?xmAc z7Nv%Q52%lYX@xfhhFmC{bc^Cf_Th8g6-X4;51<}}UVP=DkM=4g${p1Y>O)le=fwVm zx=*F5|F*QB`9OZTzQX4^2}5ZZ%HpK<22-J7*2jww_mZq5dD7?3b4mo)X& zcdr&+2H(kaxurPy24~A(Y#uD<|I|9HqU~v={ZFRC{_KD2_%OfzZ*|($`o9#4b+j4f z3liod$Sx}EI6_gQSe{x&cyrc>YQ`WS1&Ns`QqW}+W=dcd`nhQtMKn(=<{iS>=EI>SKz;U+*|Pfd)51Y zypk`0^-ujXXFG)$hB{@q;~>d6##G9h=J zSr}2czwbYoRgodw-@lq~$;Zg|KXRYC(>|Q|6Ec-)x^bUpBF*$F39SSvr9!YFM>Fk+ zqf=!flG+Jn3EAyp4OeHUKVP1I`t|zi^yI_!`Nhc(XPK(v$aRm9UpCzEya3l}%Jrv{ z9}1iEKqXf6i`;+u@YDA{|McrV`WOc`Ue&+37OdN~g!hteot|G^pS(Z2{B(7FarWu* z{PgPj<4>2L7CFCKHBVkW#QW;(moq&!54JdFn*_;S(cH5SC*Qw6d$$h9B-~miJf?}r zTZcd3Ys3{6R`vept50W_*B?$Uiif*6lw~HAaF*-BDp1qiT>}*Vl>~muY!-|94`7se z$P~0YGfs2ikW*H(uLR^j!;n;C0!=5CWSPuZXIqo0{q1~?I6T`D&PgcdS(Y?7^Y*o5 z13qW+Q0DrP_dra|IsVJroDK51l`tN%|Ev5zhHApa_&PLt{hIhbpXmQL@dj6||GI~H z|F7HaRsLTol;6;c$D6X@!baW)n`ABg11m!_NA&+&hII_NHy2PHfU==L8Sf67JD9&= z=jW$sm~0}R+cM_*%w9gVte+#T!oS({P924Lr*&N&umb<>?n3;RUc177Ih4o$jUMkA z=Kq`D6d>J9iiRXLfZX?^0O}+314oXUBhJV5K7?GV(kz$HdeQae>$1h7xhz?y(B(lu^fdTfk1NQWgF$^>YWA?qbW2}0LjC{U zKkFn?JkS}g=0@QYA0zu`J^uE@eSDN*JTfsfrwt8OKUirsbg>)aj`?8lo(5F)pZGTUhN7?XM3FRhklfJ&hfo@15od>#C16UmE z<${;d&A-r9M)tPcyq=#cx?pEFSs&;DS}OOoNABUh?8H++v02BKdlH-UFf&jO3_<*% zNc)h@T0{B({#WV$%=z9d0{n*7VCDM1)yc>XC`f0sg=KmQq@%r1}qo}4%qtqvAX zjh*=#ZzAd|%KA`OBEov=+^2Ih+fs9=`_vNrwrO+xZyo`D3;Z9oEB~()+CBb{O2z+C zh5tvm&zq;Lp{r}_Y`HymFm-sJwIw^e#Y`@B&F!1bC%l2EKZSkLd0qn8w ze|3AU{QiHpSH*uTh4zjAxyK#L(g2xCpIW}poi@S0Fwy-FH?sXN*1>=0IB)+u-OB$j zg?5Sm>;u)w9EqR1-Y4>lg3dm*Sic$C2LGGb{ukT%|3`;d|A!0l zAKRVk`!D5CF5YY5i>`U3uOI1g^$W6j{j>WvJi%MoxjsJi7(Ya-@PA8u>Jf#>i_r~N zto__iLM!m!?k>cC?sR(9{$DBd(nP8oz)-wj_`PDw~^s81C|>70B#kM*C-mrHO6YSPa2&W_YG{Q zS_vXz%z*X$YPLRuBv3J!FR1`$Kr*pk(>VTwc`!t#S!(bHp-;6(1@UKAK#hn3moT_N z@c4xJoOtLtwc1NKx4OVaeye@?@})LHKS;Gn;dBP42@M-B&N^$xL4*d&d8Q^bo8kG? zqf#Cfh&oyeQUr4oa-xw3a(-XZ)Q3}{`PvLR4Dt+=43K)T$)tka50>HezG}JBh5EX zt@dABKwzDN0T+SM2U_2Z_yiP(NTO-j0EvnO9)Q3B3Z23u0iQkYX6lVG;J7?!>XhV0 z^S0ys-b7|Tf@d_EzH?~m&qycMJ95Y(d=s0V>?bbVH13HXs2ylZZeK+aF z0Zc~J9ci}u_RQ$rCQFJK4%+AvHZ_4!>43WNz$y-MOhcf|)|@hMplFU07~mugQ(x2r za3iUBFpIfoqnR^XPl%qaIBB<$TM(c}i9&y>$2`)*pm;pLXXB+sI`dFwOC~s3?Di5d zr^Sl|J@3mTj1KgjMOGH- zPR+)`JvRyhCWI+1KWjgdQi>a3qfc*9FA)uwT*V2D-sraQ3;_)_rkOSV4fNM&zI<;?vFILE_tMI6AQDn{<#U& zd}$H`!pKnjY$olESzagktengs@kqrYPln~h^Qh)Se1AGGScwY0*vx&iaqz_|1Oyu_ v7=Asuc&`!b&n?Hf02|CXw>JL^InWhVR8d9WDE)r`00960xY^Hq0L%aYvVux8 literal 0 HcmV?d00001 diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.0.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7ec434c945e346251a67fb10fdebaad464170ec0 GIT binary patch literal 1463 zcmV;o1xWfIiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI@dliD^AzGwalP5O*uIDT|^yO6Y#wz=GJ*YtUj_dq#Y@<{7z zm`?xqj%?py8yjOVkWSba21))_vcLUST3dtUOVnL1Om~iwF9Xm|U9P>i(VK1~9SFr2)J7;dVb8sehlXnrQvCm;Gz7kH7%h=a zXYUPrRJt6?>C`!*RfrP?Vdx7U-?h&3i{HNEI&SCO&$Fpj$3I~Z`ao#jaz8SJ+HjD2 z>B08+@45Y6FCYK?-t};FiT_hrHgX^o_>EB7f5v(G+1L<#?scAo^d@W?8B)OvjfynK z_xLEJh$A3C0uKnRekAdeA&hajFzbl!m=L)gxX>yJVZ$Uh zK&CV6vad$TJD}x+Ifj5D^dcWU%dn}Ek7D6)t>k^$ zo+smG$A$|N&2<{?Df4Zt*db|)ag+F96+?23t|ERlv z;hK;OOSiV8nk$*)@DdgZ!l0C#b=0-W{h&db7};uc72kG zK}U6>5sZ?@^-;#|wtd6{j_6^l6zvogpf#)teV#C(538258)~iewuDoyxm!7RcuurT zI2t&;>OiUNv)bivdB)|Zi8kf2xCd<$Tg{Ur)~_g0$5oO|^le*_bno3VO>JV`Z(Ec* z1MCN3ll`81vL{jUaCW&eJ}K^ZsXadJb7du^OFMFn=Prc&pw_Vdw=R`7C9p>&dKTWRWacV@g}xn1 zJ%NzFM|0E?2~GO^a>$>m2kZh5-)i8i2kZdPVm#iZo&3Brwv=?()AbQiym+SzAz z^mkn?E0C_$bM=<{b1FZ{Tf`Qfl@Y#G{E~2N5C4$ORm1!rCZ~~RuK{cFe{a~oF696I zcyM|De-b-({!awiL+7Uh2y z16HYj>hAosNK_S^mE+Y|2Nj}ZUW`ak<{^ZwHZC-4sTQTP3C zZ_qD%|2rJ?FZI8Z*iTzNcD-Su3>XkxSkVq)WS+Q^{C=BuhtYR|pGi(Twu7rR)Q R{TBcL|NlV*fq?)t004`EDc zVQyr3R8em|NM&qo0PI;yZ{s!)&e^|$*lS@&N|U(oZIPr!kTzYcgT0TbiOiZJS zqUiMaxcH5tX!SQbIXOCrkK;H#?w|If_#lc;`u)=b5pAt`0|~_752CGgtvdHX1dOo^ ztgN9yM+gZF+NM1T%o=;j9!m7AZWSg2QRPbQvaw1MGz0O8eZWt(OAKU44kQjlIoPEc zF=n-kEe(WLCfwD|dejJn-5m1XuC*NQfK%Vlld@(Yrbiuc?*1|E#l5(bAW5$r7eg0U zL-A+zx;P8OHv5WXgO_-Yx5}s@N}VTkPVY5DQ7`I6KLuCndh4C8m&W>M%$x>BI+Q-4 zt%%_9`j3yJet)I@`=|Yref__NES3m3g?Ef5f1=*x7s^X*8jp}6?o5a0iOLtnkubyh1m8;A*_>j+Vn6i!I$K#X2mbE{J7;e;NFzC#XWj+c5H zT(Nv%vIMF0m9}174bMuvvjVS}ayod>HOh)v8e7lT4?x{wo$Lrf(mEW7>p6!d`B)gu zJ*w6d0|y$2fB)+UF$JxXA`IoEb!a|+x%~F?P>wN!a!?58^SWa-$0%?rSLafpf!v%4n$7QE0a9S{UY|tq)StYBBx=Nd)yA7%AEC#$tqg; z!pK^UV3y`48C~J59qp4aLT`|f=K03@4-}M7}KJiSks|svQq^pkA^g^$*pH+`O^6f%FIB30jCL}zN|MC zl`COnkUy{k{6l3{AoSTTh3X33k%b@c8swKX)$wNZIdv+TT@0^?^X zk=FKn1H?K)b77>F+!^F>@dElF@8j~}F>URtMaAWoE{yau$1j7e3nrlqUh(W%m!wyY zBcY!viC?X5=`!9x-|xfQI%?jGly_?A8qL%WSKojZmNm8Yx1evyBw0$^Mn0`+upX@xxOQif;8azL+Qv9!wUL6I-9NRXOt3e_!lnFMHX` UUS25w2LJ&7|Ai@yA^;=+0M42>2LJ#7 literal 0 HcmV?d00001 diff --git a/assets/rancher-eks-operator/rancher-eks-operator-100.0.0+up1.1.1.tgz b/assets/rancher-eks-operator/rancher-eks-operator-100.0.0+up1.1.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..49aaef41cf593a5e314560e5474aa15e310fa605 GIT binary patch literal 1638 zcmV-s2ATOEiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI?EZ|cYq&)@zOBdQANdNwu?QdxSH(!5izYA=bB^wiVo6fNrk zZ&`b-oi*=K#CNakH3kzWaCtfMdSd>;EVDB^apA?SEOW^lp(Zj7nkekL&6M?TLo~`Moa`o z_3T!*SVR$~A#{w+vD33|gYy6)xnIpZ~0k9|j`~A^qH~tSVE>7|P7&Mh?%w!SzZ7ltW6P8PJhf_gDFGA>a z90zA~Q|*m{QzUGP#RGuGOp!3E;B3Wn!DQGpgt>*WQv`xrtv*}PWmwpJP1WX^MUf~% z7n2XV2u#t{C513ylJFD^-i%uDZ!pOuGf2Jbn}_f2J@eUoiH^PaAM|(dKe{;Of5)Mp zR1PtlBSe@s9h#wat?PC;T6SmdoBZFc(P( zga#%;qFH44At~I#V+`S&-fHDI%cTnuPDF~(v5CTCWHW_FU8M>ga9696QB1)5(Wa0# zz3^Idi<&>vA~h4}{E>Q{UpEsaVg04ESplZeljryL^w&vy@LvULtt7s_9N35d(a3M& zzwe(9PWk^)XeQDqgzEUcQxY3(1wCfmW4Vcy7XK}~MBePrRJBABG%R9<6_tQ(0_UV#H)Z3| zPPs=t7aT7+S9xlFb-;S>xAfc59{k&?Fv0Xou7mdAf6yNechCR9`S}U|$DnQevn-&Lrhce{FWQ~~=oKXmY13)N|S3O05@&@UjY>blZ0Kg2lFLc%&$U?aT zu->HA?5!mhBpZVEhyqwIuzYUBitDyOVcB@Dg;`vw)Zk~cQ8l3|k_EnhQIG08y`+B; z>c%)%sbL~TT`$#b4^5VA=M|RA+WHsDF%MR&<+3iQwwkzJDaYG1Z(+3xUt~3G3aeFf z9k;oZw@M1W2;uLOYh`XV5|+``5~lNwSJrlY|L}18czbvA@1N?Q0Llvo+gPfWP`8P< z)o#nUKTrrgE9Ls;01;J38lIN6ZT;zOHGgQlLP(0uL}hnvGZTtAA_enFK_(f;tsOg8 zGEeY_a$2~x#zJ!0T#JM*;j;iipgyG-!FW+BXeiDJHIM@Ss4->~!zZO@1Tkv#w#2%2 zg}2PaA@tDj`hJc`_BeAltM;<;&UHi9pGK0~;B&1B4OYs>R>jK_HL~a?m5UIJ&T+5x zS}EgN7i?P^DWtS(N{dT_zul2E&Q0ksj@lG*3ZCM9a7G9==PpdDuCRG=Bo=I(Nr_SU z;$nnJZgP#F^xFM5_b)p(n~9z&_Drwvu+sE(xYvrKr;t5Bv#rva+q8;EKd1;p@Q1$N zTxmJux?O<-ux{O)Iyb*5?aBYDvyj=d@Rd2>zWOg1?ACul-#_(#jzWz;k*rg{ooZ<} k{d?v=I4yb0ds}y+6P@TpCwh+l7XSeN|J;VVDF7@00CkEk{{R30 literal 0 HcmV?d00001 diff --git a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up1.0.0.tgz b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up1.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a2d5e9b1d8c2a2ed13a9e41995ed37976eef62c6 GIT binary patch literal 7547 zcmV->9faZ^iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBjbK5wQ@Og5}2oa%2Sv$Z~&>_Xp z2g56k)k4aXh}^g_nV=76hMVB^Is8L&Q{z{%Hcv=^KIn%9AJW9-H(cPP@jJ$Sh-jRB zYmVUlZ5_^DW@#&55=QFq0>2=&^$Hzy`m`QxbLL}U8w?|Zrvw;_| zN!tL~wuqO*c!f9DEDgEuxDZUyaiOf_xR6(Kfn$)RRNOcdLSsQ_jH&tvCxk|l4q5bX zrXSg-1CW#VdP3u{<1D8(XIUDcYIQv%ra4)=osOjIpRz>L_n~Lc*IyRN|0#(wgP&}umc2k=sB zhJXmp8yAN7L!4Q>J3cvE1GgMCsdD3b*5`@=7)xF!$ zJx~rI<*J3JK*A6>Mnm9q6k`Yh@q$zUjbT7Io*YTsCqyW{@|P?QBV50aEQuHiRb>t# z5dyA6^gNGI5?F$5@zGm#RbV!~0(x zfD{wPsbJ|%p&^>&Jb)mhLU|q--k|XaCMZ%GaKJcB7>$K)@a*X5(6Jag*Xaf5A7wpB&hwN_P>eC-^5f#i*+<<_-fW3t-UP|SSbp&F z#)Efb%7G<0|NNS90c1*Oq&k;#kW9jpBOqxoc0hf4F2D4vb0Y7oz@qc4qka|xt=`Qa z?EH0gz-4I~^a)K1{5Rm~!ToE&2ArLO7{Y2t@Z~zxLER8XVP8y>? zu8d(8@OH*Abw?Quu^qDzU5*h3a=6;g!GR+mU8*N6_2JX4YVj{GUOJK{6407)Ddp|? zPip4BQNU|bs0Ri=1!u#osu0m8;0*C>!c~bjL$I={nLe_f;nQ<_J{TzUGx_MCmkba$9HF!p7>SKxh*Xh;mKe^=Dum5*a-Z5zn z(V<+E644+&U`#kj8VPBfq*?4c4uF(*fr!9$3oGOKr%&Kr=%u&!Hh&7Yw=hB>X9@>5 zf)+^r2LZW4Sxkz@(R=);rt?X4qgIcFaeweT=Y3#nG+ z-+}THJEop1wJ(hq&1<);C^aH@+Rv z^dq#~vN4Q9^|uD~r8MOcNYTeIi=rF&EhCZgWdcbOg@ot)19j`FzL0%Lgg6W^AQ?yC zY=X9Npim!Dj6x11MQu=FsH_TUl0O<~_ui|wm$I&0yzm5r$E#6D!da!#A5@3_^VP|f ze@TZBqxrrnJM$VzN@FpE)*re1N8YMc(jTrw`-nHS*;=OwGkh~c34ha$1(Yjn8ssMV zDzwy9TX1{pkRLcxsxpmE5q3!emB z(r76( zR()_A!Qf_1q+zHot4go`+?KSh{lQT7Lu#z;mOUx*Nuw=vuhBejVCQygy)P@XqP39K zA5i|UrvFJepYNiqe2GC<&zdX)=KL3)-9jp;CzM@lSqn! z)}LC?`q0vCY$Wp4His)`kYmJ2O_;c9j|O8QC2>hErzRI%5bO%$6sHugxuZ5S2j-2^ zQrO&ZeHdoj<=H@LRT2cq`NH;HcR$n%hT6;$H$@U+S`K&2;tNCapDundG;N#ORZ5Rg z>}G+mw)`K^IHd7t9W}7b|JUnvYV!Z^u(y~0J1O@vkN={1G|Rq{bsy{znLZV0rqnvuOV?SFfFe_G+&;-=CLFp_keEVa2! z^6-49SDFtk4}WiEHT@r|u;mHH8yyE&qW@1%PY&z*euXbqGU|Gs_Q;sp$};m3p&Ae9-s3Si}4lZ8c$FKbIE>bKzPOP zmOs?ZBafPkBhXqB=JcO$pMAcq>An!VuDn4)H0ex0F{kAcv06Fbd zd#pUtpr35h^3g52o9STLWF-a?fTSa9NL+ATH5}+hlnabq5{4;q{#>1f@H)Q5Q#qh2 z)YKxVY$Qv#NRdpQkA+D5cDvgg+MQkJ(7a^wU^CGM|e>r{L?Gz7m z9BGv*b9d<^MHT|1TJy@t(%aj`!0Y;gjBH}4hv!yEYiorz$`Du;dX%>%sZ$xOg4J{^ z;0j}tOQ3uwpmYcnouo{#fJHvMdwE_wx7;_9y6m515-mWZs9w&wZpVfrMH12&IX_R? z0DY@}5hRx^xI$q+%p->9gH2;9D2ZNSL~brIU~$NOIJWV^l(MjRWpPbJr?^v4%yz=N zaf*D*qObzZ45Wu0ON>}sB%4Zst<09@xls!nc~Klvt9`f599cLc0ydeDIJD+{4wpAIGv+hk)D%f|vd^hI8{%Ap zKKCk0>HmB^**UWC5H_=Sw!y?RvTvGj-8C)ra+Lelkk@4GYnSqn^zP z_Q}3^K^@lFz}wqu)ck7xAIf=#>82-vm-v5}-1x z3rOSuXf<#4BJ+L5*Xp5qun{3?{{8xvitD<2-LTgUd)@F=>joo0z74fdNV9b`0>@~0 zscwu>S3OitFFo)f=GE4JW)-~Q0&rRUU+3^>_WbYu{LfBG?V6EF=+Cz?W!Idmg`?V? z?{7}(?%sTUG`Oy3{kejqBNWTs-qnbJ4YvPp67->E;>2E`x9W$n8n!9wL44mPOBA~u z<#D2|u!!x=pUWfGB{^&J$n3Vl{V>Ts7Vq~`*3$n(d%@Q=1D5Fj&e2T#fA8pMfB(l$ z$|7N(hyH#OGJi!G|Ip*H>$2ATpRkw;w)Q^Ivh$yvUUz2xpYG59?4)cK2U)+ga`yPA zVHFyWynv<1xVq!HE@9s2THl6*aShIET9f&erp2jmbLPDo8luffb=~BB1PkwtzTatC zB>%lJMiZ(oR=86i%k017?(F^F`}-evQx4#q2s!lXN+~_q>Xu{}WHbtCJc5J-S7e0T za}M;a!#qpW5*YXxqXK7WE4xbHUl)`&Eau0=fDNHP+ge{ua2mr6%ToI$MdNew z;I;UF9Lz<`;o=-9o`UVQzVcrRCox71s^h$4c`ktRUP>)oclj&Z3I#eVqFJz1eRj?awdX7BUgbvk8KbPGLCC@x^~&pxRvoy{c7vmOfU0) z*GVp;QESL4vjAI#*P=^Q`vqR-SrkFYf-8yBL@q;Mn6gQ8QiV+hW&!m#90H_P;2!xQd>r$8A|A@ zR5cs1rM=-luYu1qd7|>PG+TgvDU{HEc64-jH{@!&3H?g@X6VYKStgT~2Y*$|6?m_I z(|A_{8k#hEn_Ir>uo%G_Dulu4c5ikHMfAo0w|&X>2@R3 zYIl{+S!rAhNB}R+U+>tz1i9SoZZ>WUB&5~;#r?{~g;3sU)-8~bRu32VD;F0+c_*2< zKtftQT->i*TnOcsMsG$!T0PW9Z-*G(O=dQn447$Wc9EZ_t=_?c=q`)=hNCeHkTZU# z9pWaDyCZJaeE-Wvs4Zg1vh_I$ zpYI6uYEVM|`;9o$xlAyi!y7;njLY46$ao$x(RW>r0olmyA6DBfEi zmF~?E72|B6BCY3d6|@Ht8?+~c3rsb2+E!zazs4Z8ec8AyivJ@?;%*}baM}5f z{NG7;AOE|P(j5P1NBa?Og8izYdG9N6d8G`xzP|Q?DTX?5P|2cTitS46_G8C6vqFM$ zB}+LFD03sK(1To>UXQ6%W+_flniqL$JRJ?7HCsyJkWK7hBkqA?!VFb*%UGwiWJdpR zqbDO{zv$4UJZMQUsi2f`MtCKJX>gN&D!c8^y;rthDm)L~S(`*Egp$S4jqa?(Mq`Oo zjMeUI{6GKo-$G^Pwz_``EQM>8+}B1`WurEsmMY+p#3L-!v5K>jk1J&Gn#aKoIZ@5# z!I=t+n_PE~Olsy3Xbe5LCO6!7o>bycd>t`Pc}06^&Z=a*yi;J2^TdR;$l*|tEk3-` z5iihJ?Y@}}i|MQ2L`mDe-mp+HE&6HyA?5m9Pxt^*4wQEv_rzBBk-j0T}6IN!3th z8`@<-k4|y7YH_b|1<0+1LzV4vcWF0E}d{(3whnUW58Gvw(#brA9TSlV%1hYN`U2eDK*JzU{!xdB2uMUZo z3`yC4F%w0ubfCkfY6PC=;>8>@@~!(a>r>2HXhAg@x}=~w-7S332iceOTS&EKbj%Of zdsfz`3PsEG9ZOQ}OBiR|UL{I3b>RZ#Z?mWdO`hHUedia?&Te1I;5CM>7^i&Ttg&2e z=n9oNhweqvd^0|)j7#3;vVmDniVEKw2%5>-ILJ%p|8n_n<^Eku>X&7S{O@&7>-Ycl zdi(tEyD7H(&pjm4gOd z_wJ6cvfy(MPdXrhRNh4t%oj+GHO!6qxs0dHW<~>Pf{Y6``BEtZPz!JJL7P$cL^av; zL(9H>SyTU;jMeL!0n7CNQRldx|Nr=Kum5*a=IMVhS=Z;=0frftuKgNYU92r^q1GUl z9!ikcpr0eqmjHjyGIb@3EJwry6n}N*S$Dp*QsK(g2Xp};zDApELn{1UO}K{^!Vg%M z>;LkCpADD)OZ0#D@Z_YP|E;&b|7l0X*8gS3|C-h>SzxKQFWb=4WNvH(kaVPO9&OII zOSu#m8#q)8A=BKj53TOgUTXzG!V?U4?AY{!$e)i?R%NpY~Rw zSuTMSmWrp9l%D!NB`b&J0@b}tDCbIdT>{^kZpCI@DVrDdw^=9Zg2MNm+US&C?rP@V z?~jfSi+2mt4A-yfUllrQ(CSbXZC~My4=o)kDissstrB8`fzFRwX4}T$5Ch>u>n*zs z#u#Q1mM>X?D$K`+)|rH|wFba8+sy&Dh~?J6`k-K2o5dBU8e{rPWA;Lt*!gPBJ-zke zl2Wl4u*Tt9Fj!4PRZr*ZG|^r5np1v1Ie#aU(+0S^BES{){F>xR^Lv}`SCKeIz!U;U zpJIPVkzyS{@!|VUM{hdR?;5an9g8b`d7_&U7Ul`re)$G3mxKX(RBuyO^lmT}{+Y#qtun^NXJn zb7c6|OxY$FW*d?37FJfxstNTFCh|6>a)Y%jTlHIOmAiqSWW zsa_+B(?+F9g|7vFeNTI{Q2jNw_vb>-QRJYPo8MJ)+z#r$JJ4(Fy4Oz=OzWW=n_yMB z=w4kT)A2gy40u2iGN2I^6s2ymf95HYsR?K(9Qlnveq%K1c-@mN6G-Tq&`{xf&e++hK@Wc_#8 zJFe&d?;h^&|JY5j*MBA{cWnWfU*Nec@~`T*9F^651?WLEUK zC?AdOAg+73bP*&Sp|JeP>(a(JinmCbW`FD#NiYf83Iro@Sa&>HcV^AwFx!=`V=3pl z-M6-H{tz4|ABM(@@H!6hqjr642gn&e@9gf;axkCG0kiqc&Dw+CFom`}_G|5Ye36Wj z1N?)eGsr&zXCnvqV{kMzKVE=)+p}g4+G<>ks z9IQ2Vhtqvc9X~YLzL~P}{GYIx3bxTc;F9^@?VQxlfA>zi`}x0<(lr0y=%H?&|Ar4% z+7PTYxZ*+MdOFAr&l%U7x%>WM69rZfeLFokJB#(2+m3UjZw2XxX4-w(mwnlneYtb_ R-v9sr|Nm_oiIxEH007?}@reKc literal 0 HcmV?d00001 diff --git a/assets/rancher-gatekeeper/rancher-gatekeeper-100.0.0+up3.5.1.tgz b/assets/rancher-gatekeeper/rancher-gatekeeper-100.0.0+up3.5.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2cf8f42ac6152486b7cf163af5eb43556a95190e GIT binary patch literal 9393 zcmV;iBu?8OiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDJbKADEXn%eDEB4B#(>T|pB!4BV)Q4@wNp6MdG!_9YcCo(F=?&G z!~kNN=GU#c8D~=(q4393K7f#=BRUQ$z=4VyB^81>gQf?5cItWMaXF;^|wC`iNd7okViv>bx}(r zBLdsCdYlS@QgmZBW}@q|Y&!NX@#c#0NDMq5R3jE^(2aOL2n=&h<&8I&VS?p6L=E7U zhzDaTy=lRTeyomR@z=*^Gy^y6saza!2J7uxaATMb` zj!8JdqE18wxrp(164QuCnvVYyFD8s#7Wva=##@>o%jFvkSsG~^F;x(r zV~i4CXUMJUvHm<2R)=>R#p-7|Pg|kYqf7X+PNQ1-tfBmdCM?;{$jxdd1`!N1+5_#{uc`V_xg8owVxfsAl{p*+IBR{pUJ%9-l@)gP}#>-I(ka5ZsV#hHN;+57J#^mq|^&N65X-E{e$Y?}U zDsK#LHRX~X)jleSI6}@bdY*Hdj^Bh6jPjVK;}_$Um7hfX`X%1DRz@HuO52%fH&YzImdUDaTnUJG?>&H&MOgL*d~5(LZA191 zr$wpsbx*3{Q=%Sbxo)MG*bfONdIBBvcTcHj=I|dmirFg78oLLFr_{)$H4iv7sK2jX z$f66q3Tc~(00~Wxri8{ybPk~JjbnB}V!LdSv6Y^tW1bsnaE@atq-vnk@c^t09az*B z3)z~8709Pltu{V>F4S1`&z#1Rs(JIZwfNmri~T1t$zmc=bU#cm&X9{hX7@1#m)L*1 zhy8xT{(G|5-`&`M50Si&AG?pelk1G65y%OGlBmE&`ft6;3cSbN&!4@IAAN{$L{o&0 zqYqT^4)|38t%C#OLsF6og5S-0LX~_yMb2r2@JSgyX$XgV`cIm?$wwo44IRG%hH0e# zHYgr*Bocv?ZH)3bzJWh-5^MhgkSx>42i||8fv(F-)rKNOzy*dR7YKqS2)~s=&yYN# z7)JsKMd{P=LCLu!S-#gIx(7D5`I*Qbok0Pq<0}?A^(%>x2=vPBJNmvRj zMX`{K(&%m-t7R_OJjwoxBymgrCrD`;VJhJ%I4I9zUtwW1{s%ioKX9w_TM;ofL*Y+r zwG~=e(e2y`Ky9dY77w?tB>xxce-g*+3L|YO-NPTWO#kma*{$pU-QM0|Z=?SoBDr4U zlJRwycX!&qKuP-EB~7CN9G8xtx3;{Opd=BIMA_BGg?jl^xP!-2`cfO}JhE20{h*Te zE#jT($CEk5_@6;AVQlU+-!83R_W-KzQi9rFZ;zyvdd-vfz{BO`DpMjcx zQe06vc~rT8v~y}lL)muQN|^+b-aIPX+;%b(F;*xDBex%QDzg6mqI5$tqa3|G#(8)c^a3`%gCd{~?mA{|!qU>i&#HZ!F7=bHAqT z8{q>0EBWs2v_9i(L}S!jBLn#9@lVBOiG@Y7Yydxf{8$<$EuMz}K7am6m)7g3Ta>Tc zIL444K<5TUN9RwFQ%S~XK$a`ZH^vcIg0buWMk&2sGewL+)SODCMWp-UjMFKNaf~M- zBynxS3ScCD8~tDEDEd1k-{FV0A~tJ2(~Ftv+`p*I}TFwUd78zezh>-HSH z3lCT2;);A+g_F17m%Y9WXW@A6bDb{KfVTsMcRotat`Vxh&x2)ajbHg*6 z@C?o)&JsT);RI)}E~7ZxYlf3Nz4QhBbGBv~X4zg-OEX_78=s}|%}n)L*l804CRAED zsDm%v>W#R}X5DgBKdTSwdY+I(=Ay|c$%KrMb7x{D2}vV&AQZ8QKHlI>Ge$ny^nE@qvqB^!+@`6>PlxsP6nj}3`%u07o)o)Gq1g} zmUKVPmipx4}Sjn z=Vp#|zO`4=E;}8ISy)nT9BEUu22O6(Q{_}CLbVsE*J|q6((M|y7Hhg(UAx8G0k(v~ z&QLc~rm8M#ivHESwZBRdc|ub?9Dd~_#53enJHyRcgu|kz-2mI=6gs7w1b&V6->U2X z%2f2N)LPvcuw?!JWPh*MSpOe9+27l&{~scKKkNV55xCd`;GQP9k&}n@94IUJ+0*^~y`}5T!eJ2ULy8TL zfjPO@zE&qi{#<)grBOfu=0a_-qYDK}^7-5fs}ram$0C-yvN4gI;NKAje7 z%-8$SW&P%Po(5hv+h-Z^FH8~Lx{JRPrd-XVjbmVGdmG2VdK?3;c@5d~j3p^q2FmmjsmN8<2z1&G)wZ$omZ~*(euFx@sXUMJ#N?*hO+UxR%O84;p zWGsrP;JLm~=pv8CIL8sRH2!zL8UOL*@L&`F`ygqR_}}Lxm;b4`{8tMITZ0p)eszH( zzO(3}MKrp_H!hz0x_G|!9Q&5j%JSddFQSit_=V;BN6sW!8Va~f{`dQPP5=LX|8OJ! zA0oBJ|DId+{$Iu3znrvpNBXS={e%=JTvheDsCO@-vQj-{S!3bQekqgRcC(VMZLHZd z*XA$G=h|gU{+$;M{)!u{UwbHT(jC&O^1m?pIg7ElbV~ibN*wqS`MMx)% z+_~ZLJT~{ll8jbI-+X(#vF2`K_muA6- zxsWU=KI-dI^hGbC-l%3CngetCV$F6`GJDCh4|x_973SdAc6D+Ke!A2*hE2B&{A}UN zOsj2e*}&V`3mlel{|k^_?3aBL$QTEM)AlP;p6G0GLpCsM9zLhoU{Wqx_+hyDEl@w_ zdX?6JXopZ)<(o#XJEAFx>7U3Oc(x$7d;;AIll#rxa*y2ZG`c!)>8PzPFD@O*Mxx~9 zZK(|csv5RJt^Akg`MtesfazMpg_`+rr#-=<~$pI-C*kKMh!-X{L@ zLDDVl|Bc~4*YID}Q#5aZpf4zH2u%~JHCH-j?Q*>hlG*y)2-;1mr@P4i3z|ks^E+-J z`{{1`zrB9*{--AgoBJOhCf(it^H0O_zuNXd%S7pUCFRD3wv$&B4X(#@%O3=6t41as-Sw) z<$shifF;_XX?e9iY+OX)`tbbZ<%v@h)5vDsL#sG(y-S{6R(O1e15!(r*-`lmq4DA| z8BQ>~^v#g*%_D9z(I^W>N~iM$t%kBc#1~=n7cw+9>6=We`hQ!_$oghad3hkn68o=r zxZAw{|DeCWiT{3(H0S<*{es54hhEx_ch5YjK6?YwzENg>0V}WVK>0W7Y`x3;ry&;q zuI2rwgM;Szzx{*V@7@3RouozYfBe-JXS3$#?aux+EP7EQ_Fwfr}Bm6 zj*SXn}|8}@R%t-W45|cDkrLAzSeXE&%i>fs)u&Vti?;i5)?K#C=L*~)S+66@Q zQ|g=RA;0}&=nLh4IsE;M3F*^RND{}lehGMq{69F@ZN~rZ?jCI7zaAvbywfe@3(ICL z@k>c(9TZX13wWUx(UrUJ|FDae=YSm{YeGn?y8-=Tjs8DR!OUD8+L>USs5X`4=?uV~ zRkH>BE2QIz>T=Ej!08*c-y zcB`WUbmqcN(`UA~8ef}zr+Zg4J}kZV)D&Cnv3`~^Utl~kW{rtDa%=lOn2cR3TY=~1^w=ljVWPx;IxoDDa(b8N-rnnNn) z@A6cN`B@xSX*t2TWLn;l`E3D_n=w!u1M7`{oYR+8B&3$x?Xi%zVNJ~e&^~HD!5=x3 zy6eBoos)&@zv97YGemE_?km!=_>cW3P5)o-@Njeg*MlTi+|4<8-?$L+xIA|M)|PJ( ze3wr}eejeEkFdBO%QgQ~S3noD|F@^&+`=$d9oqaVUZAS61#iL$CIm)|gPb4?Gr~!N z61f&9#V zpUO5e5?+!qwhW!J$Qb1Z%Zf)8e|Ml*oovH1NW>UEI*6xCLRB`f)tv&W!r)m6qs;ky zzjiIy1x-5*lrK5H``AguxHC}Icc2rYBs3PC0etM}{!GUoOsA+K=ELXD?`sWboK0zj zk!t;;E)1W5rdcinuERD0GoXU-l>b%8HUpI`usj_si3+Yo;_1@-^tyA zi0N6N!(D)mYI7W@(3$#jD2#T1arKF$fJr8AW(7srSPja*Ju58vYSwZ5pqqTuT4l%d z(e@GsYsn9P|8c5V`VWX08hizjRE%y4T9h=w>w@i}_e!=if#wPqhq-XegZwfwIW#%(0pnhT-oLqLo# z0A=4}I(A+<36zO$gD0JmbOaM3e#4uh=|_^i(K-r(ZCmbtHL$A{kvw->R_pb7zYJD? z`>+Fl!)q#}P@~zxtYP#B|0s)S(rTELCQqkW&cN~ca{+{7VHpK*rX34l1+8Afgp6|( z8Pm=sRmE&{f$^{uMOB`hP+>9yJsFph=luBE0%()IYHHE{!35*P>^-cfjb-tl2mQwR zpZ-CAcN72lAZZKEh?K}v0g{2?I$TXKg^QfVTJqS1xd^;1c&j9h$TJ-j1Y&}54C9zx zn8gK6$2-7Lt&XOsWAUBuB#pc+NO5eAlRnBgj_5T;a7E<={%tz|{mws2bxnm5WXK_= zDF$Bf{LP0ql5zC5;Fu)|OX2t9HxN-SykJaaSO4E0@dz&dAPt<0V=rsm8R&=iJNDCyPc(9_jV zSwu%vL-?28(TS?<8->y^BvQuc40YcGHw>K`BgWxBFiv0(LY8DiQf-jlSoh{Bn_>hZ zkA#89BQaD`NXKRrh0Zb2#Z-2&bROz`GNGhkujF@tQiO=V~YBH-Li zVwjLLicvUQrdtJ(CxAeQ@cg%lQE`J zspm<45m4rwD(LEwDI9QiD}Oi~dftaOi14n=d;h2aUTjB4EEM{O{@({xsJm@Oyb0xj zh=sYn%tHGwK4_|JY*0a`L)Dh)fMN}%?UI@K=g1Ti>la4tHJXw4H<-Bf{j{a_yYrKm zCr58i^n1GRodQm`cuh_Fdhf zBo+*~mb1dFw{5fnu#wq9oK+N1ZT#!T)exbnsjZja#y}piIA&L(P$d6EA>oXZP|{GD z(cWwQm>%>80NxP@nq)D;6}eG5CAaiatzq)C;O~fXAvNN>^v9YZY6xZ=#+r>hfZC|G z z4M_?#(F0I1&zwzAWs;zUO-`?@#2kkO?V?08VP?|&<5@LpT84@pf_E2SP5Hg6#`4}A zsUTTKL(!e?ewglA`YB7TXs{Eu{5&fol#n>l56&y{URC4oZ801SBlL^?L_h5n-+(}A zSn8<1QB1}#yv6hNLuHCG9wArsnQDgpWudDHa;yY|n%0(~80{E26h#J;;o>;Zq1}1a z#L=~`U)=um1vmO>?2{=m6-WEVmxt$_*tnoJnvKW z3sy*<;5i!cpt!%rqyU>ES8IUfeS(31i*(E4Uk9+FYJ~$KZkHZKk==ryJ5Ciua7U?F zg;zt#a~!ULRj`DrnP7GJ1TWM#qik(7xT4NZ#~O{d!vuygO|e_V<6r9Mn&_W*p>rjw zBpEx68>-xIYe}DA*bjDl!M?vA^n!zX@oXikoOu3{D)-yEsCqGa#pD@BfvJ2Ls;Yw~ z6;;Kzby4;1{aR*~p-R6F`689brzBq9xYE!gj(_BshBsz@T}@~>F>sWw=%s$4_jBfaqsBP25CxIK@mb+M|V>XgWE@*7Pfy-%`; zDqTQdVdPL?*DIGajf4)q)y`67!74@UJX=@9fqT< z66YeUl`&Z}uNK^SyMU^sEVGJ0SOJrDQYz!tcTnp(DQ+5QB zZ~_sgcQ<&y097w>ic9T4+xRI>waFB-F~lp^TLJL!#j9UluWji#yXIKfxRUI&G~VqC zsB6Gv&C8M5Rqw*a&2nVL;bdvT&IsT_x(&$oUV(XSRUh%4^q87)JLB729 zLcqs4=a|Y8?6f#>HJt7R2SI;z(&{5{g|*-(c%x0d8z8AUdZY}&=2ZxHqH4WM$I4J$ zsqwdt>s?1!qLAHKEy_e`L6vtPSgx)F*uWS-ACAxdwF3wJ-BY?#w4lECdWp{2Jvcn2 z%cyd%Zdj2jRi(U0sTh5Vq>M!%!U;yX-Ws_@`UJx{w?*8ZfqFSI(l3dxHtij%%6jXf z>f`4%jzG!c)lE@rvpZGRLeu)^Rdp}csks&_$T(%3%A4bu2%!&`JB^>&ObAu3Hj(TW zZ2`t^VXfr6cd4@BD|R*Mhn(uYn7fU@S*j*X$X6(@7@t`M7B;(>t){qkfe>L9vm4`( zSpcYos`WcB7V)Rv_&i=2OV;7oEiqX$uMAZyc5B5eL&d%L)1YdtyyBR}G$gC3PAdcR zI@s zMb{g5-O{ZiQIjOuEq(5vVAx-$vwij=;f0N_JOah7EZw#9D!K?}byh;tqbZ@Wb|^Ke zs(93*dkwE9M4HpjLKgA2B{(vY$n`niDGjYNOYv%*(xP^S>Cy_tT`aIt@mpX5!}8A5 z`%>pp)wn2iUgL^aFV57c<0!P7{iRc}fOZ$E*63&Vwzl9{4I_GyYfr3+`WBw2qo|xP z87g$7jE%O&sM^wTCzG0Pp&E^JghIz+p;rZHhsxNG=@bRzX@nexVG?!qff611Lq|8m z0Nyf4$R$Fe%UJ)d{1DRPgqcR7E#U6R}r;Ob;k=YYWwfq|z%q)Fk7{GtAoO?x7ypB2(6Ltl8R&0|Di_#y2 z)c3Rv8^DVg`HZuKNsK%zq&Q;|h9(r&tz+WIuBF}?08%#^>~TQ>VJ?Gv96V`>|0Y@H zb0krMYl;D1cK^@bLBDzaYj3Z=iT{3xv{fD+sGsYwf}xZN7epxYdo(Kc5zF%+@9Gt+ zureD&7P4eE!pw~;lN_;|5GBBEK)92;ZKFLs@0XVFGP54ID%Rc#FYB(~0gfZHzGFFu zcM%Jnh&MaxHEueb&3@=kcZ2ILrd^g1J0%o`+kuHDtR18CstG0BU;&%N}bz9x$HXWyW8PgEEBn(jqpX73q>i_@QEus1qRMFk4+ARy% zrnVJBojqqQH)$%7hnPvBcd9E?3#Xis0?u zF5wt59$}<7T5Vlv!m6|UP#osJJ(*QlfM1?kGE|p0#OhIdeEu9B4QH6iZva=+KKBXU_a277kq-B;J^}1V(sOUbx?e zHH6xraKgdsJ$j#xwEgEq{pcQSwAj{dEW>)(jSZG6qB%krXvrTjVR;$I rndgN3YZf~~zs#_w*}liKxtp{}o3u$^GX4Jm00960uvx6W0Q3L=Ci|8u literal 0 HcmV?d00001 diff --git a/assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.0+up3.5.1.tgz b/assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.0+up3.5.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6eeec5e959985866dba9bb9fe19502e74db2ab5f GIT binary patch literal 5724 zcmV-i7NhAOiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$bK5wQ^I5;5OS4zLo3kE%#apVn4<0)+rQ5`D*~wIG&23E} zvL#^+0vrIeqsivKUjZN~lHyB#$jL16B{7IcqtV^y7a&Qvw?sKu5RJEpAhKFBHs$EE#CntDQoxLYx2zLqsvJ)lmp-*&E5ka8EPDaf>CeP zpMb4Yk>?@$==W5Jo|!b^0S7=96Q(p`!<6h=Yu5{q%xeFS@{W3V=6NFG`m$oCfN-*~ z=9uf_MUv{(x!@W<>Ghm4;%Dko@M|IT1dMr>|MWqjv=+=buJ;7jgmRP_zz6Yq-Rg{p zQ0X@Sr;ZsA6P(qYAVc`_#VjTk{Qs^s* z3c1d-^F$C3?oTpR0~pOH&uEG355~4z_K3w{;Nr@aS*LGKA9ieu1SOB9LgiFYb8GP8c8B7<_O&uhen#6aBPU`{z< z^beGs@c8lshO2gZ~sv#9?3+|jnN~63M4BN_v*x+b3($dBt3WV*V76_2W~YQipKPI+w&vkKIMyN z+$F*A8t0~Mf~Xo8djOjh)C`e|X8%M_TWWCqZ*qoit3|arm5RttQCgU9J9Ivk|Duv6 z9953)4rZuH0`iscZ(@>kCc#TXoj58&N$)7b1^N@16Q&FW5XQv)Rr2Ar@(3d?Z6j&1 z6iQ#Bz8CT~Upc)x&sSVcFV+=nPlW~12$c!!y^WN<&bT-BdH@RFP#%5CwXJ?~P2knZ$h^jY*m^~_tIVqAY4q2@rhQb zqXpFose2*_B2M*cWT}?UA}ypE`FMwHr08Nmq_?CRJsn9Lk&q57u-s8p;D4Vw2KI8u zbBW_hOJk3(t1X??VA+tI%e8e~-740|G*t#4*ROBhr=A6eaEIGATCbH*jbx%YQpsdt|JcpfZSr= zFq6aua+IdICwv4lH_Zd#)A`B~mmv_!aBl-NsxjDD$R@hn%D_jBGO*~nH)`b1zx++P zAuRe5sho%aix5j|KQl2?KqP`8IqNDwe^@eYHFjNDWX$%>Qn?yeDhO+{36YYlN?TZR zeYxqgC(cViP{D0YU72tfZ8jmRfhZu_TQ)G$Thj&LfbNnbEo`<0}hmg^Nj95vqWkY1Ci`*W+c3zlM zWWI6+qwQpP+%e$DwaAR31>7&Gx6BKId&-#Giy=(s5JXJVkQGOXhcM#7$ZdN|Z65?@ zD-awVA(#V{+a#@28CoBe_GSv@PD3jbE6_r;06;!aQC0Gy@oE|)F4ox2uBP$wazHAW zArnRziy`d&uxAwl#^RWAQ~O-q?-9xsh&z-<6GY2{ zDRm6ty(5;0*$0+CCs0e8FKIag(u|Ap=RRw6Jqxrxo#13)mnha_x=WZmy`d!UT7c2J3 z7b`5|3_KN^EBip;7FW))F$Pm;bhV_hL~93G{=UVPZ4{e1HSo0&W~SWYs=h&CsRn{r zkhwLR3Ja%|Kglxf{W^y zs*GJHWU?-6;k$v{5XpJM1s_;JQaVPA4k2^cs2MIE%HA|}Uz`Vl5f6RvBMY>(iHXJq z^&mjGK(GP)CM35wLblqAb|)JojPKV?JuviF`#nKxUwYsetpnr?2{{9BF_ouw?1oj4fr_$XjsD1mb|FC1IrFK%; zAPw+$DoR>96{S;AIu+$<7Tl>Qor=-`PN$-DDoQIAPuP<>{KR(8#n~{Tu854 zhjvJw3Bi!?@)4vIWruac>Z@_^+6kkTsv*HKxo4**Q_GO?uY3`t26sX3z;aB$;Nz`UL+@Y zWP|8FYV%QtuqT?k0Ox~6yOcW_g=y;9y*cV0iiU&*e|AYoHHV6OW^!WYe|20toq=%uz)4}gFrMbyN`oow zv{C6$nbCul7ScY?v95_`xvP?}mhbTS>$#EKm0gzh`Tt2C<@Wag8uI@SkB*A@|EC8> z-TU7=DSwXq{{)0*y9e+#p1^)6-UmoNR@@5+vVDv912P|Xc~2k#x%R$50$X=)pu0EF z-5aP?;ac4rNSLne{ehg&spmiFvZcFh=`LHk%a(o-aJp>iE)}Vybg4)cOYKsTx>Tet z6{)gxsYqQa($|=Z)TtPTrX=O>eEr*c>r_8i zxsl=*&+i0Mn%kHDI$xaAm!`M)&z08az^h2-i-GL&__{p4E|0HPb!o`sb6nP(zjvPf zbYnq0*?TS|1vp|vYE*YS%uy)n50ZZC0D<)Vo;X>w-8DWjgX9VyoW-d&w-??P?kGgz#D>8ZT5@)m3! z8V?xcuIz~4dYtFEh-~9w)UU9g8z^nvbxQ&>j8?UIxjEm&k?72k=sFMKN1>O{j}*$j zRYv;ujOwRxur%xTdFacJf?D#*yJndZwucMnCg;|>t239WY#&^3%ep}uQu%ns*hlM` zF}?5(HlF$tZShH*WNqyKmi`~5 zC81o0!gmYb${Ez)|2a80Im-Kgj>bph?*8Xa%AdghQ>0B)L-(J0Z%}EQa&J&PLq3$2 za}5<+l=+D^;oS5Z729m(LUO+W3lH}o6<1O1PTE{c=UnQXOPzD+(Kp1D{k9C4BgSJW^MUyS#3BNL5 zp;5iAzFgdLfQE#LhW>R)5(B%k(ht>n6AyIim1RlPfZir0pgtL(E)AeA0ico?TO`Ll zQ_TLQRo$+Xlg~US)1%{Y(f%8scEA6-lk(@W{}S3%!}b4a4Zx~q zwKm}UxKpJGm^7%d0Mm&p?LWPqWjC(^ZNlGZ`=zVsEWgh3>ny(-MX60%L4o^Pr5Kcn zqsTbr7kd< zly>;6JQN-XnJbTaslVl1E$p_^kDAB@mc5_<;2ar7XD^r)BXLpki{UMYcgT2P_oqwx z-pV7EO2+LRVp|HwM?E|K<7(|W-xfX~3KSxT*~(}!l>79K`VnCn4f+8@`gHei&aI2? z{Q9D$11rAQ8xm>0?t>?SkTUyU)LwPgKsy0e=gV@XrEqTYYi%{yZZ8E@c)gO(FM4Mv zM>+%|PJfROsBaXmIYpV;6QS_kvjX>0XiT$FO0TQI*LMr20f~>kjai2K*jc`f)B3Ug zyE$R1)uo%~2uF4nX=jmk7HKn@JBzfrA9NOJreSB1b{1(C&dwt3EYi**-F8K;bQWo6 zk#-hoX_x1)NV``co~Ar3|6{v*08RP-$A^XYAC3;k$46cM$1cjBFaP8D?*SwlQuBR) zjg~F4LfYI9*l7DA_XIXp*V;qZ-5cn9b)B#78SV{iu;c@czisakJT52x`7OCFH-6*8 zPIBW5Z*V@t3!481+4qp9sy1KJ`7ph3;@J%5>{$2AY;5pOFVe^8Dfd`p@0Wb|FuhPi zfFIE#kwUmf@CDz~@b2=>-@(+_7W-}=;#bERb*G0V=Dc zVQyr3R8em|NM&qo0PI>(Z`(Ey&a;07(bvI_)FtuYx6}=apj&3tTlah>FEVF}B*>E+ zci4X)DA`VGOR{XsE;{610+ZBt$K!p+(DJcj9t51xLLFr0U{W ziJ~aFxw^{#Mp3l+H@d!ldl6s7aeURk>EB#mMDcaMe|5p4qct~>%oDha=xAM=oBKfo zv^E4JjrM~MV;l&SNqQWJ6!xUKnv zq(~ruAS98EoWj@?Roe5@OSgQkYmJh8F<>)9+hMGrR5C-ZGEeBZ(T_6my<~>Zr0;l( zJm4kHWHw*^VzK~P>MLyh@bPX~;0<%Ue9EfKfhtj!&-$rx^zaPS&DZe`W1bs}1NN}W zVIquWlhuxv>pcNwe!%|ux5L;RloYueib-Qp-;VA-|2*bXOraQL%(}okk}HfHXSvmt zl&uM}+`_F8YhOQ$&Xj_Q!T}38d1JB)F+VQjl>}cF#s_B3**bZws)tq>u3&;{%SsR;FET)l zY6!W*OEo@fU~7pBR(WO16iJw#+dgm(78~XziPXush~##TCk3eqHE521NiEEmwqWxj zCZoLYK=Dw}p}m5JuQEj`0V>XG7w86b)q)1}Eu@yjg$U`bf<;xHXjffj;5SrL6_{*Y zfoxsm?9gLW=0hwhiKpd5pcKAMpr;!nUXtXC6n0_+n>&jQ8#^9AfJumNgv;$w`!GqcW*2y^#e)A!u zwfE|xh94Cw?zFI`;!Nu!=Np(n%)R?ms~*Bh+k%xxW1R_O_wUN02IW_#1i;NlP#Lb_)Jfd)pXV|Bt{te*TqjvAg^hnoksc mXcRA$donKUxET4~ACF(gC;$MfaHz=u literal 0 HcmV?d00001 diff --git a/assets/rancher-gke-operator/rancher-gke-operator-100.0.0+up1.1.1.tgz b/assets/rancher-gke-operator/rancher-gke-operator-100.0.0+up1.1.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..1b0876bdb7acd14f0ab45260a274e2521cfec674 GIT binary patch literal 1638 zcmV-s2ATOEiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI?EZ`-;N&)@nK2M>dRwHGfXXV5Qq&ot7=j&i^-LQ~TbZQ}fisamwEmhYIb{)QH=e2x;t5io zYlDhPF=ny$;t8&CPlHw=OJ__`X(mMo-M_qpzBlxIm+&kh-S%0?k!W-aYuX*!I!#lV zVF)P^B*qklaY)8KEj3U34#~3mYv2W5;6$jYVwow2&fo*`6lei$7)u4E3kr57V)*^< zzd_{!?If~TSz=74!(K0DCdo%0mFd#pUSqM(*r8>vDC*F0ca~QBGVp!R_xwNQnKkCE zf%1P!t?_?Kc#itj4uCE3-|r8HoAG}z>>uL)J}BmLM0gSUZ7h9{W0G@ojWN?k%|hsO z94DUOWwkd7PL`4wiw6LOnbge4g0mIR1(P9h2vZAVrw9aBN{}VqKFlt zi||`j1g7ZxOouQgT;m}ayc)IQ-(Z??Vo>)kE^mLk@yvty9vxfpf85`||M2vX|Luo9 z%N!CiMTjuta)uF@1mW85iZU&zpIGIPYc=i6o?*I0k)tX6;`di4C(p8h#$3;wG>tt7{nmjm1IKOFi^ z{P+En{vrS03r(1aLa2`4YssO@NKe z|H*!h$~l(pCKpJ?epfQjbO>L%-LF+qv1}Z`m##*t(CF%?DXLL99HZ&}3SG{0`AHQL zgT>Q5F*GT;H-tA@I&GRBb%D0%%(LkAb@sF&CV!;5()IP#quB2FA2AUz5x*b|Y{UOx zuu=c_`~Jxx|KAJkjP^%?;;(i;w1k1(1xOi_H#bCQ#K&b>Z2IAxpLc3-fvHg=fk#4;G90d{tPjnz>#n$6GaVVX+9GWi=#*#iF^6 ztDN&I$r+u6@VD`WG*=2WmQmIcis{NbOZz_D-d^2ZU0?p|bNv%QdGTNyOw|(VcJaE} zbs0B13eitWxwzaxMAeyw$0crCpL$)*9~zqn(qdETvdgxb3B?>Hz}!p7IH9<nhHJOM=UNjQtU4cA70*jlNTN%@XCWAs<5ugH zl*Y9#ShqBis72S57MBM9x*=(lo6=zvl_}&DJjMHc8N4v;GT$(?kDfFVy%G$ujlZsFpU< kzbF2K(^68swRHzN(18wgpr`1+0RRC1|8<*Gu>dRp08N}UUjP6A literal 0 HcmV?d00001 diff --git a/assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz b/assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..31f26c8d4d0de287fe3ab2fdcfb3cf72fc95bfff GIT binary patch literal 28619 zcmV)aK&rnViwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJciT4dD2{*r)~mqExf{FJq$EEjtNmnu>)KB0UlYgIcG|lq zx7UV9NJ32#TmY2g#JR8id+V!2p;U%nSw;CczX@Z$jZ1Ca`xf zg_QfZFpmD~!JdA<-{0HWk^k@a`{n-+cDHx_Yp~OQF&OmwFLqx1SAVdxHQ4zt(0@1- znxBkuNdK$9a$Duj{Xrg>B!okbNy3I500PKiL?(U!IggN!NpFh75G6y<nlE!~%*_E?-?t5r_~BaWVm%kO+(k1^>`5J#R2m>QzB5Aa-OnbucuM*6T~|>5Y3n`6yEp~ z%%|BXV~7SM;V9vLKw?wJ{y&C{Bic)|QG|mYjwii{OvojtFkvaADB+ho{r)FEO(vb| zY=mql|L?$m>G!>UCx$rT5GRPTVaEd~hBz96&oG%XjHdsbh~J{=4giXh=2KpnMpy zTT0wkaP&`3DB~!(fe}a450Nci_|U1JABAoZTz?ZKI&+`-oczg>| z5&}m!s*h)AobztMWod#qVnPUoBw)ROBmqh}>!l>Z!EG-kp~p~=QOs{W{ca7WDWox> z4+xT>ARux2kPvTKz#|Dz(p$ISn}R-!(kb+d;9(Sz8x)>WGR6@)5u-N*&qESiBiakq zY}%w*BE+Wo{d{rox`qRO2+H6UI78wb-U#uyZ{OL)x^m%>&5 z{{k^S?5qJ$&@Kf)fUcPjWB8dQ@PQ%j1mrnOz*7C;cNo?7$;{=gYp&p7MffvL)M+jVrIUeu`pigN8aU%F)h#AeK zzC6mp3F1CWQE(-x8WV~{RXT?UamcP&k7kMIs8WJ6jqxO-$V2pdD3VCby$@*!xt!W!7lIf&rDP+g0_0D8&}E#^>#o1}%zprIq9`Ry>_2bqrlA*ON(n`w(UKBMJ#=!`I7$%v7p_pHmcp$#jTI7%DR(%vB(CKi*_-hJdB-T)Y>uRy0Mgw#!12BS|$$z?r z_TAaQANc*Qsdd^!c>s(UKM))4PkKerEZJu#Bsn95+xGSA4-8Sc!|QiCHI-|tIu&|UlIn7BVwk=Yg4h-6T7V$RnHQK+dIVxo_*5-Fgh;CqWpldVR_f)II-NDJpQh2RQiebTM<`-|6A+L%CW(IGE5zQ)A5yvq zCbZ8Oo+JQ*Q;LZki3l<#rmO&vl8^yB1`P4e8c54UhMi7GZW1984k4S42&5r9UWls% z8I9!JW%AFQtGsyO_ZMU<)wb2Tn&~|bN@lMqiPb99&>Y=QQ{a?@z}X*(ev+`fVKN03 z^;8*`k|_yK3FV5}8cr!H9p=gxEHnaZS~&WY5{4u{(=dS6M#W%^5P(5|7!#XBN@74V z&Ty#8YuNzS-x3&p4jTUcfE&!Gnt$5*T9-aP%`1a*#AP9i%x#LK z6;Qksf>fX#W4I%=sJCd84X(A@d8Ys>c z=WS_vb=ClxAxd$Gm{{yeeV!7=_ah7$Vn*>W3pLkwpUVoY;}mxIKTe0BJMg#sZGWe$ z8NMhfiEGpdp-6P&TiKo%ZK13s6N(tC*{_KzuL%V|+I0s0@d^z5!Ao#UGQg%Ji$be& z37j=7FIVEh3`6;8j8PPt0+!LsHpB*_UZWaCWYXK}Z}ofqonC*dhhrhCkRS&0IPv%t zd8SR6Vh<-?4!{$b_SQ6hLLQ3ZfoR$zV-F^#szjoU*$^ZXoP3hsev%el5WqyNa*pCO z5{s*LIg9eePH4!!Y&i#8EyyG0!9Z%&##2;e4r-Zol#U4b^g^&p%m7KETe;G&Uo!9y zF+zXS#V_RSJEdrhKZ$x`+?mqVJhjd|^a;jkg#3sEP+6I8 zE1>|R;>zCp;6kii%*2`=XA!uWq67$yRIGZ%5-q8~2nt4N7_@J!EkZMKXSD9`cY5xQ zU~r9+FrUgAfaaGh@+b;1MFB6DP-`+{$jgz?dk0#jTTRmyQnq81zc6-#TI@6naemw4 zhWRU2mYb72p?7Q5e^?wqk4Hw&%ZFJ5t{>}8QD<2LAi^=`#?BO^nbg-~^;4NXhG4Mu z@*NhhDEfDX*kZ+n=sqDKGCHInx-<_2|aF`keWvRQwtTL3y;S*!Tk1NQBXkS22=FCw+3}H z5-pf;?3p(LG4uB@-v}Kim|Nu}M_1YT#U|QV^6j=t2&bY>!}6scBbZ2yO`3%P3`6Dc z1u)}NlyGgM(yEatXN6o!!cGb95ZrYN`QhChlAi^l&9u8lX-l+9v->O<3p_5nt{r>FD<;niLqkou> z(xK{wB!)P7^_>Mo$Tdb~Kw`W-7=}VLywVD-bbk8%p-?GJxh!RzA{cuajZC@0)(cs3 zFqAr}QAW&4EE3JTK_hFhv;&#zu5!qKB2gA22KW?mBj=0=6p+}CV7e|!;GUO5FHlt_0+uKnkwKRf;eW&?LI7AuF+8Y5U07^YMIW0dgY68 zLg55CI*Hbvh2|l5T<=JTtUNzMF#MTfj@~DM0Ko8PBv|qrtUNFkU1f|D7~#({nn8gm zb}F3(V!d$1WVM$`aoD%6VzQQ7KDtWvG(Jj6x?#s|T3m8tCMS^Y_omYQCF_t{ha6a; zI;zT2WEqM8oOnvWh>}_>6u`%X#!&TMZdGvdPRSwJzY2*Z+@jz6QfLZoUX8B3i}ZM+c8ce*T# z0U4V%l@Jy$U=+Cv4<|rzN(Dpfkjyk9cc?B5ON5}jet1C zX<;E##1IFN1I8icnRbR=xZ@)B<@wG~Zq2E-A8Tk>VDoh?>L8vC?MK<@TIKv5{9 zHjJ23=fx~hJkpIqP^=iNGbAQ|L~b@Z(zT$>w(`%;n)?4KWbB5}a0nQuB$=f8w`jW@ z+@QeEs{d zNJvE8&!NpMc;n@XNz$)`AF zUD@Om$>ukO-VGp##B|1qwd0<1ij&FFzcaC%g9v8KC_F;MuB`zEV z5PD-m5m=Yypb`akwTjjxt}tR`Q!wcW1_%i4`22ML;7Bsc8k3?|pt)-bhAK?Lu?-3k z;+Gyc(6uzon1>+a-k=m0fy3Vap7RV@HtG&RSA}a0b?dtEp~ZjLf_ryUW3=r9$ThQW{?U#)YF`=SB-Zmj#7`4Ym_+X9lbez ze=-DiR_IRb`XEaL<3mcX6w6pJWVt6b`&uPRjB`!OGf{W1T-UK?IUt+~Y{Gm19Fdvq zcMPwEsz;^I#f;a|6m&*U4iltFr(;}GqM5GLLtj%8cWe2hVAY5U4ZOrDVHnnL;uc`< z7G`gP60tl`=oIr{ihHwxKX}nwL&H*xHezBBOw}sovnUuI5#H<)X110GNeX8dCt{B}_{t(WewE!>J9q zdbzjL@0W@x!@nhu9gu_bW2N-&e-<44M|2B*lB#!QP--R<^Mt01Je&wUNww%w-J!VI zyjAHLFl>7tQals8s{(jGVA#KYDVVY;S354+-nP#<#iNWDsICB>YUS@hd91qddS;`w zSQ;4bB1lMxPP0*j*;Fklx&5tw)__1nZcDM?GIB?$6i}n`r4%OtPUUJ3QN@R1Fc8>? zy(xQ$M%o#ZqEstmDiqQDMcEA-_=_x|je=gkW(~#(@2SuIw&hhcu^A(3AbvHsH)w5d z(AM6RFjFIAw8y59qOhj|Si~MnZeXHpf)ge+-5Z#2$(EE}3z^)MFd4?t(FGmigm^-6 zF!e^+XcQsku1aBoBK_Treh`u1T7Qw@%4YwVJIo=6nxB+ywnA6&%~3K!Cw4=sT`Gk@ zsI?-Xj`P#_%bZv8ypOh3yXWPUA>S>j3z_jbwL1%A=+;)@%KMB)wkOVhq+*XV<<%C} z^_>6!Fw;f@J-7v2^38|!7-(#AIh22?g%3c6!}{`K6RQG?^LTLi{K|;7Rj#?L-S}J` zLzG(}%+J;cLg(s!aa!c@Y%5I$7$M4aM4j?udBGGWiHzD>>)2Mz)UYqyiIJBo(p@=@ z%-7;Pkl*YS5VVzV2IkcoK$uSvwZtQIaw&>AB?xstsy5#V<@7zB`1#DZ469Q^$OO)1 zjEpn#%5NnW0!%I?K9~C4KaG!Bh+sAKQG__Ubo$=3ZgsSsH9oAoeogqE-T__->3(I^ zMXBvXcx2-s^9sHHHaJLX{X?yP{ndy^hYjd27V$aUz?Lh`gXi{$OFmr3?of_N6bixr z{CRPbXtSPL7nq4vb|}a$8!fE1d=a{1tb$YBAx?9Juz^Iz7d3A*m4}8q@j~>l)qqg%Qt9 z@n(e>{hh?fv&C{nN^rCxxN~%vXJ`9AU;h8k-=CQ9-;8k**VPqcIdm}Ym5cfUdah(! z=Fg!U^f5^g7jtLJzM)7h4)ACz4riH2EOM7_TRFNjL zyps7M_x;jHv7c9S=Aq$2##pboI2hg5V8Q^Ap%>24;!Wv}!3h`(7DojJHt4vQxFN26AjH-!tMun;YI(XG2PH4C!q#NGxCf+9rY%5X013 zAOe!i5Y>?cIKe=AbNO5$pq0$x0jNA8#}vhh+(5~&Hswo{G^z49`7I(7X1{Ow6j`5t*nWvD`ohBw^}s zt_FOWn4?LBrQ_yKSX;9kdcPQzqb)nyN1Geub8CYhHDbL=f}|Z86d=@2)v{P{7ou7g zML?xm0Am=4`WcNRpBFq=Ok7HCnC8JMP}xMtDZi>zD_BSGWC`JyqF3T~Ez2hXvjkSb zKRuyB>d@xin(CMd;K50L?r2TwnmUQZP&ZhP6;PsFkm8czNphK`#ZN3CsTit^Av%<( zZ;EZykkE;#obl;pabWVO>xfKn(jyXM@eiT+vjHu+*%WgTy|SW5fl8tUR$wlR1iD`s(XWuEI~( z1T;@TTMmk-(OWALz|g-Y@ad}P*}oFw2Xn`Tj2*1T3TTVF_G!w|FVWms^UNfY5j8@D zUx~t=7`Q9HDX?G-Tq$T09eK7zX%v8r6#zN%S4FeBG|gE{v@uNUFgG)mYzyY+o#z}M zCk$OiWHJ#QdzHt|002IIRIHc%@{41o0k1$ezLle-Eds`3Cy&&;0(;wg`bEajC1a5R ztCd=@nl5?7z$<4=0AMV-WY;*ooFR(Gx23NmoP?KQA{x(d`09VKO_IG5+=Xq1!K?U| z(24j%9Xcp1j`MdHHH)J(-!~VU>@4OFGtUK}j`(Nza1&C1YoCyfbI%5~bj4rYazIPh z{L*e89HIc4P|biu5em4OvFePWaiy5JG!>XF<*uBuOrPfnqAV2B87qGgiUCfHQyYoe z9M6#6mNKPNOWP|0kb?+8#_eL;6;!$*^jfwOz~ni%VWyl+kW_zFlmw(OMjTOAv+>(> zZD|sev)f~;=ffpp#;)-Vo=_Zm*Dsl;>*s-E1AnmPZ&v0?c_fyM z-%}RYLTtUNv0JII+t=Y?gG_<*_;lxB(XgAkd2Vg5M=NH zt3t9;Pc5kr3I2D6UgHRI5~K*kkY4Mh zu9S39+j<5rZD|c$X#!-tWGhUPFKWuEA{3|h2>=2#ZPsL%HSc6prU03*8(|?$2lX}RIE;|BZUe>kOotgGQ?Vi)EIbj z5NwzdX2tXN(xW4=xxtmAf;iERcDFsu0L_v_9Xe71SnwAE>zF@h%EFWqraa?fedtpT z`)}W>^QIDAp&LX|-k_qq`goEbZgj|ySF{ss)4I{A+^B1IWGpWB)m$1zgj_3kdmebA zm1j*fc`jQGx*l&cxDyJ~sf;)_boiGOi6jA7j$7iySJwQYS^R5CV!;5|xpX&Y6kSQ# zCy^?wEXm{x_%Kt&cP4m#Ai6+HYcVOvOSQ}*#F^d2>cC1tu+kziAo6{w3FUBO?KaJ- z6;nm>H(gviaMd6f-eo}%I>FMZl>Qt=5rnGAwR*H*|;fhzNW<7bHaD=9ChDl~X73#U1U2dr4i63dN5NppGIEt)K zo(&gRemK@OWxWshgE4f}K{fh=j+&BL6&yxlXO#jkH5HTTGACHg#C64&Q}Jo^?C6O-$$Nd^ zUh&&Jy3w{SJ-FtFDQ(T#Cn_?QjDb+>bgr^~R;s>xe|R)B`BRWGTs9AQF<7nxN-uP_uI^kYg|taEd7g|T zv>C<^gmIwrQ|OcfGK8ZO1sABR&t^IR6`Ovy>;@%z3jgn=-FS$BBDaFjuQ|-rgw9fDdba~Y9Z8Y z9igx`#JI#@#5R8fgX`R7bY42R>8i-3-pO7OyXBSHYMkUmI`hh!IY?kqujK$V+YuUz zMD`k?w3EA~D|{1x1o0a}uk{)&4mAWP?pFa&T3G;2MkGr@z$qM$aUecOh1RvdI_J)n zlC?FvMe+MX-l1^vKmxjkT#VBd*)3rI|W*91A;SfU$KwrN9`qjvh-0gdK za;}7rn?O#|RBJ$rPz!X@UxZpdn+3jxtkdCq`2z6RB5blY8Bg_BncV4kEF&03ILVnh zC*Wm&6QuG64P^sCPK1jSv!f2zA?{p)!E)5`?$OX;lBWAf^MqV%~bp<=s7IO*j_S>z!9^{=J~o7%$WxNzQ) zL$Mu-m~xE?(lo|uw0YlTauhLD%&5!0v0~wUMItVCaQ(yM_bwk?1O?xB{QSjmH z?K;~K8}MQ0%NI}VT_&h9;4*iT9&TWKhhip+ccL0fLiHy=5ktD<8=c9}ER7Fma_4u@er~u7YMi+AwOH3JuJQK`V zM=XnX`p4INnOl6I&I!2X0@7R$Vnip`e*7wC|@S*{ra`rxV~bYt#E0y)GoHVMri6PX871>52z z`=qqD&5kG{lV|AHPF7441tzci0DGDTkx zT+6UH_ku;SOPML(sH!Vopz#<5d?>W+bB%y_ZBo1pL04wX=@zNgfQHG9R~Tc4;u)d` zBu*hkp!?qgf3V~AyTCtyDIDPlbBvh(V}9MB{|0mYr-V~;O;Ubaq(n>TB%)+%p}J8Q zLkwm(9!e+j7)MBGEU#j*po1wI0!ei_5sp5kMu55|VtG#2@91(lRf-CSmw%O$##dLQ zO5MUtVNufh>FxlhSrUM~ZTTmT&$ICue*#^vTi=V$feClAK~Y&0-2yRqD!vh>>S&JN z`57tbvOE`Uh+Z%-LV?VR#7Kl#QT^hlhQ+oe{bxY7xyUWb8)>UNYpEI!XqEo$&A+zovyK0ovzh!`B zscvI;TxzSo4cEA{*@e3QvkSVH-TSYn@_H|2=W0g2>V2%8r^RBvju$gFjW1v9xi66q^3 z9}XeBxut5TS7KTUd#7|W|8Q^AY3`8vu6i>?QS7s6PZB}yW-Ajzvk+~%tbQ+M^X=v~ zPCN#L8osh`?|aUTr7@f!pTmi$P&Fmk3w@m}c3$PKEHa!1?!dn@!cl3DUu{8!eTLrX zRyAU%u5UvD)n(>fQl!bj$-iJ6H5aH@8}i{YiRR}HSee3JZEvhSqB26c#ipj3vDg$z za8kpsmYQURn4^cDaz)^O`U%)NZB$T_A;zKu@^DkC9GtcK3_C+SqspfN)0C2wVyR}^ z6d3B9?+6ApijRDq7cC0Q!ggu@^jH^S{tu9us`}ilx{*X>!s^WiUEpd^^U5}>lI=Cc zHf_+ZH7XLlCFGjvv#Jz5XLSe1l%G(Zljh8tGktKZjFOlGlV*{15_FRrJVixStwpi4 zhsAPTUbj1Z1=b@%uCo+$1u?qn5L&lJ=Wq?T8}oFMjiUH9&AD~%XI2KaNV2YHmMRR7eXQ(lAQ+w(T+hnim zavB?^;Uw9tVpZW+&RW!2fo=|?M>jSE8bbJy%A1&Y^v9gyhsgv1YIu>D=oebF$G?_ zNR~kG*S`V{te7#!pp_rqXYv}81y*gfN3Ba&9^A>}{+?Z<+fDFH9lIR9YJ-ZBS-uv{ zN)fX_z_4QhK<;1^-xTDM-Zpm~`GrjG4(=+Iy}^Ome9N6YI>YYydD=>)ViV=S#(8W` z#cI}bxdleH%F^l!e)G)LtiNIyX(hpYb>@gxj8mbeJL0qb>6XdUGK(VSmy60=w%?|I z7UaO3@G*}Co|_)IMnssV9#-WmLT%)o#bS*@pbp31fc39{^wMm;0OYj7+ZUP-56gh& zx8c{!Vau_LYvvQ%zbsCOB^nL z+JF1usEo;%FWMxvEbJ1A^2T1je|vazR_SqL;>n)VQnv)_?CAXchqHtGVQp{8E8tv1 z#@eJp)sB5QIsRWCj^yn?@;;_T2DJ%vw~2}ijCAR6dKFQ7Thy}Ct_pcsJd63CDwv)B zczk+!@%H@kr=zpu*Z*1szcR!Ij9L{m1MA)!s)CR)_qo=H%tdFpM!s1tR&6fJO2s_g z{F6-lgUG~35i|MBDhru=GjI!XW%ivT_h(|>d9NOpb+^HNV%(Z>TO!?$Z98+jk!jbM z!CN9bN(C47BjjdLbKBV0uN})s^t;;ggmo2*n?R@KA`U^xh+nIjINSOAZs6Q>iBF>H z&m^j9HBLKYxZ7RaSJR@8e0zSb z*2n?JpPFY>e&&>MJ*!PMOP<(g)q;2o)(HjcQ^-sgiW$oqf03(#k znAy41^6yC{zs?2TG_~^7#uaQ9Wou2=-(LB$);dpgsYna1c|zZZ!PLU*6>ko$!LnFj zk)>)c&v-Dh=J6f%cVE^Lx3=U$-s*Z=2Y3wKZw^BFy%uwDDrIKB2dQ0fbE$0;_q#N% z*qfFK4XE_&Tky<)-`?s7zO6WqiXd-OMHUNJaqlbtCiSJox^Wbz{PqyjhwMnHWtjl2 ztZ+Bvj5;YbWmSEZ+_$Dyp8MCWmr}w>K%ybII5=%?+DXRS(yC0P)C}3NFY0wDc1i1Q zCM1;1{5P*J&yNm1oE=~M>vI3_-SNrghx4PejrM|v$LIUszdgDE<;>4HN17ZGi$~@gsQ}m4cDb`& z9cYrbc(v>XmLvY@{`vXO@6QhB3_!8)rL^b$_G4z+`y-8;bGce|?DE5CbH~rFO?5A9 zExC?Q&M)@gzP&ts`{B*;$$2}O0;9XPQfgktyeb9Ui)$CKG0I!^iUUwP6W(2%KJ1!p zZMl9#WtEzRSXzQ*v>$xh-WTdouR{0@TiqqCom&MrTkRUATj zV$^xFt#rzGq4c~J+o5y%xsXV>r@*%L;b8ym+wb=eeq5~=OQT&zw6RCUO#Fq>tF;il zd3|}hfAPcl<>CItez`+mzJT=!vJBlhL!RL7hA%I_mMVS=+_&%FR9rj@!HvkIp2sP; zwH$6i&}|%4LqB`})A9N7`;+67H}`A8*$GrN&8Fi5D4G3aI76+ z-?}{p{TfAdA*8Cfbah;=MCe)5u?0~=Cz?@kH+0z=9o&t@c;KMn#R7z@NT^k{8XEKX z8A@h#$V7OC62#akB_mYl-YOKRaczlR4{n7}EKv)h#l6<#R;xI%jUBxdR3nB5JZp}e zNl1uHhKpkAiP|K2zT@NAsKu@82a6HBd=5lvw{w~m~8J3f2u(5}Q zY=rYV=_W?3?W0?u5iMoxkQ>t)yPj1V&2(Q}QC!By(zMNPZr-<_DlV>8r$do5H`%#s ztlM)e+xH`sV2@q{#5zafoDLSv`C1WpMhTJWIs6*QT7Li-RVuthUsi+!BA~ z9x@I&8fOthT=jGfB!o|KGU*gYxZM91Un)-C$*YsfyC$S9j)p=p3UL+>fhxTaM20^j zdF7Qe?aZr2I@i}OdkfvkY%v92+S6LzBh<9X^-^hbIZw)bFUtJ|o2M_xbWXW1Cg*|eQohKm%lx+t1>|>%zayb8Ob4`{QC`rU(?p&{7gcd*qo~z(XrNNGb(ir+y}{t=S><+d|`QKjb4hB#8-yY+s(aU9`NS(;J;9rv;tkF2!sQH>PbfkIo z8HtcoVXtu#4uQUENWAUjX)=ePEiGlo+|MJpx5_%2$HZ2&^2nxP&86B-y$!|2dTY+? zylAkc>{K@SOQ>u4N^;Y~&R0~|Yl}4}Uz4;{tUssrSr#FcVU3EvhRdO_pzi1am|~g8 ziVeZXZub|k2D)8AJRAsaqOX;w2<)F8gNZ0uyfgM=H@|egy9v5V=VCH<&kWI#EHXh{ ze3J)*o6y!%Tj{H8F{%@irg&3vT$pn9-Ps|AXH;A6Q-_1Evcl<)N{#Q#TP9Fxg? z#lSrNzrE8h^8c+te`o87|3AjF692Db?%%7qaz7q_FP^Gr=Qk%JST+*-Hf`8eggP%@ zbl=+N#`LGAo*aml=S82C1;}sHxk&;nw8AyE=Kj$`6d_)| zVxtX;Th9Rpqlnymz#rtb>1<(W#cDY?b^ZEr!V#Up=o|$k2^WW2TifwtZTIt*NUE2Q zao#nK)dlJ51F6fkG@O$?VbhX|BBYXx$=MK#okug{x{fq+W$SuvxG=r zCPI5zf%&Z|464s1B+{WbY`M0iDU4Ar3s0 zjqBoe+s-N9pBk0=vZmFxY$=<@Ug$hptCJz&WiXW^G4(5`(-fSyNLGaQE-=3|$D^q{ z+S>_8!o_UUjd(wR?tT!Uln((+(+CGrob+TW1PjT+(r`GrMo9sLYpxms_1&i1x8=(a zouLv?4is+Qh1>^~(fPZ)5E}7UA1+>dFS|}RYl6>p!;*wwzvh|$ zp3S`ykhlj^Tuv;Z0I1PZhg{Uj1o72v)Vvq4^LqBJ*57sG180rfFVh|R-)$COIF}$4fps@~ljoL{#SS^s#*@vCAVYgQ zzzbb&r3d6650at7<$RUdvPghOv;ObI)`}Lr`|k(l`u}&g%J#p(i|r@<|1qA{P<1is z#$qooS-#xWgO$?eJoIj(CVIUT1ir*Zd3Orikp*k#H0ZucMRz#n%Qm4b5pfbsv?8d3CT|=lluamP_@ulWmPce+O z4&9;`e_c;k{|&OTT)Y4qj`}z^Us2woR0&FCP@J`?qUU*)O~^MLSl7b;?X~5r8i3~T z|Lqq$mH4mi?cFE-{}_)_nPlPRsr4 z`dgzx={E^5NKr8C)Vge7#t92xgp)}z@}45OTPS)J%*%?}D9S5!{0Gc9p|{nO9d!j% zRdZNUQ9gz|n7(y}qG2$qm#Wvqs23=iGpch=Ax9IPd57s=WomLNkM}gX3eB9-csuh{ zJW-(w_vpmS+D@b-ti9epNAzU{QR#tlXN|!rn4;jCWwEy57Y=)xbN7M&etqF7OH$J)$5NqH5{U^LB>PLY*~avokfu< zukQUKzh8KX8z$e#YvgU+wOn!$#j{!en<5xSh%wLP0=c&qIB);o-`Xqf|NGld`~Syz zYT`d@Ppvj8hwh22c`9PzbZe72K!-@)GcMH3+CPC0(yV+PLV0{T1Scdx70qgC4MZC& zR2a>Hf&T69RiB=Re_Hr|3RjN&P|rO6zqMP6{~zqW80VCKa+&R=#+%}x)`GO-s-#T7^bOzosAGp5J&RpKntW&R*NZ$VxLWW!4&G; zrPV6(n^ULSUJMgBL7_L&Y3|NYgdjt{mRHRcal$xEv>3A0%yDwVk>I?zy@H=I6CHQH6rM!%;ggC`PZAPa;Jyon(82;Ytb+ziPzqKV7w*?og zKj7A(*4kTat!Vq5Ywj&qepusgIa}(orr=`zZ_qHjcn9mv#Kro56r=I{ZmebXC;2JYQ=_BP=hUd^4ti-4@&GhD#AxexBm!*!qvcOF(1j{@gzCxvq@qCq96|#Q6Tu^qlWCAbgwhcJW+b%i@!S$%O zrv-0oYo!$7i&CUHZTMnHItjzg%$qy6KvSN@|8U#l!uG!e@f$*~y;KU%rEGxn&j0T0 z?Uw9++x_h)``@EHZU9rO6>y{JyPg!B`=lZlf9N|_Q* zTu2XMP4uwBXV!#p*E zQdD9VoIw_)@~AJ+(9%&IgPp22TABd0L*6{}b%Wj1iZyMQ&tE?*XF2*-7z=tdzJiKu zg_9?yQerAcW-O4yQr6Vw2ZRZeTZAYR6mRD?yW6#V|9Y`qKL0z|dGU1q>rtKs{r_#n%*>dV zC~&pF-aks1fT70X;R2-^_YE5`U>-1hpd2B*m~+#&0n4g=Cw_UZI$x^#<%=)7*sXy+ag?YuK82!+*(eEbtUI+5KA%Fr_c?Ae z=&d5USf(W^tO0nt7zT^EC7WOsv!$8LdaC}jvdgi8ZT<1_a-;hHrPz`3+oJeut@@?; zW-C*Xo9!Eqw65ah)2k`G;oj(59U6V%Nn;nMgmIG=uEu*`C}r|*$>5;;#%J&>j~e1U z&3C%;TJE7%oL%lym~QTe(!JTWK4LG=pj+UXrG0CO-;}-@=2!u9QOK2C*#Nt*M=-cX z#rTK$4cjoZaF>u$pUydEiBq(;K6FC!cf{h1E6z^Ys7Svj2DRVs~fn zN&kP0XX%V=dZKu0dZd(my7laJ?T@L{S+oQq@-lXN!Gch25xq<)2@qq5sdWf5PW~>x zBT5OqjL4+G1bQKw^%xIH#=#Awi7K1ou*&#=Ox+m3V2ac_QUCfW4*#yA(a{VgoPjTf z6KIrlYEr4m4fK~AOFq}<6!-nK;@F6F`|fWJpX$q zH-&tNS?iXs@6iilD#OT`#UYKrX^3yrez7*U)Q2aJrz#bRe@cNVIe2`TG#)>84NPTb$O3PL6*Az|k zpA$URf2GN!gxd_#+ota7D>uaN?z{8jBk*zH?fvq9{H{YYGllr&6u}Tt@B?8SJQFIq zQ%WoXfiEa!t91s>fJz}#w33=wuP4`!)cCjieP<}YHbG|y(qMWI$W8^8jV{MH;)v?O ztEBj?FHDjExr?Is89bMXlZV}2_}u;-KA+R4nx3fTV;;R?{$5|~QYMxM0BrU9V7tEs z2I0Jt+x-F9?$0d-lUuMGHhHb zKFd72>!2j<5`0M|_;jip2 zVC?SKbaE$H%-sZ!@6u#)hXZmKWb|(G`Hsyd;=j*#ak_IyCX+idncdx>QM~bNqcEER zK%Y`f4Rh4b--=W3tBV{(HxzRO{%`O4rM)1N_5AO8atzn~?>0d1*#L|vg4a&B%zogj zmiE85(&s$Q`hQBo5Hp&|obsbAoS^$A0-c-xW3PPvd$6_hWdDDZry50ZXb1g!Ip}3W zunNGjMqssLIIY(EPs{MB%&GI~>Bl(PpFtc+?Z%|zux|86grShTh^N z`&1|=%j_q&@_Ux15sFd5VI=RJX7wOdSET>Y%DFZ0n$Qsr#SRfC6Tqhk$os!00+4U% z9%FkCtdf|YhG1`ZcYC)3z?iAqt{=70rjwwGyibDo&-Ap&|5@-j`5(7-w#)vX-4{Dg z_kTXh^W`z~|H>;On!x94`LY1gFqV4wGjow)*BDcnM+}Ow%CosaF5jAb(FBWdX z=qAcf@s5P*OuYx5U4r2&t9*d2kU-|nasWAq5M&&X1nH_ECLsc2LP0LsjbZ^ZhC(p9 z1#c8tyY)27Q7{VBZ;QnG7*ke1#T{HW+?c9jv``E7AkXsA7MkTGGEl}wX#};BopC~C zLY6OInyA3==hetA0Tgg7n-tu_3ZYVzSNUzxoG`cgm%@d1ty8{eGMH<8s9gkml||qp z@Ov}oM|hg$KPAx$Ise^fp8Ox|mhXSs8w~nS^8YcO8u>3bv;jpzUKZrO{E#tpq-FjY ziO@zRn7JTsWtIG^7Pd;@i|T&}`Cj2d4{*dr)1A;p)605gOl+UjWivLS9)~D^)VXRg zSKDff*-NZ#xk58CBvlN~Sr#F-q3-n3p|tbOMIL}D)>~yIxIRA5W5;EFqFm6K0%cnx zMylit(UB>oN@ffdUk+Wb;801rUq1qi%Rq0Gl__ZP4Rx?M3ra3DCY+^YwK zBCvmYtoG|gVtwq|RGX~33A)O%!nzKnK6WRFi*GkV^oc(r%y_rb^TKql8FkQf(Jr0KJ4}l_@dk4Heebq5{I!K*JkI4eMmnGF=WGzP4S5DE^wNZ9oWTRhE zAU35QD4gon`GVWgX~`|T?0El&ZPR|Urf9~z|pXC3eJjKLr zkCMvm_YL%1BtP4|GqOE+4mM*75~`UKT4OVd$*>xmpsl+B)@5{NZNUvKAm?UvTPly+ zoXl-*7Nf=vyd^OF9!4+;5be51*0jTI&WNUgb$}UcitlRS)>UiE^HW#vTzYEGWI$%M zVfSm@eW-IGHihnZ71Q2a>NOu4u`J*dM>K)a@u}{L^P&xVw_ZzXp7wlxOJwj{IcHye zmOjN7)pn?H-ky+9CKTyvJ+)!+CA!$g#zu~zc`0yds!+)1SDAs*V|Vl^B}^7(d7-+j zN#)WT^TN#@;*$A4Wy;(?)iYQBgUVRHiW)fI{@X8~{~7FUKk0vu@zisF?V&NAz&UE5 z@%^~k-~-w&N;o}$ZuQtss&AP8&0YU7NiZk$H(dW)JA-om@BY@{Y5(^qPyPCTrw85H z2bQnf(DMQ(6F(pn5#|RZ?v+`C26XR@Vmo?vz11zx#p)Ee!YW4q=HVI@E+>#$TCD(2tkH?=RWF(&j;|bwA^bhzfobK_OxReHOm10 z022DQeOlx{ha8Qwh^_1do+JNv_6CDW{>Qufa-mUE?=ad&QP&lJHhQnzuLvKlF86vY#jZic#_6sR5$bFYDF zzFD@C@VAnkT|B`Q1=lQ#d&(tRxDj_fr8wc>nSY_X>3DAh5Npcfwv zCyJ|%?rqMjl!T>hC=0JA!@3$5c1prpelyFDew*ItJx!T^C`q6Xkvfe&omZ|quUtIT z-E<_k=G^ki2YLahoNTT;-TbI0oGoHYpD&hZR<1jof6iE4>5w=2%>>Xi>;GH~kNmeJ zOO|e9p8fyDi$Nv-CYdp;opG|GX z_5WRY~eltNFc%Did?oq^2 zk}xFRq(VCao@WxF5BlN<#fX6cc=jcu(O0nbkG~GU9e_92;Cb)=0`SAd#cA)07XDjb zpKs{KK7#Hu(O?(6dIh>${eBnxq7%f5lXQbJqW0P+9-m{oSYhuaEN7?EmX| zz&DT~@b};sHYZMFZa!_Ru1n~5&-8UQN#9IPy84uL?$_3Ybxy(B9C^-nCl8)BT^1^Q_GO%csN} z&p7AC-TNng`8_0n&U{jr*F*`s-!-R+q{uJ#XRHga{}oa}%+vq+yL;vR-|kcV*W*0D z*ZN;6Kg93C23APuuyofRI?aOE*Z!HK*q)yIJ`3^x6+?mN>3=)r{C`_p+x@5f|Bv!4 z&HulF2;nE@_i)c5>;E^-|FX5aSBd}Gdhw+HJ<79^{r{ANt0{1+@PJChMt6#$*k{w; zl#uK05Gc`=NuTCDR=%CitfCvhMPcb||%Z%A1ap$vZmz zG>ak?zMwsx^7U!{c36K`etqTQ;l2V63*kB`{8rB-{c9D7 zoJ5Ga@m|i0CEx}m;SeV>YkQe|rPx}thQuSuuS0NaXND~B_3N;)0EZJDuWR9nL09Jb zxsdasIgEhBF%(?lW4A|A-Wx&AdLx|3Kf0Ts>&Zl=TFxkcT=y4USy`XoiG}2Z2zVeC zZ%$>bx2oub4=75N-0X?A^Ht#5oP)B3nq#u z38Co0+L)*R?{1g#f9~vTJ>~y=lxGc`Le3FQ7~lk`fd@BJlz>r&BYA~T3WIAnLCo*0 zfr}|-(#IqZ9J48kA~1=_NQJ=QWU?s_9B@2C@<@jB9wuRD4J2ryZWdloDH`KXC{%p( zFB?7(%TxwLr3xjGA_^j$Aiv`uo?o7GLQ!W89FRCB3Ha&Y9E6y%jz7V?C;wIGcl^<3 z+LQm97t={k{9}HyS<=e^jbLz{rC^LB#5&*k>?ZAe=a1lZ=R2RrY3IBD*I5HUL5fMn z!13V`>-aMkkPvlz?d$6JI7G0g%2V=d=l#zoM`!2X+ETB5%Ip8^X#eotkspT-*hcI6 z9}IS1l+XVSws&`*?*Dm|XU&Amfgey5gM%rgywmv(94Cy!C{jtuZ_o(XU|zuz)Qw=^ zqpthQx(<&qqLI)^Z==&$TLW(p2WKcH;5ZqRPUq_CDj*3X5$Xs*1E}}}!w~42^7d=y zK$>7a%|<>ZJyG5Z1b)n^o24P-NWkrMF3%AHAMH1Vl>lZo1|bQU{2~9j6oq;lGMrE= zD*7Qe*KWIe*y2+RilmcI?We}LJR-}n0)g>?In3sfiqm;sn{ za3XpFIUYqw-Qg{;(C`w3B!V$aG8h3ENY!4VzXmP{*b(5t`hF6EZGW)k4>kn-Ftd2+ zh*qW++CN@_Em5qWL)aA%I-P%!3{2rnbvq1!=Zy&spJed}Q8A2(jK!W;{%SB6XcN7_)x0~Vukvg;X#ZO9A`1e?}9GlmEh<;m^I^7xO)1k2`~6b;*}+}n5~Fc&PdNWg&a+88$gM9 zY>EP=%eFxWS6@Jv-=?TL1l=wy-@4#y8@>{+2+vT07(1n8gj!33x4I~hWdTE+ z%fr5HcnMkh2J!9?d;wjd+6yGzSl3O^6}y7&5N!AReee}@ae_I9(IJZ9?Kuia60+_P z?DaQ6SI4>LZ@0zUF~m_u(Z!S^HYHKm9m>G@E1(yU5D^RX@D7}rq6_u#z8(B}CGjd* z-I@_APKc7Nt^u#EjnnH6!On}VO`zUL2ef@Pc7KbhqE-;aL^fegWHh062c%7jjKQg{ z0%RR2f*8Y-1f(QnE@G>!AZ08R+84u|(5Cex+Bp_QL0)tYbZ}MDoEF8=!HdJmyjlh? z4kuv!N*+)dAt5lO2*28>!Rv*;|MDirq&ENcSuE19V|SjOIOF^6T(j^Vkl`@T-BOIytG}qc?mdp>5G--;Ps`IC%5BO zO0?O=GgP3B-5}|jEqHO7wetT(@Dfs}6~>*r0WdhpQ{Ihu*^HCRAy>dlFyO`Uk~sly zq=s)$#0(&r1TVCBz3i_(jwT&R%e*%%R%qrDF_Or?>jyN4y)1IYakNPd8UP=WH@Z0SIzt~wd(O&MI_ZEZmoxPXF?i4;acBj=numu)W)t==Q+q2 zC$ZTA&V~Lkcm?y;^qopZB<7bcYe)0=v>vaA7{_8Z*BWqlqInpG6cyAQPGrhfFw%9w zIvyK)HwriIgI*(EZf;j+lNDjc1)n%R1qa86XG|SEL7_P&EKnTP;PvsB75J)?wY6#9 zn_)9W9Rk*DQSX6}i&r^YX$zm&4@0ap9gCv!PK*f!`c6j2uX=C9Bwka(_TLv!}= zcY-!d9;=Z>Q}^Pqz(c`WI^s;kCp0lsSR zarx@{OuC!_q{up8!ws-H|1x-eYkbwb zcu8fDjN8!?c%4c|;L^wy@RIAP-RM!Fm#8Cyej4!l*p&uU4}F4h8VTMVz^MBWi&QYT zQ^==H80W~!qLPG?i=-5#C<(=%Xol#m?1K(k(6(70d|+stMaqe5KH+2nJ_c$gYtywd z(C`0z4)))EZyP)y38y5A5Y62u*H#nr7@jc4Cj)Po2cwavd*%hUc5jm55cTwjUcRV% zYr6dnADkJ3b9o#&QD$qBAV4UH2}P=_D3OPv{fFY0ymj#xhT`Jwd6Ci$(0hksLT~NCA)8gB7vUHe1k8$j$ql@k!Bjp^tR-u>VC&vlq2Ua0!mdBVodXsTSXi{1dNahS3@DdNsT6Y&pDRk^>&`}Qlr0! zxh0*=Fu`NQDn_nV_l3a}g;|7Xt1+Zv54nEHfUOGF37;Y=2$_ITxdQLC^K$U2$!XX$ z?>{h9%`PP77UMz;g^P{{}zEIJ&7P%K+6ly3quuKOIOFN9%_E!M5&{-4E7Ej7g-l(^0Go*c2jIu6xSz8YN~h^vE?#( z;Q&s&SSh@m034^3%w)gDgvL<7ygxH;>yF@mZ-qX6<#y-Xyp5i1GN~MF@ z@~eBVesYem-3KqNr9C)a2PT z#{GD`wi0tZ#;x|dX1r|W+VU%jAA5G?ROg{@cD&TlOIJ2Ys407Jyyg+?4jkH|dh^p5 zq4S`4*$lr;d?GIZtTfdoP$h#{PQVqkE`^sl6oivG2BbT)-kvj%QXE5i+v>Yn5ij>z zfVt|8jOKfLxPJ;@#-}LZIB0Yyt!Q1Wxs;%ZuU<^`VI`r0I94+)9UX;2s16D;CvkKo z&rNOuKE(`3HAS6WnIdqFZdE}~7W4}$g#@66WbvVtRGZ_2TX82eH&7vO#|h?MAQo)Z zDYk&EzlzraK?|!I%nFx8v<6a~l5oMGxrf1P5%-9}Yr*J_2f^!fUaY8Y$90h8KCL`( z)VSU(UQ5Qj7x2>VsWuyqX~#I=>g+ak{kZyf25-fl>l)wS3B_UW`X%#pgKaaWidRc) zei^T#-KG|=fj{W`FYc$Z7V&C{%`f9MFE)Qg{#C&1v?U(DjMuz?{1q)Z2CumR4mn=7 zXgl;39hMp|CA~i+_}>|NjUyyC(^o~j5Lc%x>*g`|aB}>=J{-v_hEDe19i7*1fENBQHxqkOos}rEqjGd0aFMSx+6EWB2a!ba0`Hm%VfodSEUpapW+b-i2(FG45S z4(A;>4h=elPGEwWq}ry?_iv^+P=~3Vfn-yXMPY8%S@ay}T)f64%DZ_7-jWFpU2%&0>-U$4L&*bg|KL9UKU&j=0`iNtq3-_%A4g(d8k zQmW_TB?GiSV0BcJNyNk(m773jP!S~=CP@(yY19-Le>lF6rau?2LO{VCF!Q(Vn2rM- zTnWwow^)yABC*$$#Ddkbb565>XVgVjQP5aTI5D>%a%TwuW-2OD$_y?tGljoU_wMN` zZ0g?)GO0Hes+nv3ljN&t%xN~Jj1>x+#YNkSD#DWP5!JI1bY zdJ(ao5XIx#Fg7U=r7f9eDn8~Kr+`N?p8y`4U9D*DIulGP#UPL=MV57PG!a}X?KKLj zRQ#b zd$ZS&7#b`{q?m0$qDWr%;i9^pB@tq*wmlutrNFCg5N3cOzTvCvQZim#&g49RPR`OE zkJDbsWY*rRd}n&4dv!5&4{lW#SwzUSoU+)&PRp_21dth`RA^O7#4wH%Gr=XHq%TM? zpcNz479*MMjQ(b@5K7IaWd%ApuZ#uJ1+qj+fGKL73_?dtGwzP5ng|rhbTtUBJnxip zYA@rq+Q#u%UgU_!7=@eF0jkq!^+|~o+-&THM>9^nX&`j7aMJYFx5!Np zC%pxN!sbZy46ilfTvD<#8|S+(cn)9EP@3^L+wK+-5X2+#@#Eu=hll4O>N!xA{$s1l zHjl{NAHfIa7QWdPKIW1MXwVcD_Y7~<{vthF! z#C641miczL06`p_E?74OLFr#x0Q0z(RH+*wiy>?~;j#rIF8gZ(HoS?8#Cz|#gudH2 zLcu!?WPodnf$Z-uM6k_3Ldwym;S6wXF_63AY7Zph+BBS@ivb%jr2m5Twi7L6(`Di9 zK;I8PF=@9LIK`F}Z4GIM| zR(a57-mZ$oq2Da{8)J~9V1 zH>BadeSY#{;D+j+a{zF;4SCR=1L9H;XbjN3^}+hwS>4<#SYd(j#N@Kz?;tFjaz+i7 zxdZ32Rn9`msfXGq_R=gOx|E(}+Q}0t-k&8atYt7Q5lUSRM;0_1W5&`Qxy{@(WV0i9&T%fb5 z2m5VP_TA>T)HR(el)zLMW?-29!*9KvKlpTT1rt05ZzHadK<W? zJkzj`EN}GaO;?Tvy{ScDzq6aT5sl|#!G7X9;6J=|mJupqU{Hq2;+=)?o~vIZz(`-; zLE6!!O??~v}T!XqOJ-BK*i(O6Kl8fu3^eDZ%TeZIaifexK;tG^M z(sug$=zI(YC)$8(&^_vX)mz0)RSH`C5b9RM3}^bRQIJHvEdz+tZKZivf`J^1B^{WPxZc1vC~QnMKORm(iFw{&umH?o9;YOMdf zlWIX9uC)awhHFU84cyLt_wBCBN*}H@Ww#ivAvL#qs<`#xS~FOT;TlqNyXSJ}DC)Jj zD(v4LUbin3oxZLY_jPdT{@T9?BY>f3a=^JS=^Q9uiAqoMfqfo*CYa<4OpclrODPtb z0caEvOD3uQaBuDO4z8*zZw+v{2BWyN1Cc8mLj%{iFC!SRxWIqqHH}KFe-bz360|X@ zx?GVrzMG7cTIG^DWt&@aaWriHco$s#F5+&<8(Pmn!W&lKUpl!MFIX*ken+k-ic95l z78hCEk~8=g9{EkZh*a-DZCvxZUfxrXVsX`_v1W8IKwehw0C?cSUGno|HFqHRNC}Mne5w6>g1- zPF7uyuBpVex`TWdn41>u2+Z~P!xuq`{p7u#Z+n&x&h|8de0EdMxjV~D(bnv&xFu?Zfe9~KAk)rv@VIjH2dmV z%wL%^>jgh$OLJbarvfW;F-^#6Sx#wwMf7ogLvP-FZVs7b-nPtyIz8KOj5+*lajuEL z9AYtxs+pcIA&5N0gg5wg-DZDs!Q#Omxedj?7ssQE$I|wEjV5BN?<8?a z*4zRm$uGw9r;(?xmZ77@(66MBfCU6Q)20UBiLi*%8s+&lU$8Vey(E>W{Ehm0W-4b8 z;Z`5gXZ)I>r^O2E)(3avMkh_&NR8H!htczmmmKJ%Fh2h^mE)36ZJ&(8bjF8eW~44E znyA%?%>A^nsz=~26=#DB@(&aifb&-g8}W6L+8)cuxKVPf=2WtxFL4)u4cL2%j#`4$ z$vd#3p!y%VWH)31=3${*m!jqC#q5(QdCp340~wWA=pi<;3{6_>0XtFK0nrqK<-xvnelw=npQkbf#sW#l%o%fP3^F9~~rvesUf1YgoL4Sqq? z^(90b*2RIz4CrKZa)d?Kye=Uo=9zA{6Z`KShKU+p=p=NS7e|l3J#K$A5pMS~a^zlr zhQBZ-!g^axsC%vmb=(O>v`%riWsO^K3EuHn;dhL{>pq#Xbt&P@9Ctyax@#b@7rc*D zP3=;o;k{*-*;=&hTr7f_Ieu(X&ni}*78$X>Ei2*Qcs=$k5GKM$aAvyRL9q7P`X#+F zQ6U<|WUfzWRSjtL@3EKEj2BeZOokvkt+tf&{N(KAlj9cU1U`^*Yx-=w$BBwKM_`~p zUI>N`W+kf|S&_e;z5cryh;jua6X-^9n@o@PbE?>rW5TLj6s*7@-)HG8C4Xg7^7S;g@738mEIz$@Iyw=_zCF!T#0IQaO`K6t3E$ zSXIlFhgYy%po*6Q=_c2FJqk6Ib-)AAYe5RGu3&3`%M&cfxZhQ*CU}G5D~A;fzQ!ss zt%I_Cg^;NBmBH4B{pC6#Nz99rH>YSKVlMKG-Q3&+vAz^#DQ-Z$E1$Ck&B*t5o~=Y9 zXHW=^^_Y%7Ev5J;%j=O|?>~>Hl2-YgsqrWLYs8DsV<><8N&g4GO}9TYu>spf=*f|| zw4_mZhpy2*8b303=v>;Xa&Tb?eX=62-k-hGlT!2CG{=+H!^c0G(GP3UJ?co~kT|UR zJ(36%Y*4hvr{MBvTyXi=lTKo12~H%g2D?mG{P6LQ5dPlvmmy5-DqY3H$3N;y^nbP* z*Kt6h)=x*W07kzlatfN&IGckE^;~EY@QCytej|BZ zvns)T1&uR-Ne0*JEyb^tyg&nSOMIQ83|qQ-ZNlj=#u|}TYN^YkCH216`8kxPZq4EdWX|{7qW$T z59ByWPe{bLf->9Onjv^b_Kx-vTiDf8)!DT(ayv>0`H-gRZ*DJZQ;M?~8zz;Am8GMV z3fvvsdIoYcq#4OH*l*oCQdN-T@o&kT~()7MFTp z1EwsenzTaWNV~z9(IHC-K22bbk&<6|lMvi&tkDH{KlV6u3m{GwU21xgoYsDroQR+n zWI-#qmePG1P?y*IqD4VMH=%?U6auD!Fy@0fkDz1aYz&^1t*9>*ayACr5Do$Fxv0j@ z`3bLP;|J!{GV;ZbjD?&YiG$Yh#Pv~@ggut(&p@9c*#l$W&SN;`?^Ugj?1#i?Jr~bf zLOq|y1tcrXfgjh3ze>8C^O_A681$AtNOwvi@G{dgYGX-3=#5mbj2~B;K|{`!?4Kcv zDU-em9iI zI7(>cu^)qcQz6P{Mk+Km{)fnvDxQP)PLmK`oHX@3Qln4o=(wBfeH?3$)Am9)=bQE3 zi6Vy8IIwslb4Cj$mC2?*zwlqzN?TBQWfpOmCn3qaq91`%Si-cNnXFv>5XuvvtOZ>@ zBbS_&g$a^nt$T7&T{G~~R11^}1b)GJ1+T#1K9EEFV0K{hSjuwC!QN4NwCBIqrGoLX za=rHJf9Up~ykN3!B?!g>P>HGL-}SlyYjdj&tjgtT3EKl^hU-f9w>7ABsccnyX`1e} zK9rnQ_29>!*{c2Ry0rj?qejsQl`;|1Si$So#uK=ovY>SuJz=_HtdN0mmcB#mOT-HO zPsY4-?b-iO)&;>Bk4yQSRuwA;c^Cj|QCWR)dvAfq`s8BH%7xXeyud>)#a{B}?VX|2 z^?(Da+L!+&7$#aWS@$%v!$2j5fg+xP0{i6Og^LRK0OP`7fO%Sz+=<)^!cpsIn3;lJ z8HK$vvb_>=Qf{p7E&VG7Q<6E8j>!oSA4 zUTMDewVdHH!_~PJHv839v8p(iY{9F7$>6=wuFY2&Il}GM>}ltEG|FpszF z{q>P${lpckGVkAyucDNWDFBr6CGO}0Ac=ZvtVE8k&3EJ5t z)2lrj)l|+{osschjyC3L6dOr4V;?iJr@`$d?talN4*#{E{`*1qdh+V2a@UdtyH18~ zSpD_s8l(R0WHPZ8kq5XOW0+~&LtM)BiJ&>2auoyuuscj3&*2qM64=oVR=qGQHx1y& z2aqnia0@%HmMxX;@dJ>i+ENe95&$Msfh-qnxgvpO+Unt#C7qG|ErZG&w1e9DZSl0# zEy0T28MzPo5RgKQBA%ZM{p&YBhsl51Nt^?Vc+T~!znq`z_I?_(Iv<-V$2#YEtDLdR z^Vt_*(BHWbOz{~f#>=)BjzfKDbq4%CFp6d}f|id)qqsB=Mf)y^R>byh-el zLNd@(8frBjWpUMhB?^|2$?>r{dWYBF!$X>wEzMqQ!whpu4Qp*74REKFxLC>L%!EHY zt!gGOY0k+0i?h=MN7k`bfRYzyr=*Y^0{W!0lt@-f&aVADvQ>RJ`R_(D@-thJUtoi> z?rnqB0^`){#R3xB=8oWKIm#6uVO4HX7*U<>VC!LP7s#uUS8PqsKsJ@FIf-3Lz%)(MerPK5c3*1G7`dcF_y7i!D~J<@PvPiGsaprX^Q% zZ1h`p>5DOw_3C<*OID~r%|VZ})megINTburj4)n;8y-vHss$q`*+SH;rR>M6S#qbXpzD1sqwsavhH25!!G+SpPIOOod+FGY)K3Kj}Q z1>m-f5~F=)EfLXz1{BEP)UKRPRZ9^rrd(znb0pvF^x*ZM9IflM#I+K3sbeykOr9Jc z!~c`Xr2GG5GI{*X(edQFqoc{>yW{V^nLM8S$K%O2WU^b6?)EhLfc?$n-gR{w_y6Si i^!blQ@b&rne0{z?U!OnX`JVs)0RR7cb_@*wXaWG!80Urn literal 0 HcmV?d00001 diff --git a/assets/rancher-istio/rancher-istio-100.0.0+up1.10.4.tgz b/assets/rancher-istio/rancher-istio-100.0.0+up1.10.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7ed98b6554371fcc12e97804c1e4e6b8b12c1538 GIT binary patch literal 19695 zcmV*FKx)4qiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMd*e3JC^%nNzXC^{dAi%jq9k7voz2v0FUV4+X|3RQ(d6@$bdBi6!PVA?((Lngc_ zjKaTduyi_|&dJe{`oGiZ6#wrYogDtHd(`cAkB>Sho#VfCx`(Gn-M@j(CXuKs2^Wz4 zt+RGp#m;>p1rkC96qpj;YXIOw0Yf_Sd?-YSJWSg#5wwK~7cdNaz)qJt3`5-Fh)ob{ z`7HRh+v#{6uk$~Xxa%Drd!0&HK4Jn7F$z*ZmDK{w;}A|;1V*R_F6GRutS8^|82YFO z)bwrfDHkZJtV?+hgqS1`m2YE4CpbX7HJY#@y$NO_fuZa%_ECG% z9UuX_mB1JZ5#-3ApIcxx^?yqc7rf=iNe`TMJJmf%t3@cHY}x|{hux!hxU#O8#;6DU zFyR8RmY_7Otd`)GPotO;M1-MX1IG9##5ks;2PWMHjN|lY*Xwq?qeg(Z&u}c%vokP& z9Q%5d07oK;ffz#p%#`8a9*Z#$W2E8xBJ{vD8X^V+1!Ey%-fOolncE>0h>LaufFWfd zKmy{BdkyT%wrp)*aw+Z^%Bo4qITE}b(h=nb7@v$9cW8P~S-^XZmNTf07Qkf4AQvq0 zMZ!>{YNRG2?~3XfyvDTJ@{b~p!aqo zR5-SZyI~95B?DxCH_(V7&cBBO-NR{BuK>{d$9o!}E6Ripo*8Gno7$H&BYXH~)`ua`G zO$Y@k4_%+mzDssa_j14UXg944FJpc(M(}*TqAsmNv8cDH3 z)iU#|Uz&*MK_Et8*f)X~H)t~&Au&dY`3-=da6zNKoB-J8{e*=*(3Ap0uidt|N0dkk zV=`)G0E{@~zSQII@rmF2rt?jwX`0wPOu?X!$;kErlfL1BdHhW^&t29EQupNK>y!4c z5RDMi5JwCSA%XKCR$yF)+Mho+K7DG*O$QSMnp)jTzioon=g$oQWEJmPtHNF?pnyN@W@SD! z>_C4dzdJ~MlA_7xri?c~`K0Iefc zfVjX!jc^_jL?(1P#9@w(Bcnj34~$rkh+x?HnBxHX(D^WLe$AdsG(!pl7l7_`TIJ>5 z%esDYHG=d&g7Ve*mtpw5n{3iA_Du`mY$7{w%S&`uE2Bq>%Wfw4N&^Td(GG08P}Kq5Bvczk*gdWfafYoeUYVZ{Ts8vMg+il_Wz@!)8hI+ zINHg7TPYio{VI8b6~|huAC$nAg}jx(m~N~M zr&^d=36vV3b%9g~Ju3l94erZAdI9df=Jm57h%lEE(rEeaL@YNDB?1aeM)zniru0sa zeZo>Ps|6-7#KFuu^EwJ+j2;9c5-DDbiMBx7hstt+RSRCt_cK0O2&q{2F9Ti1DS#-V zgd?G=W@h)&@AeQA7~U2+DmJVlpb@sJIO! z0){aSY)y^EJh+)v+4CtwlzTpn$}JeJ!PG7Q9wDK}f*~kSxeX=lPs>1K8U*QK%Rn8r zEP`?^kFA(c*%s{Rfw|{qbaH<=b>|_YPPB@xs?`xeJG)2_Q*0*;nxu0l73sJoNA^b> zJs@BIl6wmmh=>UdlL+}C#1XfAh^6x>)9cb7(D!LV79whCjFi36JqvY@fy)DFS)!xa zIZY-U{don>1>`?7p;i|I=jne($DO?VchEULIo-*B+bAWm?jL%z7dHyd7Xx`R_!ap= zxnb${ZuAmA(@VVe!=;UXG(^{EC^0FEtM!doZZe~ze_94mxBgLp#fHrP3)ugUiuV8G zlg@7aZ=*b|{a?MT-D~2aHL?d*;eHcQ08^O3A4!M@+%<7V?sRynTa>mbyR1?RPi}#w#Wj>Me^^aWp z6IXu4(OXQChx+$P9ET`EM8Gi5Yf4qMGMpLYm^DJA2QP|=MzNT_!OWORxblN*tgvId za{ZwPK-xLu-frs2;!`3ZCWxhc-`YuQ zsAda};HXHsT8~Fb!B3yk4LgPBWj6@G=g+;$Dgur){cS;H(sO=VY_BigUYy-r^xvPo zyKr6upzen$OmnWCd7u``<<0Ho2Lg>D@(EQ0#g!|ox>+_5L<@=l4v$t>S&@+8^ zuMWAsr^>;+3I0$jRRMpWMiGF+67)UqFM7m5?}JB11NlhC#Q}%|A9WUiQ3%FOxbi6Iu=Ef%j;F*q_#d`em2J z@Y|I?q42x_skY$<6Ei zT2+7fF5yDy>+dPKrc}Hv>i?#m)#+c((Ep1dU+Sljj9eq5a)i$~Z3G{B;NYrSJXLo<@uD^{C|Dh@81@Q|4`Kb zyC)|HyZe7zDJ${+wM~xc?0OP&W7hf#rbZn-!5n3^jAY(|Y3&8U82`Gp;Y9cWvDH7P zF=9|q){@jy0R|TSHdwt?bHLZaL{guwj=xVC3J722dt(aNpxJnhNxg!}*lleUb8)fX zYsz%1bbJ1Jj+ID;lnrnYAaXP1z6f*9#l^#(oFJq`Ay@WE1tM2I(jrwVQ7MZ4mSBd0 zH;l&TFopvhVu3AzwcV-a#Hc7bHgalnZHvnaaci7LZG=L(Bdi(cRxzV;k)xn^))mlu zat~Q>c6C{B75zzpJ`W*|b`s_zm)Y`PLN;*%G)MkBI5|2l>i;L5o&V=n%IfDo>D+jv z6Cj4n$;}3id}>a2);!C}Q^1zpY0g5YIU6`-N$KBLjrDD0q20mD$_Foh@pG3|k6ku% zj#4-_`9QvdI84~1-ae_@|ML@Ny$}F%_W#adG5*s*=kWAkxBqXW%wBhEM+eB3*eU@6 zKo!5z-_!rVD6B*~A1S~&n|x|gKg&|L{;fsDUYcCT3_MT%KkA&8&i^{Q`~O=hh4rr@ zdU~kZ>|1%=Hq#f3sqLMvRlyw8rGOR}P;fi1R?r;WYbF^+sU3>Z2aI?s;&T)#6Qijw zHJpowm?3q;JU!z2bcd!61QW)yg-3)kv=6M6v>_`YYX_2P>R9|M z9lVt&=lZXLU7DM<#%QOdIrX-k;h?|?$VNz9Q6_qzd))b^qn=_S5SzeIKGXFWQpCYz zl=e&;2H$F$fuH+*IV}CVWPlh!0`Y!KgMO;*^kd3IUv|n$(9qYGxI2X6R7@G6haPz8 z?X`4|B)0Zw(AHOo1dJ9wYE~nlYWH7x|MPWoQM^;i7cpfh4xw*_LQOg|0O>c&5T}Y7 zGup79lnkuvt{&qbY~%Gm+6qcr$QDsHg>4oCr^}LZFphs&WwE(S>yqqiMN$G(5uSfp zaD^3Dl3FKYAz~-&Y{iOs_OThaQReLb=0Ih=L*RMxfA_R_{(E}5v;S?UR7&`TLo=5b z)qC>`BmH>mKhOWKFV5b)yYQl5qixLL|EEWXrTl*fr#t`et&|twTF(HJ!R^vYbiC0x zOW*0>XaUd(VN`y%82Wc`gm^Bs8yH{$+0;qi1SS{)2*xOk^w(aa@xr#ERsguxzBVch z9cVOOyZ|Zl9hDtd-O7wLx&CMe0Jl0rJ{=MKI|9vS4-l%&6G&H=f(>ZC zORWWOARiAXWIDkapQ_G zf&wY4sDx+{ByeQYprr@Lf!!EEg!mYUF{8<73?Kmra<#bRga|B-az(v(@dDH>m<($( z(b}Zz@-b)j{#JP%egyYpMBKjVreud9P`)I5n1s2ey+-4IgT1}?RG{A89=Od- z`drviKx4g(A?Hb?W`OQ;+CN2WI|SIwQ$yY><*Z@(S^BLUPCJ^KIyR-AzVa+tf{&02 z<|oG(fo#SD7{`(p9DH>0SY?0S#K`xwJ^X#qBF8g|VSfxF1ZBs<(1{VL2W5Z&_Zf^) z00vWc_6?@iAJ;HG-8H>nd`R?)5eyE8*xv^x%a>Y0BL?HKWnxBJGl5O@jMGy+Lq&F- zf)GboXl!Kf1y$}pc!+(cs+k=t5JYM;9~FKu2mmDr&|!fI=EKlR44m}Q`oIeF|n zgO;aKP=5Zbnw02E%rqO|l6PsYpl`8j6xGmwbaDB(uYc!S{kX5D%g34~KY{_0!(k{; zH(Ke|Q89v^9f0q3?zh?0Hwof4M0%TUZb7=+>f0iERePJH_^r;NH=E)n(VnKbLd%lM zCKz2bdd+Qvf3DGn$TJQNX||O)VvIw6s_wyAH#!g-J_pJEq0F zfTXr*%#~2|TLMFslU-3LW;96DA*Tm^WWT(!dARTI?>(K8G0jj(+X3}? zyXzfv+asMkxTT!hP|$u20_rE~MuI{^P!J%2ScD0(IJs!5oknF0Mg}`Y`V2+&f|nFZ zJt3vSS*^Nxprzx!=oIaGpKFnP*4&RDKR&f;zLk=<|G+qIF$9AMZPErb$NqD2+$q|B zjt-A^`Mky*1-_DYxDSu~q^Z8ftrwMrs8f8^Nh&vGNUq#-0HFMd&>Nmz*b3wBFl0 z!)yd&sk>c}31*Zi1J>T2wHQH$(k;kp^=bwX0Mk!V_UXRE;Hgk{EMuxMp}xvCFgY?G z?QHvK>)H7R7=p^8qXv;Gdx_N%7>cRdVzIDPP4%xqh&=Fbq>S@$tMJ-hN8EqtzRW^Yex?#^pv zhmpvqmYFJ}Ot$M=?><-QzAPJG$_Sv~(QPh*g26O~oNJ;xrcyI2&s|PXO+-tg3i9rZ z9DiCP$Dho`vA3sZx;ud`^D9n_^?FkCUE74A*(u#Q@2=DRG_CXER*{lUZf0+V%C%X8 z#EMGslUZxhAv5-mWyZ^XvgBapjVO;jQX>Y*uxP|sWRym3@0J*%4O(^5!7*CwGJ|vL z>hy~bPRZVq!~qmWikWSCnPYSD%n8i`1G|E?V|g3L)7yX=-%-g7n3T1Lltt!{g@Cb? z?e%!7oe4paFtneE&9bLI2h``8RA)M_#5!fpurl4`z$v^e`?4Jw^ZLI{ zzFN4%x@H@5^#9|7gHF-^@9<>j|F@Om`u-I&UZ!W;#_>MT*)8Sc zKbZ=5UpsfL4MTJnaP6|Ec{9o9Efe3@(Jo2q7nA6GPT*gfjh_on>TZ72UOZ6~bi zO!s(Jce1xSuGTe*sF=Bg+F}9xhmQU^+qeJ*Ctqn8$LUr{vBc- zrcDhXW^{-{C#sh0;V1_)jaI?X1Z#fdytNN?l?d^%)~a+z3{>}#YV%?GE_XGd6hm$5E@~=FV>F9l z$@dxZRotVxwMq_C(Oi*jx$Wt2fVqyoU(!cA9jXk=bt0sg0EG%-eUOw~tz4WG^{9^t z7MsUMfn5wKT{VYUbtFcEz!eSNq}gWwp|Z`ECw6_^tglrZVTGm&A-@Z_SFo4@V_Jvg z8hS06^=pT;1zgj#)w7snmfO12^~u3(YG$8K4vJqF=u{!sIFishG?I{ODI{O!rXG4w z=P2pY<}N!egj!HI7wdyR05MS)zRtjgbo3TYP*{@X?2C#KdTM$2uU7Ks;Gws5?^Hy4?f01Df=g=}HZhLL*Ag)hd z^T4d_rU=eFp99d=dTMI@`AUBMa~Q>;6a5K2s0WXn|MBFoxc*O%cKLs|Q#Nn^nP)LE zK^q)(B^B$t+9BNsXDJ6_6@u$A`yU*zcU#@U+k*Z7pnG^+ zvj2B?`5(4Y3UPRSC}2oOo?h1KzJ4OoI3K;*OPJrP+jNxx#wu{TV_Yj&p}Yq|Op=Gn zw=ts=93b8rO_&=-DZK#4y;&FYDq$K$rv%dp&E$AOv?neUdpw9~doCla_=f3FyDiOB zstB47yLixmaqPrs@eYr@P9s1%3a)yXUbKS*&=?UD*viIUSEs?bD}{6*f9k0AQ*#*F z06nj4h@;*e)fd6`ofmQNnACX?g~b z_omYvNb3>Umwn6*XYV~-QHloYD42-iHHAYYOpgIuu07YRd+2;wYcbPJ#e;?QVIEr}`r zzctezslWpg;Zz6umr_~oz$S3(77syW+K@Mhu4ZO#403n0db%&M&r6YvgYu2q0mVxitiBtJ-X z=^k^mUxTdnrVSQAG~p=l8bu&I+ku8d@0{m%Q;Gn5jEADBqSXK{7!+tUmH7R~UKSS= z+!1;YpxpVC<1UU6xF18Iy}zz$A`tlT`fWNq#tXmk0x&!p3qaJh3FKVu06ruy1yCNp zNPBS8L;xrNONfI13JY*glQ3w!NF!L>LoAG+y^R^58`se-QeR(5FwAZ}i?E=L7a*YO`96T)>RO{G8@@-OPb1_tw5Y%& zPJOjUHx=;>>&$$rsr7DC0aDB*KXu#(pzkBD{GSytxz#uB(V)*L6@8ixt)AwxigA`Pt5U>coUj`n*h3^r;-iZSJ>i=euPGMK85evlM7 zH}abv?J;6I#54xR+Hk88np(8x1-8R21(R5ghcur_bhxnw{pi zot>Jj*@}=Kni;N;SI+EQ&roxtL81zUKvAq+wGr9}gT%hJZr~=2As9mrV#Fe>!;zXV z0Gc2+6=M|?LAIEB5=z;U(NGPmZq^P!3A7K1Zr%DBY7A0a888z74?>iY(nKn2?(Ipn zD03^fE~I@E?p)J@srH8?Oo&<9;gHHKjhteHdagYEKRZNWcT_F`?{%x>?thZ+#~t%$Q_+M$@s! z2_Tr@Wbet20MQ{C=_CB~}+oZI1n-87s$BGtQ}wCPy}LS4c;F z?K3KsRP-R4>ElozUp6rrQvFnNvHlRFFvz|+=yXn6oo=ghaN9lZb&h(S44Dqns)3*;5mP&pcq5GAyQj zKZKlH8Z`9)h1iE&C-};Yb7n;}dI35v9Mtv2iSaKz;m#fUf%HVg<>8Pw7=8j5f-r486_BT3Wx8?VC|2U^nL?z!a zoL(_x7*R6Pil>M6wn}!H&&ZH_&F*5}~hMBC)2GFEe$`Xs(!G3Bf z_^(@L=zm!-*!Lf9FK#^XAXaN*-ueI0(NQt~L#Mlo|F@O$Z!P3XVMxg=|09!sjKvR7 zlHJ=x6$UDG*)kKk5CcDd`UE_Ed~lZ9F2U!|zbF}OfU>w+T5ip*;{9AqMy4Ns{``x& z^_^*oFqi^PRmiPZQhM!a@%3A$X_L$BmwjLWep`aBUmFD7ZylUp|EamtLhHXjMq!K? z_e8vkDQNck?;ag@OZlHpySw-gTPdGDwfDdTM?H0)O^QQOi2F8@WbwzS2lm>ZKQ|h( zTH{;=O#v`f{)R~yPMruc={;AupuNVwk(7ssuRaps!%YsDpoH0UYI5K*`qn zKD*NRw2eUN?XQfs`sV$OtgB-3#K?c`HEt>3I7&i$z3v|Bn%01=A_a4;p4Hi00E7B= z+Zbw1nuY-=T3`um&ov_e<@x76Ht4t^J0?vj}KkAI0Bej%N15 zYp5an^r@xeg(4%uo5Ll~!fmR=7sey?6(j+8g?`IC=j)I(`oL@OilDT1snfRBYwhAG zTdA%4hn^*Je%ORvAxGs8Yf-8Ipq)vbKXWr!+kVuyvfnnoC(Ii~bS%%iEQnh`W+ zn1~^0{++k}&YQXYsIb5MVN=O~=KpMhX20onM*fMTn`Ah|51`pq^LlIDcXKnSVw7@?+Nz7zQ*&U(M_PmT zGW=T(by}5!uk|ghBG2ohs-!z;Gs~($R=&)}SW-O+Je@Wxwr6&=^{x8<*0iNQObsoL z%XFSpnG)^X$SF%(f2e5jCW~L}WpQ%V+4xpk(a~*#)?k`XGHb18l^?~Bi54AZhKJHP z+5i-bjbxF^c4~ZO&f(Rn?0s913)5PXTiGhr!k)-kx-u zp!p`P(5w=8({^7gm}N4#r@}4|Phnm1A5C~12btHEu+nS!a+F?;kN~ed!zF9gRlDg;47|XY@8iDNXCP$#E&FzdpDv(Mw`6TjV^fUm);0pzH-!lkTA#iG#CZr4G3{o3t?q6}yv%LlR^IW%=D zHcNdjOT2E?S={eU%JtlUr^=WOlrh^{vcVmiE+Exe8@T5fz$-ahP2IB0KBHo}+YFN6 zER4tSeG-B0$!fj7M+3kp74y1l{MuX~&^)5m#Eu;E4AC*}*GIlqib z23Dw3LHKfo3Ij})L4Jwu=bVsiG^QL4nreq=s-uR?9w_|zyCh@XaAy{GKX0~c7CJas5Ds4~Oo$Y%i_4iS^;YySHQh6=vM zC`T8Gj|t%Gl^08X+LdVkIBOga!HnU_3#VVm@Suk{#6A|`6krlyZCfWgE?XW}8pLwB zF{>2S-Bno6BF!RRm``R)w>GRn#kw`oD$HGu>QFUhLu|Xb5`df)ve~RPGJdf+q!&8> z^P$e*w4yKgyz~F#qi*5+uiH5|+MWMxqpZtni}_=-EV0%PwIY>$tx4RqrGEb0vh%K# z8n#*@$)})IJ*#XbObzZ?*ped+02Xg;+OU)ZBw(HZnEZ--k>Z$MaPvIR<#SIxz;nuC z>tBs!1mo2hz`XmPC#R>y^?z`%^Z(gOdCc{@tz~PGGx?ph*YqDLwDul&N4Wqrl_6Aa zBOJxyH19GGT2g$%F|cVM?$FeD;6sLVJbRTuaaj0H=_0A&)Q>>#TR&JG=0tF$DBCU*2x5&iwjzE;*L@|RKmMbX>^=jC*@eD9T9-OQB98khx@a~{NOHvvsQ#E6JK4*D@eL;O(N zhO@wCfOm&0=PI!#+)B$^9fd1wdW*p>+l%HkQT}39OO8z%G;@~jns#a}opACH)~rw3qz`|?ScqJluhmT3BjTVnuDo8d}&lPs6Mo?>yc7$FzJC#ErvfJ7z2)f zN1H@#j9}b%fv$wwk1-bv!3aQK;EB2cNRUdrRYdHh9x-$2rJopJegC1a;VnCsDLR4* zmBUJhOIiaJ_FG@UDv+MVyb?Eo>XCax@5u(J6=E)=4A>7+c&ii4!Rd$F+p85QmZCEj zB6e|Nzb!$tFUSP2?EXKZ%i93v?Ei{OU)bZon?WeN<+C&ij6x^f~e=33#4USMX(7;Aq6qC?9671o)JH-%Js+!%ba{#J0>PPI?_mt5@V6s>r zMzlXFeXw<$mCR(sFH8w=r+_;u?M3?(p@<78xR&Ykh&=U#`~E!FuX&^5_XCqxFkLY! z7{k+b;5~W};QRAcmy0_r1U(4Z#qBJWFGyb5mCcrAm+K$ zl!h~8f_eLY=is2Q{~w?3{J*wSp56XmJHfUq6Qm}ffBy6?6A}LT(>riQX;^nk^y?(* z50c>!G0mC#K8&G{g=6!WdtyXGph1`u92Jvb)w2=@A!B@z(AHNgaZs;N(y)HtbGv70 zvw^OYw^F`{{r|aa z{WErbF=hw`ydRol>p9!}tvb<{m4W$k(Osd~Q1z}*b3P7HM9Hcx2I}i&+k8u5fC8XG z&@R6Bnd<#eeO=dPZKLltBROqUWP%LAx{dhEdAG>MeWRRK=XKwwkqV%;0TO6X;>)B% z1Rpj)f(Sl5%g(PSzOA+YcNf|H7x4c$Dc=7$I@#&}+bPd`|L=Z*yMN!=Ugt;wyKQQ> zP5o82sYe!t`-N|}DH5;R_O1R5Z~>PXXWO>^YJS`EM_WOv9X|1;xwP)e5@jX%FJ^Rz zLnJroMO;DV*?&$>PKxs1;mOYbV=Lu(%74xTdlFZWcM^#!jYO4Su=~C!4-OzlJ!YK0%lxs* zti7^w99C#Bf)A@TDkZUX8rH(aYHb_AWTocMtq={y2*#_5qzapoSg!7A%@I#)gk<=z zF?{66td5C_IlL)Ul+rdImq!!7*4qCcyoIg;&)NUGr-#M+KS#%>JNwU8%Jbg;AH1iz z3cU9IKk_Bhi$f$(pZjov$jCj)pCb7 zT>bC(xaj|XvdjOyo$~DXzn)-EWb=Pd1LUdJ%|>7z)Y<+uvgWpWe+)?wx=z{iE)M8> z^X9WfB*!`JEyI;e<26_07iisnxmxoV6Rq#k7=&=N5YL{46O!O0w0;Oj>oMx_67eaj z{q+q_Iwpmjswy&tQH9sG&2xL0U_dN$(vYeyi*~S5$*<|(X3n41>E77{;!v`wN9!ZB zEo`Twk8gEfcK`n^f$T0>P5_vv{~dLT{(py^b(q#_+@0@f>_rDH1yZC=wDbJ4oS4^-cQU-4nCg2~GikUaSoDHGC zcdD+jJu?Qh-uhom44k+Ak57vEzmE=&cJaTqQl9zxe{M^Eg;oE|7JQ+svHk^(d?*%R z0dv>?adG`0cMeZ?>wg>NIj?^`!JZQfxK$X<;{qD*=e_Q2S$6%4F=a$RJYVY1$~^l| zr(0bAhleLS`_ER&vs?e^1bd=&f9tewSG|2ycMN2V6~@OcqCpatf<4rjB)VR=-jZVO zPC5YRnXPLvsj`%O3H)hS9=9yb{}&bdoHB?1A9hOq-^wLm$N#rbo*(~zN}=!8HeM(1 z<=DPPwa*b(sq*?hLr|b#;q(6+^C2)FE@Bs-+vYNsdgB9NfvwWMaRxA6=gT6HQh=df zk-s7d?6aJqrUG%mQ8`!-7K_FsHYn-LqJ0T#VbvzrD6T$2H;7F_B$n?0*B@@L2Rl*mPg<6h|0alu zhnCJ)x2P02SN=OF#ee8@cJ{xmlxHXZxfAS(q`;pL6W&861?u16T;Wu217PAorwuaM z91Ho7=3N2Q&>7+}B^)j8%3fm!C}Lv)-_G`AUowJn48^!^=eTm-WnV-{jA?DKfOqNJ zIaE@weD_nu)PP%+KTT0Q=E9^@7~y%YTY(q%RIZ(-M8Rp$Et9Tn|=hlhvVo&2|r z@=WEwr*r)+ihj#_{dS+f&#zlnTmK7P`$@|@{jYmkTK~u0o&Vof$}?U6Pk8O8M)$j- zG@PUONu>K}%I`TE-;Yuk+Ca)gr)hmTa&xwQ33HLd?TXLDG_L*Z*1VfVmxU9jS5Y3U zoGbY$I{aS=N>DCV!Git$O@7#SKm2k!EfrgU2~d65$mG}52v7*8U-}ZbMw}+hM?4o9 zenC25@*{u76XHvei~cHQHTlnMsvGkE=yuEgAG`Zs+bPdf{?qM0FA4BQ!CAonLpQjj z|A&FTdH)ZC&7Z^nBc;;D{XbGNZPfq6r$Oz8c)=KDz^(D*bY0tTqP9MZ{)8~7L)%_9MWmDgv)QP%$EPU$K8_uZ};eM z=l`*lQk3Ih9P{?XifnJvfv=F%K7Fc@w1!C-Dg_dFT0C1;h+9vLLve_G$aPyk!7xGG zb7ru8uN&nkM82R*Hyc6WkKa0Y%)-Qe`nCe269ZjcvKdV^Fh;`=lhKcH00pw}BlvKW zuo3EkZuaCyk_MWz&xK;W*DeStp_(;n(09ft+btF!Ct1Q=@0T5kuQNdA(_z&Z#5CyZ z&x`d1{SS=7Ip54^&+J1+HY0?Jyl7U!%5+BWh`f)qn&X0v)#1(nZB~+kN4?>O>XnqJoKBxU=vz{~nq-vVcdw36w=)QWo;0QY8 zU2YiN4;LFtySUZgh)uAM&U_{Pzh7aF&*&DzlwmP7iE8AR*=P3UxqO$lyC9U(XqSeh z9xEKd5$eZD7)s5JA>q(ly}L@n@J7FJ`4)p@gq8)^%GicC2ix2OpArEvLCjHuR69M; z{PZd1RG`VHT%f2Qpdm~`(PwCcxnNU0LbW`bax5sDg3q6O)pZ0MfzO|_DW4MNiiX&q z){T`zidaOwp~DkTd?C5?QVAQnD!S(nAv##<(S4IY82hbydSv4L7x; zb|8hy8T-(Dj&G5XI#DZ1?L7-4RABQKv2QxxbY|{Xny#22&aW69Aa~p(F5jcvPy!G` zF`h9Q&42f3&}Wniy;Tc_qnl(n#1Ej^ZUXT6b9;+4=3|PZ$07XYVdF*Lc=6N@1%TJFS*+_)u$807!FVs3s1L9PD6KR;>kcy07ND_I>28js4IzdZB{w}^7wq^cpr#Om<1NIAO&U8h+Z+jAJh z0S>Xihcc@og51=oqKBz9Q=zJt-&uN~ zpWEuq!`_0LQwAl|nYyzD3cZf)G!xDbqOP#prJ`;>1^}PLw6Id$JK>WX&PMuBROUI z_LL&~Kt8_79ed0}Di3HLTAt_a&Vj#_ve5bOIEE`7{F*ZF{#QBwbEk8#%m2BRQqMi) zpz|2{Ro;Hp0*w3u#<)Mx)#Qiz82Jav@b8oe7+%rfED@CZFhuOjIa5~n-a#-{@kL%;lL1P4Eev%w2D5~ z^wPJ4l55PfT?I`CVyd>yW)8CwttKefWr41L)r&5^&GJdBu@AQscdLdxXU}8F)U8+IPtSF@hXMquXg?&J)Dj zhezF$7wT`HMzV{oqrJ91UWS1VAz~rcgAvwPHpE^=at2gSC=tr-&DR^&j20?d#ve!RZqy++Gr zsTK4YF-U~IpVI>{5wxLPw9d%%#-}kdM*qiRt_!XIn8%N3|2a55D&~Lbbawf_wo?l0 zS7%1>*Z}%o%;SqpYjc;ddM%eRW%zfcOJtgxS;^NlME}4lYTp_wIp*<#iqXJ$<)AFstFr zcc&dvHo!rE$jy}dA~fB5x%X1O<9enV5nuUh=bU0A_|O9<$H#}R-&}-Ac3VV_To1fU zxVTQp8CR74Ex`;0Zy1f;ZCy8f_V#VVIOhJyQF;JW0AqZ1ZOuHEr54M$xAI7Wd`CEX zi%Ig32dIFZ5joj-62~Eu3LXrz*|<3hIc_nn>;zl=QmWD$%=9E>RHqhFztSWA76|A) zxrZz`ySmgBWuE+hQab;F7VxIk=8HlU}|HW#tp=pz_&z0;E*rkDtx z%A@U&jk)Ue!bZQA7zxhNhXFKG)gwJr_`*VG{BZ zYhA3D1NpFWq!}f@(t&Qp{IMK#J!sj%r1ou9ieoFiUFSZ{FaSR{_Y_h~_eYX7XBexb zaY|G@pI4%s5p3r+X6jY6Q2h$U48EvuHrC!0ZxLL*op_O&M{4J)TI zdWaFjcJ3}el!+K4BFxe@EVQZ}LGKV@NOD77xgsA~z*ucoa=RVhFp7s{1|@D zIflRN`hNubZ?|(?ivM_gw6p(irL3p_t<46WZ1uWI?5sPKQf}%~5>ES3dYgAeLwDZ) zc$FJL*1P%{@Qq#hbCd=7zf{g1%m24~dQ!Uob+kMG+fLcA|L^RZUoXHJ2XqKN#E9HT zK;Xzb-UkGs00^pX=CoP?=JJDMz4+Yw}eJ}&W&KRM{DrvD)A!Mc-9aT7IGP1i2oal^rPMXE#-ggoOXBTKU*n9 z&Y7}FJ6*p3Mp<|3cCFY*cFqrwfcZ-54H>y{vRccB|8gTnRa~URLv>~K)dKhTUeBwg z!gj(eoRNWFTi@kBX_RpEAP^%kY$YtLyCtX_0-rzk+U=S52tR$wVk|eS>M=@1-Ie6W zL8({$*3jb9r&se4eqDJ(vTk@QBY>$nR~1-&_KsKep}S1x@5VELifL@ON0o!1E_zw9 zcCOoLxaZX`S=(4;!jDTEw;Qp!*t80cZ*DK&p6kH1bpiUbslPk1#_Fs7KKKefU@o|%gMpdD=oR`ct)jY?!^Ga?1kG#v*ZK7u4j@Ay!kkOGfh)yL ztyvU^0a^^D^DzQGWjft!AW=WRexs8}f&m&*hFlA(7-OzqdTJQwcF+0o)Khm?Hc%Gg z|MzInk_v7s^`u=&2An7Vopg%)|KRj!cmH!MWs#HsmGa?vdTqKa8WxiPY()UHDCooi zJ@AJDbdO0u@4bIt{G)&U;lu5>FWYxt^R};dFYcOzOy~|3}+bXD-!n~&vQfaqxy|iBbuV)h-t8)Dd27OFM?Q^v;tP%M|mwD^|wA0D2 z|L)1jZvAhk6l~`{6fmSCy9zLEk5%jnCuU)}3gtZzVv;;KZ_T`tuYJS>9%2;qfO%S7 z&*2hkHnwz9x$4SHFFs>c& zF(7Cf2J`;@-uqRxXHb`Y14GI{fCR)L_Zr6NX?ixv^`pBs^O(8*Cz>;^%K+x-f2H_O z-P3M&7yoxFC1!Mj1H^hjPs4_ zn)p4PzS^WZP1#yI!i-Udf>w@Iv@#ad06@S|%G>~Wp)&s82+H6H-A-eq6S4sx5->oZ z8KH=>X;YmsHU}^mA=XrE$6;%VBn?o6)C0PH@v4aqJcM|bvCWT@9_V%?2d@l})6*H{ zP@WcwzPh;{IQ||t(w|P=T{YCu_YvpssGKa<2nPRVSfF=Mg%Hvm)R;u@p)YABC&RH^ zoQ>ace20mA`&)w8R6AmPbJXoNjQrLs94qS~bdGt{cj=Lsv4&h;N%_;9N@}3plasGc zp0QzaCjZYgzZfrF|X zZX*F+sc-%On26V)ldq)$3rfgU3G!>RNmV@h%B7YvL>mu|0-_aLc3LF|qE%?1iU|2e zbBQU{DA>Lg61*)$cuN~iyAo}xef?^u+l(ojp42Zn%<~4g1?~|ZjkO0vRwL_#UX+OV zPTuA1P3#$SuP)|!9ia;{uFkLyYc|Z|$E!?-(pt%;gp=)2*2?H#GgoHKmIda^5;JCjIa4)jR+u*n z&zw1Pr)Kt4K3;eRfpoL%b~-cW)Ozy&qWa$$g;IxKMg3dg{#UoC{~a9f;=gaDxC}{~ z)%r#r?lWUp(_R79f#S^}K&3%0{VZmfh#_eHowu7S0YKL0L;h%H_*kz5_wR<(Xd4#~ zF(iR9)T?~Tbf_I8)PYu`q@h~lyLMY^WpA~;9!7!sM2lG2!Vg4 z;;-)S5Th{Ajv^tBu+SIml()yL!Bo-W&HEc!7n2d-G4fw~jmsf0$0{0#PlO)9o%Z&+7gztp5f1zvJt@{AtiU`=4a?1^$0}vb+Dal~R?( zw3NYgw)1a!g|F=Q3*$IOnb!(ak6k6ARn?cI$ax+Uy(2Jxd4H_wGtsQMu|=x z=rb6jT+YIBC4H@>**!Wq`KDQ9?)uP5t0uX7O`kp$uas0*{R6o9#tSmF9Z*>en?@|B z$?6$vjyE&eTpe%qKvQC2MstP;$1w^yMy21@I^IpIa`24w9Y}Gx7EPEgos^oPF zL?%U584m&at=Mw$_%A)=D`>=;IR7|%^Zmtj|KjS0i+2~-XK%}@R(YCaU*BAvz3<=L zez-pS{-S^TpR0??&kX|gt-ravzBs@AaQ&bDPiJp`tOnB7P}*{}Ed=Uc7yp?F=nhSr z^Q-_C`1yyoZxz`7e_vkx>+*g7huhn${?&);+sY=sIqG(+aC~?1PGa`%?EmTCUZ0&` z+*E#Do=o~k)5}gX3scL&|F0h}uK&~j$JxzA|LW}ahbrijeP;{QIr0aeKf5!s{Kj0l z1MO;drm7U_7vc#bi1RB(2Pm(ykA;Z8MO@m)^UFiff z?`T3q!A4;RNlxHG`;n}!{VvSxEb=1IL_{NG2a&?v+ZU1iBq# zr%5l5o6A$>Y_GK<6DXT`R-A@Tj-%4NtJ$Edd^9{%q*9$ThciQc`9Swtd-CZPTJgkh z6mN6OVv{Z@H;c!xa_vf8Sy2C5D+A;l{qOMjxFY`3PXF6VS(rtxe@XO<(i0ywF6tLW ziA{$`t?B$y2{jjh_c)2ozO0d3GpT27XP-?j&o62?b}2*uEGa{CNkW~ppkH7b&_(6H ziT`-{|4&Nizn!Db?)-NvWkprcua9K56xZkk`GM*h;hfwEPtSVy;%T`e%p zwJJW%DphQYI zb)+svp34WF)z^}W$Dp&QB<1%P_HHbWjIhO(E6IPW>r~+E>e2(ZRLNoz8-5St7?Tm8 ziBR>->;VJl-yst0gL~yg0-&97iW-4|=PetURNv}aX*VeV*yM!R$Y^WKy!5u3PKfS5U|ugabi=9%~(E ze~{o%#gB@ie+Ng1dyN-5#DU@O9Plv;Lof>IKzq<>N7m4+=a%>Xg-a4oT2>0SFrD zND8lFhKBe71>hcwG58;^J@A2qQ$UIOQlcdFX%J$9yoUGYrhg+SLyZ^UoJJ8P;HUE& z5Mag|-Uy4f`d6dh@CLuLw))pT7?0ZWAN!L}NIL^0ccUZ*LmVRB*z@>(+}QI5@UF4v ziAerU86GwE{=dcx@DpU1CLCP8x!?`YBsXk$I6$zit26p*!<%rQ2B`fd99qp>|JN61 zZ{A&aQLtVcbM^mjw;2EBV5k3Yr&y7$(KrLwdM?;tagd_`P@*I^BlkJc0d&NaTyPYs z!l`(gNoXL-S6CT5!IUP-2bsxzACkbP-vj~Xg5g0TPyizAGiqZfd5y;Z277z&sX)EG zJ#afl5-IGvXjp;N#p8aA{jm+ilDSk5DRaWIc;H8lRNsEi2YmVE)vVwwuR%clMA;ct zTY`cB>1+|mHtgaed##9|lAK5srZjQ!P%ro{cImF{%C2m^{Qm&}0RR8e3vlEBNCE(2 C*Uw`B literal 0 HcmV?d00001 diff --git a/assets/rancher-kiali-server/rancher-kiali-server-100.0.0+up1.35.0.tgz b/assets/rancher-kiali-server/rancher-kiali-server-100.0.0+up1.35.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..5ba1ff1be280adfcaa6e9dde23040bc1f44b48e7 GIT binary patch literal 10486 zcmVDc zVQyr3R8em|NM&qo0PMYMbK5x5FTQX8`V{yxvlS;#L`lBR=&7l5yiR5&&*tK_o!Q#6 zwTA_fEeT_iU;t3IHk0pu3K!lgZj{nOxh(C;6e^^Z;u|I{Cx9QM!tg!)^l zy(Pt5VD_i}#&wk&_l+bRhE!ldXvl{hgj_7JPbapEh48^9w1;CsyCmcS`~DEs4VSLV zydMKB+-WU=De*iAhsY8v2CFs;uOq@PG?ueKoH|Bx{2ALmS z>Bc_i=&cl!-I-D;gQU(05z}}iW#3a(>wi1Mm2FHiF??t1j4=o1(ojGs%4MXS1Iz`m zo|r-a+`Qy+sJlH9O!NcCrxWVPoKwJ_9fgz5EzIvI^Z2mSMXED9U8MQwq7cL#Ww#`p z$d}=mVJ=wgikLwsz$6ryguql$2r%)7x@1>!%K!I-(uoffM&n2gunt0c45;qwAQUq{ zYiH7q&Vq5GyIIxOBEz-}-FS&SGy;YNWs7o7!4LFE;GJ1AXb1hi-M9Py6-Q?DKDO4| zrzF+de?4Qj1^`;@|H)y$V*ihikM{O|7wH*#K8}4~Dw&TnV2pV1Txxd@A_guN;MwRC z2lU*7$fxr_DqE%bLl+!b>bWumQhRourM7{F{v7c*iYOD{Df=mJoGw`IPz-SyxwTg@mk;LDQ8+Z+=K$aT7mZG@*6v9Qh z6=MS5g3PJy7^1aYsCSadk75e!j&OL@z$}@Blu4u6%4p2NvpZ!X!=wS7oV*R3(UP_# z1mIIL78b&>m?AD17BHDh{{BH@G{rNJw*EGxcL+<%CtD>*0O)Rt1)9^Cp(`2-K%cJO zrQI_E7snhr&k!S%sX(%{l#5jPNE?3_htCBXlZos)A(^AGKv*Cahl>6I5$KM_zSnt% zLI6*)afgY9D3X|lGP-g>WwlyHMq)DC#|Xk}**w{U6v_E35D_SjUf6Pwa2fy&K{bz~ zspOKPIP$PCJmnY`wDSykR6T!%FuJ_b?8%Dnz;|f?c1J@6CV6s{jkc8Vjp{@^0+)=5 zi>T=$B%~Cv@5}llM(^hcyDo69gsvJGGrw~OBZpBc9GZ5mgvg!Fv(7Vg4MLD`!Zodc z1jNnB=i&<8O^G{2m;s7>?CMz~GhEPcOeXJfBzyY<6^0u%BgK?*Nbr~(UT8E|g?^C| zxiI)m_x2Q+9MGMP0zpm==~@CRYij&vZ2JxP|E{#KhrkJA$ zSU|YcDBP4lFatIhQwjc6jXzO_0?GhMY{{svx>Z-3bU=l)i$h&|%puoJ9}~cY%m5%G zA2Ly@6;~HoFJH=K5%xSH;XL*ogVh~rfQ^*!cuYbf=CTMvA(f*=y+A0UUjA~ z8izaCN=X-od)JRW;6wD!=guxg?%&}#w~B8$xD15k zPckR)BwGtf?k5a5cOb+gA3QUW5Gp9uOmiaS)5!#wZl6yl&X}?Q3%N*zdts%IeVBoq z?<5>k{Zwi(XH3BNvNDJL{%N;A==Kk91}DS*@vwjLfBI*`e%}ZN2aylVk;8n5tbu$g zJJ8|agDWUYCWcW1PSP6H{fa~Y0()3slT-I{ws6m$`gjC>`hXG2h?qOBk2z0dVCfF> ziHrFV4b-n>Az@~u5_Lsp$*8Q>oV*e9D5*hEUygm9Np+bSLYl>V=gkP*IdY0Sfg09h z>~rXJ;9daB%?9nCXc*9ie(w+uLLn!MX78B`OgLlWgVHGxBQq?(xrMoT*zxIvgpQ!M z5Xvl^OhOV)WDc#BG%g-0Au};Vhy8wEN-hAwh+7?Z$#b3ihyD+;or%6r?8gNS0xI=} z(ez3o`h&;7d&h(0(`V{$mj+T7caMKKIypY-A029+hR~u!NIN=SYh!Q)6T$_X zn<0QQ&SYjb!mch9@#sw=Fx}aYje`HUsdoJ*Evk2Z@J5R}~WI^hhnbdE!V=3w89@cmym20bG?r3R`ovuvIHQ?ITd@ z_5-t8ef{BD=9TD1E;?S=og0cc31VL_@d4dooip)RqdUrOxn7<%`CJggLc%FA#d;-8 zeGiqrFLvjroG*(PomsCC8COaq4l2Fwm#fo81_;-=UUej&WkRnIO?*oW+hKQ9mwoxt zmHk9QFc98MZablCp{~hB#^?Zt9y)-}$o^IPejAxI>wy>OAcQn`rO`>Q7wD@*;Ifv+ zyua&FBFBee2z(CJf{iTI5D2}}pM?>ueLt$KY`0mNAY62c=v->K(k4@tH4|vWNGQh0 z`ZMqTnOg;WRI)F>tEHGUan^rX$a1WFW8|MCxQ@qTa*wR8RokSuYOOOSz!lT!s#R~q zCF6JoY(zPz6_#qVd=bK3F274dPCQ`XwYAo#lXtR6VFcCmQlZi$>$3UO7+6q9ui)*B z|87n?-P+FA>n*)RZfl~-q#HN|Kd||c9tdE8?0qsu*tm&M>Lx-5 zdTglGhJ9n;t*r&jr-{cu*=lH0fP}wJC>uvcttzZ|u&a$#M z42Kgy-#M?)cU+Cw>cp+mPyD)?j3z|Jl7e}VJ<2LhUsYK8F=yL;|G$6c-&y&$2jB6$ zMSE!>%YJF)AN?=+$a+z%JTvz#b?OS&ttIsGLP&pBetc)#<6G*1#M!w)a;HhZA1&fWAt3P|NLs%Ej$D^^ImD&h=yegM8e2P4d(Ji{ecrD9oX zX|tQCy?Bvtg^~=iAkhO^i*ho}Wwa`7t|H!i)00>Uc&gKb#El`mtv9OgKdC zSX)V+$zBR_foTVUjc(MAuUgn<`NoKb==OX5-+H^2hS^4at35S!*y%=1p*yCS{}tw` z%u|l6T=q)ORB1kBU+Ct@s(QlbwksC`&AqeLelgowa*986_mp?emg}Wzspifq=iOnS zDP8w4eWthbGB0;`ned5r5L$@Ks8wL4JT-!^W~gz%)H&o=Xnr9GNd@EZk_;?mAuP4k zkof~81jq+7tukh1opw@Zt!xT8YOqJn8CJ}iW62St z2ks-ExJ3AKL_&{f-+HJ#!zEgC8lyWLiWU2;7OLlGVY7-flXz)8nN3|CM&KBY;4l+N zP&;pRC`59Wqc#Ac#u3}I)*?{wLRwa%lTrTt*jqVkrI!6a7mwo5^I@Y{@V5Q`ljA{o z|L<&Yyx;%ZMcP!=cDvo;aiu}$mW19gi$m?C!E5P(mqwR(-k19IYd0Bvrl5&GZ3+?S zAmb4pW(J_P7C&{k|BgZuO6-Y_HG$G`xHPoQ9)Z9`0g&)Fa7D^vdce)L?Yy3Q><(^8 zZS!CCVt}Jf6hPbg&(pKB;`~4C4+i`ApPi(KoWHx8wh423u-ZCm`uCJt?IN2s1^gSWc})Qpc$qpy7{*1|)@^$ja|{ zTgWPJf?KAo8GbClvEEC$sLvl<(8!7B7L{WK-gN+cggHk<=*WpYqa;KwHZkg2tm+ts z%3N%OBikSW<9BY5b8zdHm=$MJf2K@d(;z)>P!XCG=>$TMP}I|W2j*ajkhoeq1zhaE zLSsgQRF=(rBCE0}KByl{m3($#tyXNk!qrx`m~5a~T5`5g%&ZBrT%SNF9O5|eUG*2WRZ%UmsHU7x8d(KTcSAjmp7BMsnAv4z z4(0~x6-RWDs-XYCfv-k)N$p9Xv9bPdvH#gVRu94%ov#H0+U);HIsW%>aJ;wwyGe=5 zt4U2(H@fxkEaQfSH!x^K@jlIx60N}&YM8Bo9M-@M>cmn9Awh)1?{8$y=)FF=(Lu-~ z+@&*MAHyNC6kCp_=){pAfx63r2nftEE*&0ZJWA&5%q8_W%5v*tQaI#8bZma=lOi8< z_J&Gil0v%C$7>kAvl?qW_kF64?V3oSvLmR#zB=R!Tx`M$`|K!MCDF5p*YYNynYq{WF5H5&e8PpqfR2~aTVG%~o_@Kx zxm-hHDLYdkqC8LR^9nNihFk#4+y4n&*9XvI|Bw2IW&7VhJvrIi|6QafXa6VkQH=l3 zG-vtEZ3Xga83#?`>gi=)8rbC#9{G6wA%!Q+%Jk~`8ogf@Lo93*1Fn{8iLovas5jIP*sh-` zqp=|2a&4GUXHqG!bDkAuGVqJg5aowJzE^t7wkd#s3oN+Cbh<|#d%*pCQD|3NuegpE z>l5bbj8T^{JYEAnz`Z~}U#vS_^4$``y^u}Z%~bh@@X9`IH!Y96Pu|eCKof=ze%-%r%fzxL8e>rzRoBcmKEU*8MPEYptfA1uH z6ZZe9nEnM;UrZTbk2}8Ewr(-=H)=;;W=5vuvR0v7QN2}Y*dNCb&~V)vJym+uI^R+3 zfrr!;w9DH*lil%E>83gxD}BEm_E>PQo2sA12 zZOS3Q_gfG_fbXAV<2QqEYuf+8^45Qe_>a@_`H!QM{rZ15>1o^l!8d6Aot$}XK>>R+ zwKr3L6f^a}P}nJz-6bSmx9%HV3~_;1=;x$vU8=qA_TE;M8oN(?Yay-sv_e`D|3!?B zi4W2=FCPlh=Knb@fB*IH=>)H9KMA+Mj^3Gx!_C>z*0Q** zvdC7}_QM(#2KauxN+lB8q+$&&)~nk9leMb9NI*220*=;&q>7sgELZ2WTHt8|NXGYD z<45+)`kbgchquLwTC}zE@?h|5P5XauuW%H&#r_Y@j>_kMj*d_F{-2$sr)~f5?Z-I^ zys`bCxKimwJ_vBQi)Ro{@>}^WaNr*_4kzg63zRMTxTxHIp(Sj6+oGC zq&{cZ98bAW52jq!S*UdxTF+oA7sA%$Rnv2u$SLJ+WjQSxLR+#D%j^G;dhpv?9|dn+ z|DBwa_t3*BqymkKAvo*sHZF3Pf;JQ zZ+OyoQplmIZl*9x;f;OsJlRYzBv#pJNS7|lHn4V)-_XA8>_2VNyz?0*zEo2W)<&Gv zu$zWHyw`ns`~Nw{>^5Ep0JN?Dj{BAKe`m-2z5U-sdUE#P46{dB_We!QUAN-M|53jZ|2;T4-mm|5lAfOae@xJKlT_Y>_X=uX zv+8i*>Qi}+%K!`TmfrurHU*I>xQt)Cwa!&M^(F=&A+}EaCK$j(ov+G3Dgg$+fxD&% zlCq0s(8$AI<^nk4P`#{&h-L31HZ18ci#n3l)~-}ubb0Rw^KMbY7`Q-Y)zg*hHZGyJ z!v;3r7_C@Bz!+sq!J}eRRJqNsP+Y%w>#$!5%99ho;Rh2p8%2f)O={%nx>nq%pE zNNq;|HFX9&q9KRnL)jbr0A+3x!Z(W}*;l+lIl^MvWH~N#@3ImBh$(HnEZ}|mwna)R z_EbmN)O`(uMr(^nQNECbxA8%Y$C1x^U*u{X!u9xK8BXqC#Ho7=%YBQh%E%qR*qD`3 zBhX(qD74C#DtcYN@+nNEB{*wB>Kk%*RU%u@;U3`qG1IE}PX*eKRtp1e$AA4w{Kww^ zx101t@n15`o)!XpW4Kz30TbTM`5d+k`qRf@B-ju9cC{F$4LTKxAS$sIO&5B&bnX;u8UV(70*t?_@y760Gi;b4#dc9EVa{(HR8 z-!k-DHR^Zp^kaVWY1R3^!m*z;wXOdKXO;PX+~3Fl?IbnEOukwEt1R9A5O26JX-r($&b`?zZiZh{4kY}< zpYVYAR&dcDC9R78j5*zE{KsHW!GHVnUpq=q6#wb^pB4hVR&+v6{n6?`K;Zm>BAiiOYGL+Bp=yKgSZlr$b*F%wII9WSx#4xf^+=yXi zt8pWSuMOiy3Y={*ZY0m$K5pcXklOGcL_VDdD~J3R(qjBKI2lypfBQ#=`}mKYq%w}f zQN(+*1hTzOyT1mhefiRWw8pXTs|6&oH9T7t#BB!SAo7WexvuM1?8m_E+&E6&>q-_>w*YN)G2Hj}v~#;EU;aPleguz-YqfbXwkHi01;WKTYY z=|z*tbD>o4Ri1=IsAi@b_H%udS&QZSNhZJ0`c-@4`;3q&IAb7u-Mmx~(iGOUcCU~vxG6*EPYiNg3R z)gs@c-_hro3aGTe=deWeW9;*m`Yo$jGzg{3G_&sELo}hU)YBznurCvWxcGWPvz{U)!s7!D_}D#321HtZH|3lCfx3QR&^xn+>5XNasXUs6qlEI#J~ z0>^_fj(y=Um=G@5T=!6;&Ze9Q%I4_n*I|7gfhXwe*KEkAg1MwVapz5al@mpzGNRv+ zVGUX5{vDokD?c#T(Wyv%;}VBnriHr5>d{E_RAK$Em4DfFX*ed6!ZV%CyfGU`J^f3e zvn(?QH&!E+h63(IRxLu<_vzgwBQxT|1m18L`-;#IDUFiL86}y#>N^J5`xyH3D@w&r z#0TA{LnM`AK3g1~^A9wX*-9^^isE^BXu;x$bmglYk#t~PHfU9&O_N?bl%R5f9ctJ3 z2{Up{)D2R9&(aK))O^C&5B(qd3+EWI&rs+}gd!}a3kIY4?+!)| zqf}^9Ef@)|Bdcd2^!00R3fLFZe-}xsw$*e;D$gdLp;YEX%xxE#aK^-k#AleN z!QClH5&v>?b9r5%Ubcbd64e4lF(O1lA_(?hgOBIe+S@fmC;8D0j8HFqb<|Ja`D6zB zE_l=~fN)k-4d)j(Z-0H`d^msq=KAvd;!TdyOisU_7!8VjGbZ4BS1>L7uQ0FLS89n8SjcEGA7`qRg&_vbhDRBJ4iPbU*i*%?z7 zV9`kU=I#48&QEXOynDT79qMy8N=mt^P;Fh;=kG7yy}5F(&TlF`(pC+}LF5B-Kos0NzV{*NohgIpxq9Fh)G6Q{kz}FVOQ>1t7l|#c_?O}@qD4O^_15N2lG-|R zsu#)}hJtLurKY(wt1CF^1oh45EOTZ)_b_jSn|aMssdbI6z>yp>PO?jp6_Agw3)>!T zOce>Wv1Qx#ejoT-NiF-o(+F>{@oQ4s`LD|Np9iOBgZ=kEcaoa5hwOSDfm;{tR}Wxh z2^u{%E-TID6oG?z4KU5?qVO-XM|^R)BJ{AcJV%8((|4JRbLM@GMMM12n!5>p(azJ1uY`zYq1 zHy@!p!tO1E9=8ph0}f_OjSqXh2@%tHWV`DJuBS&hkAe4&jt8gD)ZZ=* zWD~o`N8cYFpZ#$B{fl-U4P!X;kW^_*v1oYfMvMyTQs2&Z)>{4rRckWZ?W{>EW}_&O zLhQ(*a%C=u$WnVXR&7tM#z8K8WDOQ_9Arz8+|R^rt~dOVCCgjOSi<_jUS}K20%Nfc zCLCXm$z&lEVKL1GFs#12ms?F5;T63=%ImdG&`PfO!j14;ZzPHxf=JBEnI+TX&t8}g z;VI>{RFjM~{aji1<$ms?g1?2-g8wLv#dOmZVC(v?{Qb|t+2P6l`=2{Wo4S!p$WIL; zM`d?n=GVbJJ)}ys4AlF09*e2I6mxyJ*Ij_{c7g*Lc!Yr~K3%=#!%jD^QfuThVK@}} ze9jQzSkR6N(K-+3*Dj5~IQ<_=xwg#zh({0Z|2aH4KCSqF_TT^7O)AY_{bdB3jj(G+ zJbII@+VWFay_VCMGV*V=mdI9aW+q=zAO1qrt$iEJOKk)IijqXm3+ z5;x72-lblhD;|%216LRXsfk?|0+VxoA01R(R)kARaW~@AXt?giKM=k-j?-ShB)t52qbdHX@z} z;q{!m!Z*!({_?qe$Mr}x5MRY>7lL8~d_P2|CnrbwxVeCY*=Z5kb3^n#=He<2&$*KH z=a?|?UNaiy&AP7m{N1~b3C#V(A>9Bfkufp5NzNjdl^UzOcZ*D-VnaB*BVl}BB&dj; zhjOs-IEs9b3q0&+qj7r@%7w*rvmI>pOD&aN6Q&0#qx#cA>Q}nO-$fq13-2)V&M)8U zjB0ipO+k-qRT335jIv9)}2YO()Pt#(}+3P%0N$00nx_uu*_{o~5_-_G{u|8|mg zZNPw{Bar<3eQ z#OVFJIO8YA{HvKS|G2}#oi0;%s=Kn<)F0+BvXryYi#{-JbdFk0@NKc68%3EIQzo%X zk*@xZq{+xdnIPN?2=zxIUm*)e5wEMl!w}GrgOO?Gr!O=%ea{6JFphm*QLW3hawH$t z_B5m6Z*-(M0O>L?McItc5?sa);EYVMM%qn2gMZYf(Jj8Y{;0Q=q+l=`(p8SW!sBpJJ_ zcV#T55DGK3jS8)+N6=dc8Axr&YiHyG1B@l?|Hcl$w)l^JzwG}z>+iq+x101>_J42q zw`2ItCiNc%0yMUF%V40sp54HLQfGMJL((rhh7FB%?g7NM0mQ1E{;dFveR|Sq3H&$G z+j#4{fm`E0PRsYd9Sx56@&7wXYx;jT-`agbZr~km9T!@i?IAbrAU{N$b3x%RKmQ-h z|2ycPRPKK~KHB?#cak<+|81-W9&PsK7qN@ZP)gk7(9oYdL3)~ZO-FYz{&<}eK}mG= z6VMy`^q-Mh^}k$}J#75%;Ow+={_AMJ|F@g8<@n#lC%>MdbB^d3eT*QymW0r;eew#0 z03H%loy_TWJ;G&yuB;75q&vet@stincT)%v3Aw=P7F;wV82ti%Pz|lC<2Qw`vDnOU zxue5m+dn;~sn#A+d(iV_-^`&Pk#v{<7Ld?H@-cwWW%Edfbdpe?rh4N|;3mtK+%kG) zg1;p-I?SC2Ha1$5S4WALImWXAOjs&pyhZ;TU-Sc?|1E$2ad39p-|zqIB$YL1swR`+ z`VA<`rc<{Y-Hnut{1FIT%%t9gll(nd-PN!E%HJ4ObC8mZ)sfYMCC=}?Xv?Lp?Znx2 zMuvW4{=EK4ZwZHc0W8FRH)ej*DM4Kk`ucU)>n%J-_~lD>$FfzIk5MX`jwC+}OT+rN zMiyVb9JDk1qV|MjQ}@>10H(%V-NovQEnZ#0{4{B|#tVpwd6bw(^$mii+sn$i3(Zci zdtU#Lb#hmkaHERh&fnNvu3BA=Z%!}YT6ezD}JS7 zy-!jc*S0HvO_t{oebJngbfyAcOCYYMqItMgi%%Zg{Qcq6a`?|&(zqrJY}@}i8kFOI z2ZNLS{?ATQ8~#gNiccN}?zPEUsb&5f=L>X=*QM(+Z)Gjey8m-_RQ~?!e*bqz>6yU; z6M+tV2+@I0>1`Y#YtcrKg{<8Ei6tSiWxaTT`lzeCe3IsOV;YAZ8vckp;)>i04kCG3 z7pRkdHMUpty;w`1s?1R{pSWpS>E&`}E+LBo7Uyf0D5mL` z=IT4=75WbD2^U<-!O$#lbO4{zEUIY*PLh+H$hu1Yy107H5oUk_!nu?ix>VXUaf>1` z1>{nuKlkcM)-SGJ>yJpH5sWE=ya!cG3D+-e)s3yq%l&xlp}S98NGCyiD=T6cxp9HAIhZpIw=_)iVe*|DB05D-ee>h->epiIDc zVQyr3R8em|NM&qo0PI#zYvVo;&Dozq^mqJWRj!?6@vS61l-({%7J8q^lUN&B64E%^ zeEUUq`Y)T%g+NQe?_xZ9){MlwH}+s;jXvEd&?*h+x9C&ptIJspp7;(LJvtXc2r(&& z?kR*ge2QG;qpXOOA}^-nk;ul=Nj_rY?9BgwHW2ucI6K$j;XVn#7)wCPnouT;Ng&X6 z%_R_NIeTAPIC-qO*I1Pm1Qu->K zWdv{Oe>%N7(EoHY84vn@52R`OO4HyJJ`kGt7Wn2%h#s)bl8rJ|$!2XJ+bl5H)=Qk@ zN*UFuvq6Fi2%?Ad(r&C#WW6%$3PQcK5WDC($h(H)$|k{~jGwK&ZQaZ7o+nX-J6{ur5-Fnc+i|hzNnRTndAEhLW1!rSe&wsuOGuGRqUH(EzPr-+D z(=O2)Bn+wZ*riKbvoZF!NmmMW751q(=X={cssF{z_5ALJH`Vz)_Lly$LLAQjJSztM zzX$$1J%g{=qF-V%{tGgyftdPh#Dc zVQyr3R8em|NM&qo0PKBhbK5ww=zQj{=qu%1$GIUT`H^H*XHKoh@y@1plDO>bOl_r7 z8Hj`=j6s3{KslO>?{B|_2TAZDiMG7XoviS|mdHkT;Gr}vz8(a_VCY3ygq);OKYEo2i7168B9IJbIKdoA3@C{J ze@>ae5YkLY%zcU%m_kl<&Jjx*u;P-639L=uTeg1N4YV?^i}B;w>#Kqef`N&MG1qgb%1RGfGK zrtdV!=*3@#Wvv(`8K!^b8J-0=DNUH%_GJKD+rhbS}3CWu}2-A24OSMMMT(DV#1tj?_w4JBUYOG}BZ# zPMJ`$Y*|QMU2?mr&79&YQMClU59PtQ8fI`lMfd3ADHj9sAE&Rm)K*}Nk znIOqbW1D1zN}nWNUt@}h2-yPjB}_4r8Nb7Z)3+Sq$k*JcEv66eRFjDSl&DP(a}wi3 zBAS!QTc@mZ$m>kT+$$&}0#4=ppJucsycjN+8yG5EeA=+Ay9sgIM8DMp@x z?^8DOr-b6CfMpn{-lSA_aLR-r6RO%Z6A+?A4ce4tNd&67ci7M;luZUPQX0Y_Vxbs> zl=wxHf;jT66l@oHTbfy0dnZR)I!^tUdY;^-Adh}Z>Aaun`v+NLXMzLC> z>YJ*IKNBIf>Wy(XxZsb-ugDWN2Z$VXelF%J5_ zWT2W1lI?q-ARVB50Bl#Cn65G-d70u+De(fX=Sr$`CFLq`Am%Kiky<8ZJfo+;@u!S% z3~ELgW;N;yJjEO*q3$A<=pKt1S2IEH7`o@M>D%i$PV{D@Q0uKjXdE0*OSw=A17)M= z1uv1f5`#i;`6-M1kXcoIpm!g;5pl9mqJ!J5ci;iEZeeDvRQk(Vw5HSksVoyD@EA^h zxrDQST*9l9*LtR#&D#z)*rn0Z6vcdiu0?=i^gBzmtixAgpgK{=K_)PtWhBA_p=Zg` zwS;BY@Wo1)8pUO+M z&Jdil2rhA$akXO^-C>1B192v#GrJY4iwy%FvLwW*6oXV_9;g8qmYQ#$dHueZvM6W5 z>MzYbve|R0jZS+~7P%n#>-*rbkJ1$JnDKi>DsZT_sr$vb6rrRRrTGVzPLKl!h^BKC zR7oI8*)@*NIaBJu8#S56u=ix|HaH@)Eju{IuotoLO6~aOU5+pB&=TPU%TD-smPiug z5~1fVik}(HH0wrzFt|@yBJpQgnN(K%@+>(KZ&-4{n5;hhk+Uov!?WY#!=wD!KLzIH zqiGe!U0XS2C92h4Wh4!P(_Gpq;1kv50+im$NrZ)#>5j_Bv?E3sU4~<|X~E-j7VSf= zVO^Hudf8jdqtIYflT-R~j{W)@f6BOz%Bo)R>9W?_TDbN5@P@&gZ9 zdIbaT7{vzoo=K~omOe@%Ult?=UisNh{63tNg3#{VD2mJ!GTMElgziawFH)VS`BYm2 zCrpngMMAu>I;b|oh}QDFzEa|@Iw~Oa6YNv zWPu1(D;YvY&FHVR#Nme}SYe^98Jp;yp8>-!&%o38!lwOC0 z(m`^iPIDfk)Oo~N@*A6!4p%r1a^rs^uO#MLlz_q7@APZ^V_d@OQ>viPpG zH|K$MXH;kj$vB#+mQ{LwfhdVObnQY-s<1hvxw2zA21$v+xjR9;KAfp(s#I?^*$sN* zR!NZ%dU^Z4^C~y7^R-`!?h>d~-|E8z3HLW^q}pYDX^mZmifkWpRvrfm38G z4{Dtl^MWLl(z4iL?zS8CY$DxECHM>2xp1$2Pq31D3Ow4Yra@k zo`T52xg!6XBt#8hpsdIx%OGNKjgm@BoN8HOS}Tq1$ds-^l9|R%Nuoed^qVpX z!oRuBHPxx_5T9XbPt(ddH3~*Y!C%ybTLWZvOueX;wN0n_$r)5cN7YtMqTKF<*T!OO z_e@Jnu|l`3A+ruWt9wQ`@f79PrSaJ!4GLU;XF`rapFjn}>Z|kIQ8)T?oJp-Y|H<7X zV({keyR*wcewKHmvGM%>a8y12IT#KPM!WN$hbS$64kds=5Vg3A^(N;?>J1GWeOgJi ze-vshoSeVXpqT5GnS0+vv69h*Wk!-}TDhx_O@70n6oL0{j_o0ORIdJp&)wVJ=YDZ^ z^78dr5J!DWt~fH#JQVzL!w***xssK041a(3?!3@WVUUB`x2AK{KCWs7-m64AiM8kL zDSY`-cpahFqNC@&$sPo7a}#U=FSc(BFBV~74*~+pLPW=3zCeD4WXCX2e8J7lz-{nS zw^R>Z1eh4du7H#(I}3l7p!NgKB%5SYrA%PsEw^nx36+fobBrR)gA!k)?F3_OO|-%# zvbZELS*jh$`uu=ME%TXvjzH+cLT+Xp5ye3U#b%S&?-dWoMG{h?w(5Lz0`JcueZPL` zB>z9oF;yl@Ak({q0&I}~M+XND`Tu-$xRd`6QTlLUW3s+{@pFB!XU_jWTE+fjehkqA z|K>&ml4&7cOawt54%QkuP*h7fN#qoI|0M>!J0VckNBy(chhIn%v1|*qu3>2Gg2kW=md*(Q@gy~-&uJCdUJvYFvXDsVXsmr>qdVr@>9Lh2D-mpu{ zfO^bQg^%$u^v*tIi1w~oq&VYmm4+MWzN3s?5aiVe5ynSA~PCPY^I2J_jhAPW=x50E@dLU?wlKa%(|n@-7R z==r_&26?CEND~z_lxDC5HI6!l5>T4zMg-n3*kIT2QqfQi5-`Cb$^-_%;);@{n?5C& zMn=EU24_BHiGatGrS6uOZ!Q(AJ~U5pxF2}0reI?%4HD}?u@<>Kbd^PDOMd>0H1n3* zF1=i8K`nA7e_3>H4zm)VQ}5^VPkni$TQdH>`v5z97M)_S1Q({qOyz>t%F|mjSjtcT zzeKNw&CtEglv}&D@~K!~HMQendp_T3e5-*4Z&rbN> z)cdPY>vq*Ux<;gDKlC~wS=pQVuuFHKyOd0jhf$MDUxeP0;*3h-mq3oM97v+{;t5eY zw(*K}mSWayFb%DBe8Vf~^oPF@s-+Wa6W%n$fo|!oudNXMhm}tHzg3`|c&S@O1#j~I z96f(l)Bg`gyZGOSDOLg~^{9wBouDumx|L_uXfeH7-HZwigEFa)>$E}}T)oiR++yTi zkt76HOoPfQgJ&Uk*8MU1)i$j%Ki6i z#=rw;3_*S0%?G&>U|3~v6KJsq+`V1-W^i-kiOl#1$I2$s+*f1W?nT#!RkPZ1C$IqW1*W~}`==gXi{~w~b0vx5OP_nuv7TnnVAV0fS7Q0!IWvWAE z^_#aZi<#rDYggt!`~rT6eWurKqv>tjFnTRJ#;RKG{?u#VpjK5a66+ksPm1(NU9mPR z+*AM~7D2Lqp_sNq`~f71a3bNTF5^?IlLd1BlNps5$#DLYGfek1P-UKpyP4UC&@@F? z&HW-s=FQ!vuZeCsrHI7uaxtqz*PNb#0;la0XVs`eE8TN%Gx=^a@}6eLi`wj{p{<7O zl^j>Hn47d})mBo|sc&{ZngDVqxy6|<&hwIorgLL+*S9%DoPlWgMJfTN)%j>xXvF)P zQbg)jjs>gOEQ~u1+&JJhHA}EYWfL&Gsjh-*R4sy%H`TU))oyb}v_6L#VVy6w=X}wIeC3nys(D_f8#73I}gFQf34Nf zcz%xLd|ZebEf-djx;#HQ{Ws7v0cwp71)YVbm$utkMZO%kpsKcx_S^vH>(Qv!RCKMx zs(f~ZTM-=_tPYK>k@Ec_;OqO3f+J7Ujsc~_&g5S{Uv zOo_D!4MrLT9qTDpz{YZ_b&&(aF^b+MbZK*@TI{LfHi7)U9H%Gr zyP&*Gr%}&1flAND%5XttT{RGw7yrP`&A9PeqFLdnR7G`drE?1F`nQ$VkEe3}$iCzt#S6ya5^aiRhI z0ZAR9yO}xY+I_$khz-nDa=cgYRtcru#GV_~+sd5_&~;#%;=X7=p6T07%;$Nf?us?f z?sDSbY^*NxUC)2Z+V*y|+Z_XMivJlN9M#T$51t+G?tgudvRPfJhxru2JVt13eVFT4 z=KtOr!|hFF*^%Z58#^% z&U}EHiN?n)1JT_lxU3>#_+{Yv0Ef@Sm9!uyI^a zJq~Vj4BQ$F8wGyK$%0Tkb8p0{cr<+2Gv>rz2j1(~Rjw5G8!N74ycWHe^Q<1eIzO#G zIDhrBd{D-%>2~pq;xX*K&V;;hqRsa7CioLcvd6@7mQBCSZ`48_cDR?!@Q=s-`lf6 zz;{ef{Mu{xKFVF>|7~-?H~RmMhjsh!`SH&G_aNmf%l};#_ArLA^}UR?>7u zn)aQo|9eT*{zhc=zoT@L|94UPow6bSdo-&5{_DZ;V6@Z!AEY?)|1tj5D&Zy1@IE|F zm|T1P!+vpRTys%PORryo z(UO;bf4k75)w|H6<~H=`j{DG~J8nde?%_U?M~-FCd4TGYy)Ll}<3?e9bi3TUhB47| zf$gm7eW;icdiz?Fnpap9?|YO8*?S7TYb3*Y??WCP>=$9lt?ZUbdrkIQc_|b4wx*q@ z_BAO_ES@I$JlAhq;!YZ1lYD99DZD66MH??plHk_dIO&6TX2(e`+?Jm*?XcUdC{qx( zrMxmZvB^mOmL#(_o>t~8Zp&hs&A4f(Y!;j{OINS%GVyU+#%{Zq?qwml*^}KSi$K2}(pjkzuV)!dp6o#*6iZcV$E&Dmt2)BLTcdTz~@ zP6F-N8#*C$TZ$`EMZ2-EB5m}(dAch*_rOV8+G&#+<2-F&L#?T(_rO=@PGQmZ^xRa| zyYA6$qU$~JQ%`~I)*~y@VYlb0k|^7imrBy?wmgV3>7@hlJhgUvsy6AiD_NU>yER=m zHMeEITQLzUsk+QuF_=a{$-f!)=be zHBR71_u&ODy}JM2lf(ZIpKYrT_KwGi?v2v=u%O`vuAUZb=V@-aWO^;VdRXiI-z?qQ zp(eYkh|j%;HLQh<7f5z|A)_a@qZ6fR%G_-@!lnHeR~O9wLAf6 zyB{_GRmDsFQ;d1fmCsch%+EAdGmBel?iCbPU&xwEmqtc|fvh#N4Z6JO;Ru>{vgRoa zCPTW{^2?a&jUBJzwwe5PhTdGtw3qjQWFeztcz1eko-kg&ptkZ`o6Vot$pI1;;qwB> z+`VzW3R@Mp)|*m?TAsVNxvah$sd5=k(L}peZqdq?tCBQ>e-t67FNQBhD_9&E7Ta&o z$lFXAihe*;tuFrR+{%N>v-YuU)azBJe>HRQo}|icgT21C)Gy0z_J8|}U$<5RHram% zNA>*ggM;V0_|FF^oqu|5ouZH{&ATYhul0j8tB3Hmd4g-IuT(0!+;vsMyZY*@T^{#C zmfOhx*lzjvEdLJ<4(q@Fb8vV#+{yokC@Yo!Aa1IR?jB%YlVlczjAJJBukqJ+2CF6R zEXl9@i$9x(xlFBIXJmG%SluRS#@IJ-FUcxIn>2$Wa<7clP!mVlmlo&dQJS-a@v^&2 zHRqwd@U=u&F}pink(zU6+x}3@IWuIJwDC}-+x{;_L`29Im@oa?CxdLv|2wMZ{~bI( z-u?dTgOry1zt-Eq?l9QkYRTF|HPp%$@?r6iKqc`bS5c z=O~H1J|uXiMG8DlIi8ZwID%^;=kUMw19+RzC9p)-R4hS?IZ%?|zzbepe!P^7W3LaV zERIHxlu#_ZCxN(5 zy(hs0U3pIe8K>Tp|LgVPXT%B11iX5ACcGf!Oo=ToAQ46b1IO8Ke?~#EX8phY<;~f} z|BJJem#@!)INFxRhV_3m939rz|Fh%KZv8(*=|gkm;qREnpe+;6d!-BrN`<}* z_I(R5n&Cu#cs!Rf730BRM&vx3=)=I$5*ak>?FXLM@57H+!Uawlyh^6b^M3vH*N`Pb z*%wOt1g>78C~~3?{gB0Rrhm^Wr`h&0u#6BkP?&seg$W01mPSZoMbYy*Y7XRemXn3Jk!6S z_@T9_EgcB&rxeY^2e$>4thf)4`<3teFu{~vE8d*;S|&C&*}`>b^*69fpM-K_XLV{$jL@G!<&f1?5VX7NZU_Z;d*sSV(Sh9=*w&@=E zU~B6iGLhe8o#1ObI}~ECHdvCu;xHHnL(en+^Iw<~Z4z>E5DcG!z}SezaE_80rfhb5 zIXIY5HW^r!{exgQIQ{#{n;*}9di!G#M`n;>^qU&0xw-m-C7LKoi@b7QkVwt#cXOQg zZ)BUAuxkxHWt6gO)liFO>^*^(oTVv_a)VCO(sOBX0FTXwLtq>zl9+>DmY*`hakTF} zfig!GuJ97Bk$SDVJW_pGxbVFvr5C0R(79zpkI1PjvOG`E?^7KEKz`3hQZFp{0Z)~& zYK1IGW-F#XNhD_jJr6$WWzY{xe7>AxGmHF*#^;j)-+ln^m>y&$h6-6ap%_?dLgKX8 ziLgY3sxD`-PWl};7rmIXYglL>YS)!+R=8R>FDc zVQyr3R8em|NM&qo0PMYcciT47Fuwmj`V{k%+h6T8q9ot4kKQM{$90ljpXTCYyWO)V z?PEhEB%vk=769d_N#4)?9$ZL*H;Ixjak|9mX)F?#!C)|$3ueer=*}?f`E)uZ;k17| zLrgde6!?F+voaVA28a9m>fga&Q2ckeHyr$BxIY{Y2ZQ0W-MzmIhWop_gTKJw?m(z7 zF&BvaWpL}Uij(_F3JOCikRUYVqYi+J1oG+Bagh){b_ngGSkN8`xj?=@f&#hpT;@Fw zkZ@;}ZC%U+nGo!y4J)g8ghxJF^g@!wH$j42^vZ$7e6N1E=%`Gwi{50Y50jbO4SeZj$AI zcM)btQ08=qD~Fm15%E#K?@ETj9fJu)F`Q$;`#zmg^?!wKKA(23@#2OukB>UNbb>ty zXh;NQ`Ul5u%!pWYs_{EdCO;euoPjg=K8_3;zVtr&T1%1t&ygQvezym}a{fQu8|)tz z`TzdmvzGrqMA?EDc!FYIfL?i+P?l`Y9!>ZB7F^5-2f_itzmML$?oB8QkPuk087wQj zz^;!NhB;zHauyDP!Wcs&`GE%{6ciRTW*~47`AA^ybUF-2K5@}8jV0F`b~+?LQ!Gy+ zh9k-)V_2kYpdS#%D8pXQV&1(XupIz_rYU~}h+^MAr9N>NBRHA7rQ(!fjziJu;17bK zBQ{k>Uk`dXlz{hqj6BSGSh7+=!{>sfIbOMm#)%Znrau zeZTZDJ+*RAJ6l_DN?BG2IOGE{%(m`(#C6y0qBfE&f?Obg8K00)Zjhr54$L(CL^k1=oBq7zaN zpDO~UOg53IU?G;9j?g~kBRQ-1L#HFCFUcj5|9WtZ7m0ACt9AeYlFc=O?#tg}~(Ugp1H{{31o=X zvn@Evc9|rR%B}&5dr`O5yLCx3-`dWSlVXmc%f`s<0>?s-aLPeR(Ryn{TriA+WT$Zl zUQq@#^cO~si+BViRF&x*GaoG!7v@jlW=7muXG?A;KlU^|CL1`>i zck0tI@|}oBDNqhvP|!S44Vmm+916m4XG?FJvllAldJZ(~*72h13IhBT$?eBrtk?i!bskq#j6$aHVAJB(kN0{Ah-p z{FXp+$7Ao5QHja7l4FnHJCC~8nDq??pRzaw6O*l!FQD%Zf(K2;ZPCv z>=`Am&+sG@zzf4rm-k&7x;PTNAE{%nA5pKD0M|3mwonuy7O3;`?m9K7xZ6G#+!cPO zqfWka^Y)mA0)G%NqrS%_o_ao>V?R|O013g!I2Pu7lI)#^@=OwlgqWopPac!{97?vE zq{5Jfz$g{!oYLn_OgzbO2dcX%@nCl_7&!m+WIl9GsaJsOzw{BiB^mc}6bQtx6(W>M zhI?`>e2Wh?C(RT`-SM&FX@KCA(Ey7Xj(OIxIYQp( zHbBR}VOM0wg?V1!DtelVt$3a~caU$1W}wbp!H9c?6^objq~t>Rh83Q5Ji=war*qff zr=zjuy{6MsBxWP%_E{WCmAU^Ljaev<*^V``=HKT=kdQL+HLitt;>S1?VlN3&nbzV*Zp5S5OR$6FpOSvH*`eF5gFixIcFORCd`N3m zA^JipAaabJ>e;*~$Xc=(c}t3GJw|<8I5Z@>81*9`89~LCx+D#C)29`JSEC`YaJ|M| zzx;sRSYV^3X^WxaT$c>{RBBBlL;FjVx8Fz*5O2Y0*wc*z6!mm_EwoAG%?HlD(%uT_ zUD~s*oBT62h*$j$ooCK}+udDycpOjfpwph}DDB#7(50=unpW1#hf;Cf?;$@TA?^)3 zpw9*c=%EKAGbXbAHO`IMET@=v<0<>HgKq$L{{_{y;rZDhKjkU>_~cu}edbk6=%~ zi!dYVG}cdt2WGWW-AfN!)U<6*AfM!xm4s0&E)elGKtE{Sd_0T8>&tWUN5-Gbn>Xk~ z{`ngmT>cPGE?*mVZl1=zAX1mTeC5Y{mOekfCeh_<8cr`?OGVc_Uj}h!GtO1TTxz&h zbDp)l)0AInHN<#0gm0E!A3eqZc7~^f3%PF$Vz%I?oK;|qeR>1phH8s|+9X7&FGc~P z49po1|I&Lh^)|rCL|aCbY6HZG@)?!GoFFyInclSU)5%jH0&a*eg<7FotJ%td^?ZR$ zw7#TOT5X;)Lz@B2D+f-bzK8^H7l()u`cyVv&=_uL?0evoYt?bh1b~L=Bhw{+YKG9z zVFR4O5{0hXmR-lxGF)n8ewKAN!y1e_sx>buR=yxiZKXvz-9({%q3VE_RDc=cMwRsB zuoZon#WfPYRB8?91CPkf#9_i{kXOSkm3F+)YPf_34y2}bG|m#39jMEH3i(c;eV2%hvmf9}XyotGaX<>{GWkZLl}NoK5d zI;LJv8|g80OHM@Ds0+QUnmWWCedFk@?9usId!KC&8hn!HSLnjwp8Asn=ka7hK0vpZ zb%sMv{jC8_4ME8mli2qc@OzAWbsI%0Icf?{=U-U&uIdXphMW$EF?LZb^&%Qz_%Rhe z^~5Ix`yL0xuy*5MPaCcYhwbq~A?3x}b6HoO%{;>Hj?+1rfVn%OJ294!L?Tqr5_xZo zwO3EM(IoH&+SNEt{Er!G$RtH;(K(scsjbim_dd^h`bN!T^t}1i*V*cxrAQrF%wsfwNtcu6CvdkkI&el*SPg zUyv{lrRw8phcYF>o6Ak!Q$P@)Q2TDB@Oi_C5ID4kRq}b$jjEbdQc=m9Z7Qv-kXwn0 zIl(e~=61HVWh6&3w}Rw$Nu1#sij@(z$*fiNZY`nMbgch2H?iOoFdX@E0^RSs(7o(# z!m_k`!dwDa4Xm!HdqYuF(2unh^W(=<;izNAj>P#4`+>t}`X<+kW(G;BU3pwZ#-Xdn z&TlP?jx_d;(yMIMeWh2uWLKpopWyeHiX6#Q_7b2FO|jP-FY+)Y9_8|4WJuT6flI^5 zE}5|pRBj66<}`luO1nY@W%auob&z9d-Q`RvHzT8iztqZI*IJa23fR6Tp?AWeOTszw ziB|`l>1F43%^jm++TAp2AnPlQ)>`js*xqZku7KDan-fH)gm~FGM zzX^~st&N@oW$F6YS-2%B?52devi9{}M%C$nhU5}Z5xl`in| zRZYjP+T|9jS+Z^K8aKK?ubW0)br`o z`HjnsFL?vmhD$1B{Ocd1+)Y8Qf@EMZu_=F1yin)CoA;y*U z-&}EXq)fnuX2 zDhjd-65z`p@gjpPg(7>Oo7%U*w;p_Z(OHFZbI$iW z5b&w08Sts9^UbESdUf&bKS$rb8GU=cYGSD)vpg%w9BvPQ^X+SU7nJRP_4Z%m=2POr z?ZQD;*#GzUcZUW0@3Vv5!`A-$5T$UUDOaPVXmxtMUM>htRY0+rQAYky=ecwJSFNxQ zJ5mEouUnr{A9n&QkcR|Po_EPK2@Nk2@*P1K`+f%?wO1t6x74z!j1MgKu?i$Z5m8qe z&Gq%dg9~K`L9Q#6wcN7@ zLQoIz9EXA%GO9qCdR+@lQw*UK*mrf}KjE*R)j?a+jdRd?|?4G1C={HVdNW_5&J=C^lOv zdue*rKe8(Ki|tLO(wA%?u9}hkrc^bVpZ%=Vu7cN>rc;_kcJtkFDZ`XIE)B|aFpS*P zzJJ`-$_BOQmBQtigkDMp)^o#=i#3v0cRCfzQv9U_vIj1W)zMdg5=qC(Jfp|rR=y0-`4~*FuZb(V z?M17)UY1{*g7k17B@xHzVnCK$B8}F(8z?t{Qx?g{Rk(bD=QNv*-8U$iMc)FDs}`DN z`)j@)eToovY2!z8?cm) zXszj5V_GrURwun|pW8Pdb4#dGH9WUU*3QPF%k?N@KO+(o5y{9-nxjW$}DgPF8Q7W+yPCEeK=R@iPfOhq1o zjYe8xH%Qja*0SGjAUWj5{nE11pRv@-|Ec*JU1w=LH_`-F$p43j#r(g!!`(q^|9gjRg!!txz&pPh#6LQTYW5g z+Et~l26ieXh-}n!D5sRPB7?mmpM^D(W}STkLC*yv;j~s^SO?4`gGLF+EVV{65YvwC z3cy?{kE~@O!^aBX@}1lnX!(317I4KxBdfqGbYuZ&h52j_Xd%H#*0z-SWCftbj@AIw zijzr3$kKt;N^cnuxr{bR{oKP*odkE-R937RP3O<495YR=v;N5SqGXmavM5j{YCx8# zCzbiNTBgGTt!$8>+{Hg2j=dw-#hf2&K3}R>hnsDehAtAYT_I5KWKS)|YrWq|y342g zx#codsVIe%Lw809nZ9c3+G&B-86}q+>mCnGZ~f!avkyysRq)ItGdsBtKnn@e)&aQK z)B^lA490ul4R0qxv?f^%Z;82kiRm^aO70@xWPvmbRW|q5wf&lSQ5sWUq1+eend4J; z$%aZ$>kSlG^#4a_fxs2y7b-^nZN+`v0?%{@>>Rd6?2v z|Hlui|KnEwzi<5?*X#c#u*-VSRPty!ht>?xngLofKx+nQ%>b<#pfv-uW`NcV(3$~S zGXQ+GW`G9z|MVK)ul|2fj{n&mwEF*pl&1Rs)XHdc|N8&*8n^oY{p$bIYh0)QtJFLZ zqaPNn*S}TwTXnxx_gi(pRrgzUzg72Jb-z{jTXp{{R`*M#f&PEJmwcZ#K+z@^fED`x z-tM5}|KHyqwEF);6vO&ZxMsTQZTx$)2E{MFW*>arDH;;86e5b+-k_+Vx!`(_-_{V2 z43d2-Q=Pjb_@uV)`}3D)Kc5`G{M9gZ0IjvyWthJE2SaW?)8|3@?uE)YXTN(lnWS%D z)9K}F^&#t|kZ?lN*TWKd^5huKdUCAW8U7MygmKt zBAZA#E2&waw8jOR<|}|kcrvEQ+*0{pM1qua{3Q&;NaX@$$`!%b(t! zTs)VwV}C;*%IEY_x+{K3I5)O@cWJ+T7v=^j1cx?&wWq$%nnJ8G{p#fPMUwor8r6Dv z(h6^oaP!D~lD_*9FD~;Pym@(ke)Nx*h1JikQ<6~_RCZjI3H$hWTIgo(&fXT5az+|8y&S)t49qqll)f-Q{w zNS9aUL)bP~kt}j4%S}^Y7kTcZ5`_LkOGEiD&69c$^55a^a9EQ64%+z72Puz9{ww64 zQ6zVctJ2SOYox&5Z!~5h^1U9KP8ps`{?pBSl1fbz*4Ry*K`Rr%ER{s7U|5;Nr804e zJHzfZj{~E9->N?Rzg;Hnd;WvQEZsc(C)z@kAqCi*$lG)O|h%% z7PHlCf=W9@%kuOksZFz!opHBMTT<(tD`hY#yX5R-Ce>yq^Bv}LHU+52gwe52Z`1N! zRG=eW#3I5YVAuH4r&ETJhuNhlKvPPJqBDo9FFBQRk_7Up_8s;!wW*JV+b;~Q7ef5W*?-c5aDS+{7l3C&T4jt6S=~OcpcB^`htcjqZpf zd&`Jr+0aD_EM{U&&&fh6(}y}N8`;b^NFQ7JY{Vv$FkgqzS@o?P)wu-gnXOpOEP1~^ z85ivq7jdcAxo{2XwCJ#TaN!d9 zKD{|*WKMiM#V@&we1+r@OpJ0p;d&)BZN)ww!C4$0@uN_G7C;{^XOyb%UTMCR9yLtX z{E1^$)7;1ib#LP+@^OGefqZ+{lqy<$yO*(M{XK&q5{nmvnH2OcGkMq(X4j^DeN3gH z{+}3ii>JgHviMZlrNzFYx?Q#-2XLF?WSn2k>2AqQcK7# zT_fGgWsQ=rFMq^~5hNcMw3LhXVrhG^w7po`7*Lh(_U8)QOb@gwV(-ID3HC4-=9^kp zh3tKW;iA35+FoI8ududPSlcVC?G@Jc3Tu0XwYA&)xk?lJPx__)4a0y}*?$g(h426D z?(QG9_MZnSjjvS3V|*lO-~pq6Gs1hsR-E+_Xy7@+69aSlJ9qGJ&{Kuvnwpo4kn&^t zMIU{c)jGbvN(0n-2+KP5>GT3wCJW>C&qz*kMBdL$J?-a}F<|Asn3QBm`;F7EwQRMP zt=6)2hnB6(u2sDw<@P;gctSqp_GH1}RoLC#l-IRpum3Ew*IGx#YRi~K%4?vt>Z?); zw~63l~P*zv|`+q|;8872c9Tx#Lu z($6dIRdMC|!U7rh4bxJb$*0r)6S*XR_Nd$YIcOU4|9g%9JlNYU@&El{%l{vuY{>s* zvu`r)0Hf!i0um?C{Z@q>niu_UCTw=o{j0f9wOV{HWz)#Ux-+Mf=iz$FB=iWY@9g8p+@`S(JG+yt#uBj1FY#!M8u7wN~<}bI+O$z$iKABDx>Fco6C@SSA{Yu zR1A`t{T_V;?;S^yZhE9Xh5*tc>~|hFT1BXjJzTVel>3SjEe>@1;Lu`^_Zt&>TVZl_ zD5$D|y?+|cZ!i<3&dxf|fLG=JJRFqt z|HC%^^I^&w`v2~I7=U-%#GUYfi8~F(lR@t#bEh1mr?MilQU=dPZS$!#GuYOk)Vs+3 z*%0YDqx{+!uR4i$`w9bnbp!D_9%CO1%ffxn2{7%HpDnlD=Q8BNeR_@R zu=!{4A3buX2K)yn@9eH4RCg-@Fcmfgpv@k7N7+MHaj*MKA1cRwJo!V*1i5V74R^p} zO;&n)3E`1An`&lpA8w~5`{pZfK-D4Y9$is2L*9u~s;2LIcTe4sT;1j@{hD1oOG^{| zpVCb;Kj^Yt{~zuj4ocsD-yiO^`u{_eFLsgh?(;=F{v;9G>2NnB^ym$LsfCX&IOdv> z6s?b>l$IX5db&3x)NT){veB&*kx=1&ep|s$y+;?)r1=T zJ(DKyLR*(pQZv77uD4gUDQoaav8@d~+uR`h+^meGn3L+W^>T!tWyj5=dv!q8L?$-9 zY+XqRy)0B@17esc|67&}#Ga>odU=7Sm&tvP{Q8+eiit$@`Z;sN9G{FGbFQeV_;l)I zh%e>wfGl@x)j-A2{<^y>ON=vXCfgtgvvN9XI6luTeI9Z3AH)p8p@UsngQt7mBb7HkQvD%ziYvshM&TrD@rmDw{#ak;( z{mp!~`Rp*8=9szftTJo3pljXF^{(f7w{s&gOyQ{4L)&DAM}9C$>>+TYxL+yWO*XJJ*+F8y?)E~{C4 zh5wFRiYu;3M9BpVuMi--^kzoo<%%~k7wTrjTN=vIs&8p>qNH zFoMH_gS~^5cQS6#@6wwfx!Zu&J&yc+kB=X}JlB0ZrJnzrOPY6Z2CU-$gM-5NUx$Z> z!#4lpgOp{rG^?*&)bqDV?EAUTB5cmZ?}VRf>&3AjbAj2(X~&Z1Qbs=$B1%F{9XF|} zfk=O91){?75K$(qTa+wsPE~!&r?x)FrdXV+n(}p`G%zZtOZ^dC9G{wJ8sVl=KC%Tx zk;+uA{qGK;{RXR3_+Ul34-#^L!m67rEwlX7mX-Yf4GoDTpIaOQtN8!npcwx*7(Ux? z`Ts){E&nGRE6|Hg!l_eO{u;U8YT#0aDR*2N^os|H>EvrYPfAvRdNf&Ax>RSju3upb zC@K;S0vXqxfiXAW(2FPulY8t@{sb~n903-LxV+l*Q9o(Z>0KLY%lO_ z>@fAfurd^^@%a0dOerpTBO8f8OprHRh+Z`OV`~M-zn$dhlnXU_a zO!gh}0upvR`IG_m-6yeWxF@J?JA$rYFl9A*89pIwjd0gXizi&Chg z>i9`HI`8h#Gbi}wPO!5^LpkOq?XXA0gRh3N*lJwnE18E&R&JUGN%z1fJo|AY#kK!X zE?-~j`TrdG#FIpz>_WcZbD6i<45TQiktrj8*&pV7HL}VYt7)*XsWdQnug}34vM2K~T^O4>vO$!Z;?rIxZvR zUaMQjoh`VK$0Ls;<@g3Z!@du4A8KPb38zn$wOx=oR!#-$ISReb7KBo0!VG*8VyEN0IKMm>l;O@69Md46A^d!N4jy5=<4lR@tN&~8 zJI?qI)>r>e9?YhF`M=~RpNIXdqcL)*BA=A9=Fzll0eoH4rYJaI%2b)Nj+&KCTP z7@;wTlNT>}$B7vI4ZEV_5D%liuE*$a9cRv6>f!!Z#4w8c|Lo<_i#IQwz`MgSmhb=F zy@R6tf4FyW*q;9nQaW2nk`+jdi4Ha%;K@~^;-H#zi4*f zfj1~bQ|y6@L&1je4bOVTpHv$iz6ukCyx@1qTGFH z<`Ogo>PaXV^98p=Mi3>~_+-0U4f zcM_yR%(d!+;r&0cA7q2eX*+zjlbit%sP#0~~Fu~aUcklY2$t8EHXsu%f_=_^UfnhICJqGujll}RD#rPouHv%2dn-j-4> zJ3ny@SFQ@qIF7lX!I?2-K359rl?G5E4(5CE6h(7NJP>T5W=BD{)tc&r(Lhb+%4HtE zf(i9K%rxbzSBd@wNT_;T!Y@dG9Z5b?l??(}TQ4_t(fZ$Z$aC64kz+!&SnVI3UicOOQy! zl#D9%8u+S#MVxw4$2P+Bm=o&z^hQlm5*@d&m!elPDhri#qFxut(*i)uFk$IZ&b1cR z>3o99a+-8q{koMpSfYgN82*G=#8-P>`nJ9gWqz!X3cXtroq?e{-$BowQ6J*)+1l4{#m{67ouJ2O0_3Xt4 z5ZPB=8q<-E)l@#zB%3vun^KA~tBVs=4X*@?mrOf@$O^V~5%uEjK zz{y1Y@ze+<9R7dVg2UMlN5`3uHnXx3ElK3Whxez{gCw#GPEE$(Olr(uEBC0Y5=pu^ z61;B$#UkqUlE~SfdA5@Xh>k&(5wDh^Dq@7HoCZGPT#`v60#690)Otn3tB;?T^{*g8 zlL-llXu=?~j^9!b!;xvZPQxY;rK`HuVRHIY{|yf0v6i$~M1i^BeV+tGRFHR5h^+YI zrZ5>CU09LMO&eal|8*rqb|i9RCh!7JNQmKPM%)YBd*?#{3m``801S=$gb zz)?g!edTwZRWlH|N=-4>OBAat$&ir*ay^KwP{`)1W+1Y|C|AR?29D12NljJ)_6cm} zWm?&%NvcLU@cxZ<4o>J=ye;KxuI|0R(-2#m6^W`Yvw}IhBg5jmY3yfr1jE5#@D#cx z%(FX!-N9h+*~puGO)M6qyN5=nnsQy}YuCiS%K29Y)EfLGbFb3uS0Erg|D{UrWT(37 zZ)FTcg*=<|cgkph#SF(hJETk}rd!847}apqS$~#J;1e8qULos`l&q2^OAm~vi5#FA z+k5k6M_;ysv(q<~Rx1086G`R1(T@2}4*brMFE9(0yTD&O1qA;-dh=RY;MFN1#8#<{{~N< zT#)F=lM(!z#tPDy8A|5_B^*^78zP41%3q;P1s=s5 zo;(Suc=9Bj;+1J}l^yVc8jDKZK$amE^0vAFB8{hHawU^yLSAc|Hv58M+z*f(wy%x0 zr8I!?1mA60mXs_NDx;$6=V}KkrTx*#UV~i^#!2EM0{Of^BH2;`w=%( zl|R9`Y5>=GkuG6m&+fK`7Q)xnv z8AM@IdzrnWY4e=Z#WL#U8!A5&;+YpXU$FpDV*~XkNWVUirMqrop#B6`L+6?E-^=Yk zMTi<0^Or%i)R>rs)y(R}C(cb)wn@*@)B-tcM_M2%cR^$@La3DvlQ3JHSIP@sYl>I~(X!=h3{i0rKf%>F=8G}?Py^C3h?Xs11Bj{@alKWm zNN8HObU8XIHd?lHa<2`XU1zt^s#QT$vvli0WG&q%xcZF*0r3``hS~R&dpdJ!aj#WD zRI_wVAu281daGvsJ)OJqV0Vzp7y3pDJ*9>jL=k43aDhV?8=3;$5CSDGl^R~XKf}oT zmz3h(g)T0d%a=iv+KQaSJK%7gBKB%IM4bFldro|UtKH#0$O<=E4Mb-6N{`TTh;&0& zHmrcC+wCsnyJ!uaeAoHV$6>Mr z^7lc1M;lGkyB0k)SIe%P%}dRxW)4ry5|~SmDttRJm+|zsT9z=xuE3s#UIlbZ+@xsI zkIaQS{jeEKA>dFDmfl(@fRqf7fmS`_*$Z{4^}QJzUitK9Q`&Z!$CK>1eJis4QY<3O z`#aEsqa0vz>mhZcW&6sCg1y?&juB6}RXNU^87#YXfrR-BhU&$xP9e|S%DD(6%$$IH?L9gNr!t-mK9Zu$gnETHFgpLd}**}Vd_&WeSop_FM{;(P*EskS4o zBuW?-F$=L*0~4Ro*!Lv9D`zD;oKqhO;^TaG%eyKrlj#b@g66w%XV|?4GN~9IbZP(< zO(<&+Tq{sx7)r>p$+&T{8ZfId7%8)wYbtZH$*ZZc$*Nmf z=-U{%sVM&7l`yul2086mN!VeFXFoo8qsBxz(BHRGX<1(2d}Z3Qj&bqwOoMM)*y!_g zKtxQ7XYl_54>CWnasKY@k5N{L{D}mlTyrh!(ZB`jmctx(fno;R6bFGA*yIUR-~zuvZ@KSAmpX#-)KOY z>#iEv&a`AjTMm7!K0r`uvxSf#Ytacldx@-z)<^IlV~QUcbhayuO=1hGzSj4Qglm5S zvmUx3fRhKj{%i~bEmbLE@c#X+lPy`=9J(!d`;LAi-JtANIq?L;#`bx-yTYG63e}ij zn%>66tE0W8rL(2;v8nO#(n=gX+N-^^6nxnjc(@xp_V>>UH3TkBx4sb5)7-;RYII;xFtI1@tnY#tY9<6~OZx znsA|Q`t~r?MFZy>>TM;}t{ZNOkqHcr?^!A?uX;rc_aP-+FBFkyKGsGREj;*+?*T}6 zvU07N9{GTF7#dOO!aB|IQ%IQ#HCA&?>;G;^tNe&nGVuKk5Yqy z(%Lz-T-a=|u=JSQ%h(YQk!yR8ae)oX<>&cP^?J=MSffwUDHa=Z=Nfcl^M`1aDz!~;gVm9E+jIt2i z>-r!c5xo(`=UyL9rMz|5`Kjr0me?Q7sY0`_u+-07qsME<<|4DfP;+#?^4rv2lXmbH z{G(Ag8wi|bbECg>qhAQa_SZH@q!Ru|RIAMnMPZolR$Atw?~J+C`%i>1xoeZ=2mVza z)mN7o_n_ilE8V%y8co`bu~82o}}v8h}?SB?G?Gs609_^iB*&hdwkZEO)J^Oyin4 zmIS6jkDREEslTb7ulDAzpVVP3r1LiyVRe~CKyrs{9_5uWIt*IbiM7F0&BiGg-w zHy)#>?orR1X@ozgi7dCYU>&p8NdMWI`sO)~)8pQ@?T_j9Njtzq%{tda`s+o&@x6#aujns;TbS#jV1M7CNkJvN zrv)+q6e*)ERHPv#Gz3qCC(=fZ3NDh}9}i!r?a)of7_BMu4$eWxDBt9{lx*JigtaUC zfmCz?TUBQDqLCCpc{~!Z>Ds#8aI= zj19OH$J7GDj9bqb+#FhhL0-!wzsxCQKcC^6l9p{k*9=5=+E$@bM&r?(WPh6MrAVPl z>u8dFNF47XFIq>0Xqd~p5F5_#TASLta6na}mFw#bb89dS-+?@_OElC~&}A$9YD#?- z;^>$Bg~d)tu99qkt)-yHfDyzSCu&~BTIzvnx-E=Ju5IPGKtB@st)P8>Br?`lYm+1! z3c2t>bfT=-DdSWSnubEU!qsW47s5D3FjkZTM5pt)#I+ePz;55N{gt~k zmL3PE@7yKzJBA9ll2wqC&qAp_-dCpG86o0;I)gFV+Ij%C#n>jg#Sc$$q`m5pXR!dz z4#q^r-J%(-2e?d;=C2TX;qIL%C2y?}Xj)(J`p^}bm-V>6-`u3Ckfyx49^jntRdRua z&BYPj6P{MDaqoR!S%hTUoP4m-a#a&3f(r6 zM0T9J=0E+!&-sTmBbcCrjj1(ElRV@#mtW$YcJfb;a;Fon>mdaj%&Q9;`mFh;DbAg6 z0BaI)oR(I00HA;v7Ez2myXz+Da`6o2-GGTw5+-(odM1_xeYeP?LmG0> zHv)Y^$D~U`LZ|%|HiaCuV%7lO7R<&>J^i^bg?FbQKdv%zyNy)Or0* z(@&6IqwtZd#uc8qM}YFvb)0b6GQHix#Cq1{kXWiCEV9{5hefU=d*uPrtza&riBSbr z9jaR$#a_B4gi~3$Z;OA#(Dbw|9P=LPOLKJ=kIlJ*_TrJt?LoqcslDeUZP<{T8zj@A zo&RUJzAf7wX&wx{^{OCn%E+t$*1G%&3*C&#m(c{9_J(ryNGY3kXI!~YLFx1)3~O}z zQdQCmH)QF&C7G35HpS0g+$@nn{6kWVjY`&P_iBLU;s%FRbOeOPHL5bT-m=o2dRu9z zBGvQ>bb+TYoH3(J>zw*U<+K>AhhKwkt(v8Ep(#)M#%nE&Psd|pT0r*)tW{Xq^U3V(n)oqSNWlkpbBb!|%D?@#wq zIv7m<;j4C|G)H}}VPag3&?W4hIQ|nJvyDfXs~`RcI{vaBoFEFb{I20hMGGQMlFzq2 zkccqt=3Gs~$8f+}N(#}9+%(NLFVA{|+I;JcuA$g6IizU-amt-O$ChHqbt1k#TW(PK zB5c_{zowb~-N9xt~V}uJu8A_Fk8)C#woI zZ6BM~K_0=A83EqyvnS_vG%l=ZcN3s3dySb2u<@2i;B-ZX5lFn}-!T$BDp!8enQ^3e z-#2au(3?#5n(#QzGcjH~h6s;y184%=P}r&NBDLmfTjx}8`R@&h-Lq3a42@uvX|~_1{dLDT<0M5SFmyjkIt+8WN-`bx>8>galw2Chb$Zs?xNu?Bpy5 z;YUQAZ&+n+Z@<4Fpmp(3c(;H^H_#)5S?DR9jfv+kr=$e{4`pU5&(}!47JAVl4fJ&i zD$h(%WWy6G&&V6}fX+f_yo6hCmBU;r=Kek#cYaq)K%|AJ zGy#Ao4ICgl2(0At(_I&3FCY0hv%B5AAgJhKL@rTBpf5r8H= z^iEhIp{P>_`+^WpY?3$(d>YD*lAwXo`=SU5B3am!dy4JQoh{vSe9;E_oN13%QEHzy=a; z2Hrxq+ih)H<@xXDW4wxIW7<6BUT%wyd;)(j=FhYw2iBZedcP+EQ|`5d0_a>t8X1|( z1GdTE3(D?E0iBspz()hNJ+8vva|gY^+DqVoKNKSt_&Cc7XVSZez#0Z%4`!y;*W0fB zfHzEa5x>B@A+u2dR^NbI3(ev`U85yIu>3n(u1|{u}Px}cO zQ=Ko@Kk4}?ZL$qNYZ|t^?UJ?Cl+Zt9Pe)W#RA4}|eur8A(%hu*u)XDeW9mRVSJFhU z2TQc?WLdfV#xz>?L!a_kx3!&vM)J>LCeDCz$(%VU>0t%h+(L%)rwFxSXh($3lc)Rr zr?Ha^IWzM^f_Eo9zPcDwpE_#q=fL;kmfL~qQmY^Lom9A0Vyecthnx3n7rOuW>aTJ$ zo%j$8izTlcAFlfBhBxXUKGfb$9)iE#T!otb>+X=8T1xqfxcB;z5+H)_=Q&@IqbB3- zr#E5hka6RmZxknAZ@6#NN21V*K2?`wB6+u2{-#Tz+b~)*pkA=<&>vHiGFiYL*L)<3 zMjCwqS$u~3#$fwtCzlKC7UO$wq@49LM;1-&`V9mcHJ}k^PQ#N8K`E8**2r}UoSwak zd;xPXjT3cZH#yD8lG^D2YPGj7$kLW*-N|>EO7B>VMP}$%yFr8+4)?*O*sA?~jr4Y5j7Zi>=com~Gj(KVvR8}9QLU!R8Q-ew-sxeA6%pH}yF3ym*i220P1tQxP~ zo1KcRb6)u`Hc@4J@sG;&#AM%nb*bQ*I-f^VMcD+bA76PqufHrT)MXn&u+~sFh#yn3pGJqJstP9ifKv=>tT)*`u)jdEn}9xs2;0tZnU#PQw#eOZ*ne+F0ElbThfk1|Cco1|$QU84dVYKxKxf}aGr z_y1frQ#%?ph?yG2n>`&joK2(&A0k5Z422YfKRq;75Gpp9PQF~P7nm?j8jK$rc#cAZ z&zl>QB90WLnT0ZseF%b5f`8bTQVx!!qpn&R%63bp zh4n@E1IuH{6$x(#RUvCrc8>H#jn+>K*Osea8V*12U#vtr;thMZe==s3h9uf1*R1AH z-%b>1VvS8KXIMbPZA(L-x$5+5_3H}IL%(@c=)0Id?FzovAOCE>cY#JgrZ1k5=ZD1& zb?}COt*e6FiTd88+%%D&8w_;v8!0Ah#`sDj_Y*057#1EW`-oq`E}61z;%Z=ghJt;`1vf&*{ zDI1{?S$xVJkbc^;4usabt%{N%(Mfc9?O5_N9{M%%`u2=!AzyxUW;IZkMU5WjI_^FZ zYnmGA?@?;fzmF`$6&2OE8%|?g&!)Y~OonCcM2v*UScurcuTr~)9Joy`WJ)f7+i~0F zR*1*j_ZyZte&Y#_v!4g6{}$AnC>Cq$jSi+@TEjW^6xjLsG1*W|ymJqic3_s`$72=mN(K{W0=k)qU$NvPT{MSZREDO0ne@La?4v9V z6q%P`aa;vOo4u?-mr1ue_6;U3Y@>^VIX`KF_X}4(>~(tC)jy)&q3e(&TMO`|y@5VW=<;_}D>&OuKCj^T z_HWQ%oEqMNv){RKqyaK>mD^$C&SZ(ZDJQqOW9pF^`unpQuOOtal`AfD{I(|}2-&o) z+sWz{XkJzuU%1GL2s$gofdxKy(b#sK04SFR@YUi~?sos~8AZj#tDNqE#;fe_qWITp z#&(5QgTNCjO_yvA`qgf!Ixs)FXas4b%2=SOW5TENLAK0h;;AN`=b!8HP5sVE@UBD| z-GNU$Z4}i;wdK>JHieBb z)^j$?!P1gh+vA;u(+g)OiG%XI`?s{qb%Z#w|L$P;49Eghid(u^c)jV%EioojJMcvZ zyTIdOtt;Caxh8DM2D`jO!~+X;&|drI6;xPXc*psE0pyv;DIidAvj%9aE=6 zqf5euUU;(~U0V}BTZ~EBa#~4@;vw067b5=XUT^q0;-iX%Um0@?#F78&Zs_)vTXgDt zlC8u@K`$E$Dsv3fPEYSv5GuHam>B8I+*U7$Z}tx1}~;@DQN z*BU5GAA9$#V7*3!GjDUhYFw*nIy<`NsLodT7X{8xO*EtOSQm$w>kE+;-v&M-KcVgL z^26uRw8Y8)D$T3V?kwH`OXpvzz!r|7grsd~=d30smI)XF2fjmKSGTB|Hzg(n)U-mP z>~vIGKV5)2rB~>xjOgiLjwcnq!n%C!%mJB_SZ4&& zY!{{m#voPgCL_` zC8-1jTg%8qXuswWeP=C;u=Z$Zm(2%jO5KE;EUD;L#g` z;_T2MLMKC3E}X-^guh0Kj5Wye=Cqg!V`dQm&Zzksj(UCie-kX3g9HP>_BFA~>bO{2)3t*k+(Z7FR~5b_^l4rCpEqPHPR zsrjAN0E*yBg@s7P91u)+e#4>n-+aAQBjjcon9&^)ShCPhaPY8QvUF%DCul5ZUGG0i zy@EB29}|Fh_)I=Ao^E-mZ6nN*) zlT$V?#xMiv17M`@H@HxkkfJ07;yZ0#9URjoG?EJ@q=v{q$bccnqDGyc0*bptb90@D zttae~K4hvyy`Sxs5ol1sDEts&C~brlcBnCri10WaQMDc6_7+xmSjg{*)uw28!I$$- zndt(beZ+rhXp4N_knZn;C&CwFXHH%K^gd_V{hVEL%!`pi_94`yr6UTvAl=r7L_#RY zSo71U`kC}H9jJY`PCgXVV+RjcOs8<$CDjMPZ+@}EY@jN;7=Dn*x8 z*RjL*II{>p<&`hDU>Ory%}2(Pf70-QiBn!3&g2KDt!s4HwAxpS8g5J2-xai`qtGEB z7&E`li2jtDC|%}%*N6@z;jCgZjUgEc8*Q5AX#z| z=}&=*lDJ2TdGzp9ua9Bj+a5l`mpuN*-M|z&4r`531D^t?iOk~NN4SPeCGv~^DHIjp zI*youWp>tv!6jy${j!~Qt;$(vBD5gXk#{ngwppcGIX7)>6w$aUkgv}3Qt9x;5rNgj z5qN-%KF^cu`OT}+8Y1qDTW7}19h5X@ zkPFeMwrV_=Z#Z76+`VO*B096tV9{;)Q4h=LiVHvOQhqApuZ9MP&V3$U5-CO_#Fzd2 z=IVy}n<8^7sGp|pQh>xH2l49glUF+rwiW8AMfqkW`9tdOxMyC-=+z5l z+g)$+2kw>);G0>!_^{h5{A%1|&xEV9I>6k0TP;*9=1V&9Ck?lxZ8WrElC-(t$R>Wv zeU0+Sj~(oT$c`1$<@_1QyHPi8Yth^IePL7!Vq{71f$|%HSxTd$3aFEbB1P5tEK!_C z5?jTEcgQJiPKOAk>fV#)`tW2e@(zLpi`agLbWU8L@^%YF7xEf|gqcW_Mkvrr;1jD0eVa^Q-pMsf(ML9!cXobdEz|IQYiz5zlCBPc?<@Cy?FJ%Uc4H$ zL?i6R*9%H6owgw0yZ|vK{V4@w!Jg7126vk#MY*t5BNyTaiKq9ydrx zwnvcyHAo2f*Gq)bKUQLeAcbF%1Wd=GxquMBYtC;+8bX2U!;e6R#TVLU(bkGfBD4uH zQYA*-kW7s~3BMx)sSpU)Iwax7m@$qHa>YBBUQ%Od*Zs5CEAYBf)Tc1KlufaFTI;90 zSlJy7V}Q!7M7np~TDaMuPiR#JaAr~5c+C|7UlIFu30c}|>hed-v*GxzV<13Q*4h)6 zrFu@J623=3XOC2iFBW~IP5AB2J}}mATl!tV^s~6g+j5|oBbflt{>9a}>F2f{CS4n3 z(#|b0CMTG5tepw(-E1CZi%w%LiiLLc!JbjSDT~O}0k(wp;szD~@rdPiopLM9M|=`% zUm$CQ9|>MFd^@}bf5teRwo7((s}e)P{vWikBUC#iTGEwT{8owODGKy@oNQE=e_g3T(RNok^dLS|n@;s?)A<`z^ zxUzrWm|1rR8^c@6p8Jg5q!zX|KhYB{}ua*)~^9|uXm_ZcQ3K89?<)p_gMY;sJKW4 z1*o{3wu%0R(9ue^3efOUJxK5QiT7QJ1`20PTTt2sz!>*JY;_L z#c9xRx-KL!ZKhUA8hnY@qWc^GU1wBGyGD<#slRhYrOe9Bgg$E}G8+Qr8lBT|u^(a1 zA;9+tU|vwFD(B(@7!${Hrn18aP+j7tEie`k-*7=jkDpL-Fx8B-lihH=iGCF69#;f$kSQi$T@AzzqLq-MVR`jZ3nbF9+IQSX=lTWk< zkG!9Vg;>0x`q-B&d?!t)%`8of?p0EpqUA64q%EIDk{m%Ks!8lg5C3mH`gh-Nygos=5Wd9DPrUJ=!q!Xa4c_sD_=zP5@J}%N|z+NoY@vZLh z*N>;~c7mf~K}b@A!@2M_o-=Mt_XxSl6g7JOo#)1oZLT`uR~-LST@fRmW&!27qWega}(*G1om1Z-Uyn0vn3(8Z)=Y#b{v)E|o~6>FBqt`}ohmI$ee^{heU1$BGH>()m0X+= zN>^J&@Xis){iwoJ1&0_fTYBctis z_q%@wEl_f_UP@u;9`#zjM9c)KY0r zK;a)yQQPRZS?FwbM{TN80$m+sS$Fq?K()4HSC2ltF-`P(4X94=bh|q+>65I>T#|># zDo4R*{X*$N&>HVYploSpQ6YL8mvJ_c1F$J2u9~dw6O&5XJGv=Qcid4+>oB0&yLAKjoP(no^;fl9k1TV?cbQWXrwutX5#z46xH-oO~5?kYQAU4z{FP^YI7lmQbqcT8fY81b$rPL2(^|WpmBC)SIS&}0lwoa z1eGloG+b{ZAf-$oqv~CPFO;yY3~dZ@-j`o(Axb~#T%|+FKIM-XVc`Y@OE3GPhHy8h?#^9&pNp%tCI;IA;)89E(##p;-LaLBf%aZ zXM{Q}_z4g7gERWaYQ}CxfOfrLk_G&sxTl4@?2D1kUu^PsrJ3GoIazbqpO=>G1rjcL zK*GiL?<_~VRp`6yzM4m}7ahvMkcTA6`In6(-aE`k|DQYzIePlqqRI-i^0cH2R#OQ zCn#`yi%-^ZD3827Vbmh(W0qvS!;lIv@X`o_X&aWAn!$ZEnx2C!R39uDXQw4}d(kb% zf^`!Hll0~bevg(jT|rO4I z&qWC8)CoXeXtv8ET~Mc-3Q&!0!(A_BmB%IoFlT=iL)~x-tlb>l_sf<9Lily{ZdSg^ zw1f0E-dIO($sAd12WP_^bxUDP=xPvD)G+BkGY*}3nHuL2R_hQmUcoEfl^ivUDcLdR zsxN6%trFJ|MymHM7hg{1#>wWR;}3&2RjW`2X?O37Vrl%I)ReDRwcQ6(j>!m}T$!y2 zdS3Vwki>vM8;KV1VGPbs5}gv)qVe?co^iVoJVK;;yXGj@qTT|X!{dnS#aNC{>!7K3 z=~?DXC@MefO$tu)!$ny^H40QY5#n`|^}HSrYL;wVG2gCh2n?OHmeqt=(?^#KZ-3H& zD^1nf{IsA>sk%?UvhkKg=sHiZ55ad?Id5fcoZY2R1bJjyIlB9$H_$;WJ2`PQr-xST zcO7(7#>Z=YSH6-N9OXUU_FS%EZ$8N100S2Qr4oS=oZIu#>ivJxE8mgqXDouWL$AY*mihefBJR;BI>0?(+GMLzh~_5BPV-C%hcT z2ZuHtU%EMa{-w#z=*~gKlpoOqysvb^KUY#hf8-ojCK>V;8d9?@@er8^~*T z-OffV<#nHlRj!wF*uK`hLhd$9Md9oLbs)WBFi4fnObej1GCi7%*A)3k?8R%JXQe*xEEkj~ z{34aZ4=p_VPi!GBs`_LYSPqJYBzcM~jUZz1@Si>tXYc@zE_1tQd)5~lHl*BHO86lI zk^kQ^P^}UmIRg7uU(mi-(4N|+$LmuA;a3^hPV)cHGEe}t)>+uOApx5$Q&uT3n(C%O z*spN#aVS$8wErn)R3Yrkf}KoMRSvyP+un3XRucBUZn3Bn$L+?TV3OBRt~}cuBu;O- z{BqmZ?Z$ncHcF2HGOEmXDB~Sb6IoDMw&o4@kW*kproh>%Zujse3Q7 z+w$WiuAQ4`dmvEkBhUdxrWNhXs|vDO+hQ&;Bv=1U=)Un8{gKh}8N1zz_6d|6f0Y@E z7D-?%X^*mdg-Xhvw@Vh2Xa};Le7_Fq^^H9T7lTua$4)T&*G;=4rK;AN9Zt@li%X4h z4Y*Z(L-48ob6Avyx^_B0R!v&bk_tRg(QkOA_J`;-c&+pR*cQs@P?_OCvE5=q{F?_? zo1xRJBUC;v8*+HZI|-%ee+C(Y(qy^-TZKaE%opUzDSwdTQ&vNilOG8`I87XPwI=!MwYQ8aF6wDNlOB?i*wfx4;yJLA~H7_`J)HM04;R*~R?7;iCBu`U0lB=a2Q_yCC zmJ^KCps0s`>OcXcnM3W%my#Z5w&e1((r*JOX=gGNBlHVL9mzGA?0w@Ubx)t9p1w6* zl=^JWClK&xIS$a)%uzipb|N{-iST)<#{i4}JaNZbWM(cd4WJ4akVMJBrI8na22^i+ z6#upCSTAuaVYwm|SQBhv%-t5s!>f|&M&O6b4a6E+$30tj(bc3%IJwKI)aOK3;U&_R%|-jF6AY0fCb*3ElumdXk@ zL1RmpPw^ofM}oq&yH&qV4=?#DinYN1rcl{Yx-QEg%=QM#$Q(gEkls=cdU)dseY5|X zR{m{PllmC&R`GKUNfW9XfD)Lzs#&^}p3%Vn{Yyj-EQ_{7#f%LlIi#Kw0@DY*s0CvuVD` zBvpe(VWnAnU)!^nuR4{?1Dk4-Nrp`w$-WiN_ju#eOII<`nK!w5eZAFH1~?v06)Qd5 zhK$%qky#AovO6fT;xDVBwtTf{i#DAO&OPF_C2iu!+NNu3l(L+KlF!+vaWp*t5ik-o zdJ3pfX5CpBRJXQ-R%;0~B7Mj#%I`)Hzc!U#vNaR6gv*YxrB<+TavOZ!ueT%ys0UNn z7*&6NVTdLxM2CdTx0p{;sFItL9Qs9wVdUwa_BCC*`0%a4x$VqqOR7j-PY9A6BfnT*gI^D<#QYfqAzYD! z+7|_!=4VaoH7wSq+-HZ(D`WiheuUX{5xABH<7jto-9ZSp!Ec19Gzc0sYj}Uqo^isG zEi>HtoXAhpfw9Kyx4PW4%+bLRq2pxS6B7H&;}*keULpgI@e1#KEe1IH5?29@MY(#2 zeEDitA1bgCwCZlS-EsrCCQFlL?Lqbg{IUqA<#(y;$yHZDwG#mOM zV$OiU{O^bN^(c`x^ldmKfT!YciW1pUBB>`V%E?+g0t6nbqEdDm7T-h_WjvEe-WHXo zX!)RCu+ujCK9*E500e`$%ehV>Yy*&y%}WLq4_-#a#j-FejmtxS&;KaIg3~MfF0Q{3 zWTzCdsx|0qHaHFZ(hThvCTac=2r;jp)UNG;aIh-;%|U0cV;sA=5oYr%97xR0o4;QT zyY60D&pKrX)+Dy<{n9c-?v~Oj8NSE`!Bob+39a+j#LCYrdKJ<*3L$|~k^A`LuK74L zp$Ec;RRYdt;YA(Me)WJ}vV;50`h|T9Remc~%l5EY#vQCdk`zDKb8xxzG}eX9met@u zb2ziXm0IsZ4|*SxQNWc}+w$oKx#$yiDRWWMC$E$C+Y=rSx>$Xw^NNI!0+>MLp!|3R z!Z$4;LmZ<`G@^3`_}b8Lgoq)!+ByT!JhIzZTRX$B%|Dp+eeeu%Mxa~UBM{KyNqEs; z5w*~lSP;itLxWRwM6`DV`umuDQGjww%MUy}|37P>9ISp|Z_#FT&7okO|K)0%(9~1} zJ#g=sl>9srB1j^66Zoa6ErR^NrJOd~f`A=dY#E*0L!YEzIPaPD zA=Ccy;L!v&zS}zP_H%PGfK;M3lcC3u*L6`HUiPy{Ry9!f)A0gwoeP$Kh3#keGr7qn zr#2lH&F1Zb+Ut7O?%c*)99mdd0}kQB2$QUI#Ri|ZI$S78drjj>e93r}ziA$rV(|#u z)xWo$#{~f;=Rf9`vCt*!FG54E_L;=kzwjDd3~P6SoZ z*)STI+#cfuy9f-TpGi%FupzHfzp^n;FT2n?MlSO_4lwUk*c(g)RtLEYFJv+IXjN#G z<*f{(TetX$)VTinc7S+@Z!vxdJiz0w31|5ic$7LKB%S9Cc2TSe5A;lbC^zl`1@DE1 zbR`BDn!ky~=Do_5gjv5R_q`p_h>OB!5)>@UN^jiVq!ClSW!XZ zn?h~1R-q0WU-D?=?nGsIY_^j^g-yTY6n2FpdG*ti+{l-1WNL*6^E+wPFfPiX&Z!z+ zS5IkTVYgv7Pe_{j zm&d+kE8>3prds}M8k!pA1YXO0akI`IoC)B-%|V1IpcMUFn0ux|!ieiGw+UxBG5Pp)n(ixi0f*OC)1@AZ*G zRLjWK3m|X%-~o@@vH_gGU**nS?7N1#C|Wi~K5TVRy*t8{5N&P`s9O*xKN8) z^-(Fr@p!(1=30p;(F2vW+QuvVk`|vwm{R%ZT|;|ZmOkkq!JJv-xJL>fF;q#vgQ7QS ztA6Zss7)Q>hmsh*E1g)9py3uz7m*~XjoxqQho2*;t>iyxNECc~Cm|H`k3X6pgn#7P z9}eur&Hwe{W}Khjg0Jn}C$?{`(mSa?w-M(gbWpl~fdU0|P`*MbkdOMuqEHV|_$(cV?p`#|Q=$?~gk7b|0qEf|~S$^lUU>I~`RQ)D`g45LbWz-)F zz==l$WJdb(A51gtvM>!if4|mI=|)dN+IW|cm)E^7UqJ^_-ux!PqC;OAprQ_CeE+f_ zQ((>k#_g*lQl5QLM#tzZ%!3)P!@O?AbDm?33e|43kpW4dIRMO-2x~GoSxfVB@%V** zsXH@U!acE!VIE8v-MFK;HoRrSSmqJg?IU0YnGN#4&|-tHeL%6Gt$;+nJpfcJ*8f#3 z3fmpL8RMPBMKXb|TH#+;%{128(C9`J>m++~`nf>vG;5=fwc9xkPP*uu)(;CO^^gMG zRnY5_LDDTRkzcjQ*m0L+AF+qp))_4hyY{ctKgM68xE_0EXT|2e2fA6ZUP6h%X=5?| z6M=G+=KZxYrqTs3;`| zk(fA;<=q5|GN`yko4KgCiT=cIqLko}@WCI-O*Cje53~nx4}r_XW$puatde3diJsj? zI*uI5HAJ9fF49j*hOYOR^IfYzGZ>N4YSm-;)jPPOT5RELL{q#JT8w~liOcV?F@Z5_ z>+5-4VOm|Jsp{leJ|;%u!0-bXLUogqsRo!`weJKE)NFv+Rk{govinZJ>?&Zvnzm34 zaSm%8ii08Ns94jjFVr@t1>tKpM3sMZq`D4s}5ogjbHCHhb zpfQD5r1^?(=@E;E$jns_YQH%QpXyJ{?RyGR54x?F_)!eQ+p^j&fAT)Vv75}(#u|n$ zq`3^7+YVOP6tcYfE~@g!5ZA^JE`Y{%)lQ<>b{Ootr-qTA_Rp9=m>3#`ukoU(8wEHJ zLiR8(RzyM$Fx$UXHvdiMEO-Iu(s-q74~fop2cKt?Q9-_zdM=x1vo@`b0_XYshWp@} z{W)wdk|dxy8HtPc_!n|FcLSYoi!_^51JbUPJ!m}j5lHNZMnj~I+!8;WJe~H)apEGU8PlO6Bp(r#OR;LBlAM@?d$yu7;c+C zZd$AD8JCJ|KW`6Nu9LGURcuW8kuF_SYvzdEww=~JuWes?ajhgJ3psJezG2=&Zw1hDkTrhr`@ELvY?9+&iVc_(9pH4JfxJbk+>q|l z&aq79X2HIyHO-nb$)QLhS5QcC^Q+L?yLs{k?UoQC@`!Ah9?akDZO^TNp!VXRFR!q& zwfPG>JIp#3*`H*m`Rs%SL`+mg8SdCN@frJnNhXpX7cxyXGsfE60_rgzarj4~56!gi z2bZK{HBhFK<&&-kR)I9P67QZ$k@(_4+_E)1)($%Kj> zXk9_C?8m0{9_NWD=&Vegj8OT>r?MKSk7}*Vy=a&2DoQ}23(m}!cDXfvZPXV1Si~1| zx+yme35}st`gNMb^4hdRvl*j^yz9{*3wvok<2~?j?#xjEh_+l5!$8i+AIKR|&EHjSBj@v@S7n7DI#@0z=1j6LkNRexQM z+z087vfH9PL?YUF9!8{vfa4k;l|sWwtMOp#KA3TCUct7>!AA<%4K-T(vFA= zvx(W@={xmU)B3ZlN@&2gTMmd45BNp9hwJRu$E9 z9oAK6qohS4>%j6^o2Mv>&YLg#JxLRwya_-E-_sf47A?y?NbcuO_6U+MlO^&Wuu({S32Xj47Acv(9#w8v3Nn9Aon*X&e0_$7p(n*Fz^yKF+R% zo|~ife&>osME&I3mvz|`9)Cu9;cb1tshlGk0#7FnC-SZ*o^%AUa;UXfdze^y`_Hi- z8V!ja$s^GShFhRi=P+>Ei+J(%j7$64F3Ws)+X2aN!pc2sL{_@KJ1({)iWXr30ZgK| z$0zBa>3X`J()+n~$?&qL$3J-7_^T?|f+gwa(4px!=)!FMH4}guoz@xa&e}^nzV{mW z9z5@PGDRmq5AKFGCks|Se>=RY%_8;+|Xe#tgomRU4Gp*h4EC16+@Z`f%573T&Kc!iFi_dXWeR(CI zA9U;h{16t~--^i@7fD~(!@f;YsYohSS1+pOYxv0d{?3Q@?%uI^ccGoA)BtEuu%ZNH zwRmr8g&ptg1GftL&ck;P2M33j4dCjmx9f^2ez(Vg33WZ6ySo&2y$w(Mo23IiZ|@sP zJLU!Hr&8AB6M38ZXZI)j3#g9f)>ii(97d)E;JYTxnrvjzQlb|r-#!r5z0 zJn)6-`lYEB)oH4X9{y*?O{-e+%1~`W-DnV)SA+kP`z+n}-_YOu&U;*RHrBO$+`MLK zLEv6@y3UDfB3hHK2b#a4fxgQ!A4J$Fx~x_IvdB;mDgb~q;B465H>Sk?vq7 zIz4a(dQ7Ezx-8t!T=8q-I-Q)}w<_TX6E=GGOO=mf`sib zoUI)p$9e0dGf$;nQwCWwtAA`Rr(~3bb+5HuD@ky>74^3C{4dJhGB}Q{8(-|VvHPQ@VXCXLJ7%&gvofCwM(LMd zC>VnYRG@1^r9M?|2o{qAovZfum?}Y*r|8c_*;$|5bE*hF+qA%!4Yq?mM9l5VA0YhS z@esUPYFl*AGA-HA~PjVO;%SWpxOSI{_Fh3sgl)30mcDN+UJc!B<$>b(~0Bha05b51NF>s;3OQ z-Dspisi6Ib(gUh5%BNtMysfh9)u@>IgD1-y-6I4p+<8exOUH{T@-l;_nQzs>z^oDD zmv9!WzrA)&oFH}xW=Ds{#Y^q9J0ZL#Hw-pE&a6UU^!LGRVcnabPQ}phW~x|Ep7~Up zhmPvKCbO z#^^f>_@S<@;I_MZj&<=#XOrvN=Jc7S?B$nsKZdMZ&@xX)Zn{5BgV?AoOl%>4+%dun zYHaWklWGcTWc;_U3~iJam=1R87doLOn7jJl!Om1~w=+??AtFn(?%FD91ZIMQKDn0x zTW<#LGODM`&uTjI^W}02L9pg?w0ujtJ=Mxb9yt)~1C$JXVX1L%c?I?pV7;5LG-uOV zdR)r3Jr#UVM=w~y9CWTNey#fQ)XXj$^t?Edx*TucYo=b$etc5d$@wz%i52{+pmVeM zp?_`9XkIa}e;I?NjYzfm0kdK$*w@;#NTu8)AMH{%HFbj25LOW`ji)~4 zz}CW&rtxutw6*AByCzfN)doPn)YdSZdxt_- zyeYIC_-0wn!^18rMhiZYu5u0x)Vezce(yc*XJYw$rV=;l0nuM3fJW@AwiEGo@SkwO z3ey#)#?HmCtrl~DH@%?*Q%{UiADkgoKyfdHMj@ipSIi2{F>vWN6>Wz?1;Z;585pEhP>Ognejv2>F9$IKQA55(FV`NOYa4lo_ zRWQJQ>WEFX{s8>E{j32bK)YJ>&Pn?Q$JpOb9%P>=1gSx1GV{~jcqb-`{se<~+OYO> z-R_UI>J-s&0H4A5u(Faq#jU>FD9e(c`dCN+^nih>X>)LjJ+!yxk~ALc6FcqsJ?HD) z$O98Q4{(^W*WM0_dC$i07rbNJd_$5ML3g#->yI)x*^{a|v$&*iGG4`XGN@7J-dDU| z>CYIl2ThSJ`;>!l${P&WIe@$H0YpNn$L^(Zj0v{7?DI|OC6Zim*5BEK4*sjo7z zhUquYAzU(glib33s5&|KS9)VZvW4_-r9+}@*@MNon?sEh8NVa(fwv#dM{lKUq+JAX z>slSOuojPE8Q2z`-_<816DoR^D(EDpjaGWT)xwsb7wxC$vsR7osG^^-@YvfF zS5wvw)+7u5V_gs6!*tc2!S?Q6??ZRa%S+R#l1xW_>-HMbrht)w7?7sznuQp=rg0c? z=S8b{bmsIio^zPB(Br5DBQXf&CG)Q36h^fvwDWV1`0F7VP=N9wZm@ zsepe%j36?J8v>smheEa>%Xz3bBO`UCv(ib0i?nx3Nm8Hg^L~% zC?JYa0@!!u5l8S`I-80B@kJ;e(;`B|+`yYO;DJPqyU$fX9Qo(YfS3G>NC7r)_+D%T z6bTnt=LuNg-$X8>T_M;}<2<3o{*jazH7*|zUyN5Ay3Y(0m`D@Y1>JVLwJ9aw-|zP` zi$e`*@lfNqEIIHA{;iBZ*?>$5a1&P)w9f@YjXMtu7rhMKH$0sNK9hedCGV(%WJS~h zc6ai;boM{!V0&2;KpMfQ?f;iX;Qe`9H`Vp|Iwqs-ZFje@q~rB*FtNm%weI;iU_#gR zncwUd4P_d2@cJk1yfd?N-9z9XjF>i#A}ft6(e|dmM%5A!BsS3?o3+{L$x!~XR8eF8 zHb&0Y8B|dGcJR4dy}X&XW|n}SA)J?(kX@xLt7EeYMy*arHO>88dA9Z+gcwCG5FxhY zrPs|P|29xrewO)F_;NQ;DQj*sdXdI!#gcsy%+}2KggvrwSwgkx(vIxT3+Hq31qiC) z#rb>?(L0ZmT!(dxZO+whh(G(t;=EBUm3Hjj=G|Q#3E-Y%LX)I>_xo++5aAlqfn7pximEX$gHCeU6DRGNNxPWQK;yQY# zFBhKA*da7d_^WeL*Y9x!CCU#)#qhG>$d1K#1a)kea(&j4LTB>b_#^veTx0Cos6#vv1mhTao zfA3HDNo$;it@*MI&`*^$3XE_`^@dVXZVp9qExzrIi``-D6I#WK&jrs0h!Ks#i4ca2 z!Haa~C<`~E*df-C+LDAtxU`bzilc}`eU~e34s9=vriDX;(IiGu6+g)fl_=2Y_qr1a zr)W-C7qi?c0GJ1O<|qH`6cR++0>R%(o5v}rL93~Yp`}%x#>!^##h+qd{MJg*s%ei{ zAVHEKC4EAm$ioiCBrD90grp+fl6}D@N*ul^BPY046JiSMiDL1s3pY=k1HE4BN7&!d zw-!aywrhk6zZiYk?WTz2+Svh4Czsq&Ns$L!CF@q#BDxrA-VbYtFgg)jmT#JBr)Rv$3 zz7xY+?oC1$t-dtOhf#GzUE*@jU+gFh{!un?ceo8k#v5CG-Xq0VeP~&<8*za5cep?r z8Fd5*M2G`F1HCx;3u>eX&7hP?l^W+PDNTI7W zo^S)PRbh`;-$prxN{cJ)v}Dw%mDF6h_kDYACwZ_pXR7vP9;o zLbOGJt?qH$`6?aZoZ#VQ&ZrO2&mbaD)eKIL0M1a_EL7ILnTJO}2)@c+D(iDZr>ETe z?qM%R;XBb%0yI`Cv&6pKO-!8-I`hrFhO2gSPqUEu8`PKhgqvo6OEE2Cr9+9d`sY(m zvkzjGXP{YY8<BVK+HMu(r+d6*b-r5$WZWaQ#eF=)tQ#>S3x z?37yNn&CYDW*|-9zyJoa zd}z1taQL%RxT7bgkjN0#c6qGlDGDwPJh~IxWquEke7z_t1~*7qcY}&?zdhBuCzVY&%$?FC)DQ4U(h>>Iq%lJfAfu)lduw>Vu7)qc_XH zfmN=1-%R#4#2!3FB#$pFGrkKcMj|!h_@Gc~rBGcP73T$qQ>^Kv(_Ma+PhL7){5+2T zoLOe5g;(3`3WZb~NO+-}>|1+|{{r)tHxQ)CefL3hAgKo;rG80VR+Xv?QXBx|oqiOq z4XjhVorK?c0IDpS(_Sj?;ZV=KQXC#IHA}6#fzr@6D?b&R|jZdD~`MqKX)F#xMkxzjHg3%$t|?RHpsquI&3cL zU$Q4bE1+{j--^9_I_yk#?PfXCyM%v{U32o94Ai*!-ed%d&lTxsTFp)cv48oxES%w= zO;1dax8X%gJWRsj*PSzP%)q%QZ?5^l@e7-z9`N*7m$8^?>}dfd%fWa~P|pITzI=5; zKZY`&Z<%#S%f7`uzDB7U$v#+@&6RDaN`CwBcRfVU49opCj8*@Dq*!HIE&=;Aklx^5 zke&s-Q)^8or{E@2bki!XL0<*;!j#${6`$U1R#s1QE+B>v?h|Jvxe7emI^s@G>cD9r z_l{uuy9#>T^+1F{zxNBYdNc(nMJ|Q91e$qg1`^A6{|LG_f!63mOf>g~(rs)ya5xiF zFo|ibQk%6))UCf3#p)EN3r}V07hms79^`AbFVG2`)PsFIk#NYC2oak1sPmRBpJ$se zQ9Rd?;r3Dy4pGv6@fb4;ODMvq-_r}~HXV>zU}x$wSUQ(&YyI>c+WU>%PSme>kY3}C z>06&!uT*5{y3KadJDAkjKs&x*$Vvk^5z1I7<(-(fIjo-Vrl$M4iw~ct9G$9lAkyHf zf@iN0{{+2(x1p!}Uh070247%4V=Y>Tnc0ARNhH<%wU7@_ zhM(r2GF&#dfu180sJXNw997DL1V6DC;aukdmr=lLzUn1#-YSNeUot8eN9s0f=oJUJ ziojt=qI_cFl#2TjI>nRSk7BW+BaeR!0JzJL&prkLtZc}UO!9QRc!k&1Fv*V&M|X7d zx;$i)H3DWzwzQ;Y^A%u0Ekcqy#L3pg}UTGdW_qGjrYm{M;ES&B@v`>e3P6X)u zRtedAIqp~(Y8->Os?FSZj%XYo){@e0YQKpCrtfOu7Rm3IAdjq_xQ!N*smT!MiV7Y? z#R#H=6`LZmxNL+BKSjP+$Dv8}i(Z#l z6n}+MtTpsAMhEEch%QJm!yPJk-4x z8lH(WV|=oCfwkKNnP?1_plTEcUJ;=@8(H^XT^q3RVprjRHr}(ggkM8z?i5T{y6W6~ zecbqbt@-GDoY48a?`_#serEZ+ui<|^IeqbdJ!O5~7JY4g>}`GC7x8}HT=Bl&<9Btw zobmQ&eZE~ewQcYgBREqapEi3bg&eeDujC?95LkR;pgZIeJkX#nWC4 z;p0T(e7htA5F+L>k?@%s>8$YDS~|rm_k2Ux^H_iv)Q11J-UBN1A{Oy0=Bx`Q# zdI6%K0Nb+SvwZbu3(8DOiAsRF{sS(!WX?!6tlFy(qvo-;O~0LWZ52}V3OHI@QgzPP8=I=M)M^b)gBAS zSzV&(@D4+>nrZHOtP9+yd9XLU)1h9kL;YS#3FOI5q z#SUeMS{W@{i3$mOJ_<(wy=72SD}=^;O;RcBbABYu)NvwbyiNt4$k3Tow#ZLcUcRUf zoYJvuTc7WLKR}c{2Dp)qeC+gAssQ7f-ucdLUb?(~2Ws@Z?=Ke%G5^A)U#ouSoUL4M z+FsD8hWmk3h{1`@6=s)=3`k7~q= ztm&Xg@?F<7O#n?-k0bx+L%t23*Ypwo9g$@^o{~4TjbM3ydnC6MBFZdR=HKiNp|A^}pG@3@T^LUI4@vfJOe~^{ zZDlZFu5zzsOM`Kn{fcWx%m8P{R63%f{wPaeGNRjiWV1x6qjHCm91Ku)PN~WHbp6M`h)LpPqvfVE>B_cO!icmvLkLu2#zKErf^kB^KOV^(7DR{_Z}{f# zUR2`GVhg<mv~a-<5t-T8hmk${IX8!W$I?*x-~t)eMm20?h*>~WkBpWNaF##oA3d-#dvob_S>uzcgRl}OS)teX`eshr>f)hZuoz)N@}VigU1)=|_tZoaDEM z%Pb(Whl_VW;AXamGw$w;ne3S?L`h)qVGBtD@S3_OEewg>XXJus@n-+B#9Bq zNO~T|NZKxfi3}1wMz0ZqlTafp8EbQ+8F9E0aZj3YXUclcmp|ofmqjz({SQJ1x3cnD zz}lT*`FFc=L(tp#hP4@jiRyFPvg#*hn^(u-1GGR&EX;dm+1hKG%bl>-6mQupFjDgL z_j7);$UB{l`QlxBxF5dI#-;~y?-iuYFL9UItU3POa?XP`th8?!(OscGECY1tpb&J>@ zYYlOyD~^5Z_ebaCv)`tg>EnZ&n-&@>J{)wJ9nZ2lAzDtm^B~P*l%l6fHj&ANr{@ zNo<}4L=g|~LseU#?W|uX4fg8=1Zz6hn-MWi zubbPloxBGWi>Oc$kJRph?n@j*StG&EmIM*D=E_@wDXTIwba*>fJ8Y1!$)Q%8-dqm| zgu#35p$e7;g(||kjUZ6K4;ewBkL?!yZ)ja3uuW_rwC+OD`S3<$#?YqvBvu5h$d>1) z$UIw6oCcwMDkz@^BmDX>)q9ZYgHP8Q)4H1uuu7G~-B}WpaQ|cCR3ke*_GRih${Nrf z4sKD1w;iH*A(9=GD%=|t?YHqzpl8N&Ms(dLI9^b=c~Yok?b7iMX!(dYe@nClqx_tB zTe#CIN}20r_b{oq1$X~KmsW&uAyBqZ%s|jgzM0e8wszek!o+(z)1BK{kbT^XY_Jdh zFI%Rs7qZKLuw3kZmLxHR*k$us)c((C0Es#qGW=|BN&_f0^W)Dq!zZC*#Ja$3FJipZ zA@mF5Cmaq5AMm3p>clOvxEvf*vv@M8MRbbW&S6A{5_{gdIg}Tj{LAk`o2qk<{s1#x z^4zCDfRzr=hzSPR{mPv?{h9Db^T@V3Oe`L$aUxXYF{Fq16E3trD@62NikE+PigS4k z&F6@*33-$IaZP=JyhIs(Gc>eZZlFA;tnbG2e)H5|?I6HKZOZyxNW*x)lC(-=^Lh9T z?W8hVf#P;PZ2tm<8&+=OPdOQq9C7aLpa>vbP_aH#phMsXx=5$VxJyL6ss3eOj*?3| zDpMIxG}lW>MfO}4<~9t_7$LCtaSvV3nv;orn*$2s>=XaYNr2>o2e@JV_z}i?rAw#r zK64Tia(sUj3bbQ{9ABB{s=)zEr=t7nBul3~-{__q!~xI}z>bIh=@=#BGe2_wgZBf9 z8Pd2jLho|B9~`{SG)ZFGCZx2o>mf+Ks7)Y0YxURTj>b;hSM!GjOroh=N_4=xAoIC(S#=IP#WiSHk;&;?z_F#ui{S&i@t%y%g-AHPW!GpTJ zfiY{2wFj@N2~GOfgD!{riY^e%xjGMUQRi&+-7pIv*S$N=*g~WmUzM#If3r$x(UHtO3`yrt}Vo^xY?H4Kwk*Wj%TWTe> zh_K@0Hzx%dZowpt)DCbi`(tymFv^Zv10#0W#hB_4H+}0Xjn}znaju{Dq>+A6ON~nUjyeFO@P(cQBY3BO@V8Xr4EU2#!{A+cd&N-1)dxu$salTo5rE!EfBR+5kHl=s-oDoDgLs<8jSHM;zeNVmb zCoJbY?vOUI`%Nmzf_Rtij4yJXiqz z)QqLxvooJ?eP5w!gP~ISOI|*7e+L#eWfu~D#m$n+ulCR9d{J2G+a~;boEenxYldGu zZP_p3m*3hv3jUW?|4>nVm>`-RK5#=QYKBZ<1t^e`^-7;5#q(sdU+tGX(I^~?skJ_r z4P@+1(D>V8bl1K}zXzIQ68fM6e~JzHV<0z<}452IV+6_W^cq#lu*6{YbY#jKGCQ`Ua-Zqezb>dje&f*#C%EQZ6Lp z7@YN}%l-_-)Ne@%G4kkPPH0g8=g+nHd7RF|mX~eOfnl&2fQ$Kh>7Bt)$O~G#u3gY> zJOIlEO!9SRZJ%t>Wb7Hk`5RDEN$!c;a!^jK!Qk?&%P?68x3RT^&850-c~8(tU6(4x zG|p<9RIlsyef5BsZ_+#}7A5IW!Z?S!v)y=b9%ka_M3j$zhWTRs+sGN%c?9|W012Du z8a^AU%_t*n8+t%!U5x8?Ub=HdqEe83zZ^jv4a0Y9a?KhL$}8wl9Rb*Jffuz2UbsRw zj>CC_Hhok<1M!)4iqy9m2#+SgpX4_olA@+Y#889nL6{bS7mTFA#Xh`A>$ZOE{bGln%`0hE}pYUBSe?=5B z)B&*vW<37VqMPHjx#FU@@ZEfg_8`YFd@m2IB#b)5|X>WS#7R1+7Y zh${yeW?dK;XgONz0-#iGwdQ1HkJpCrN}PBWwdOX69fH^z|DHQcGhC2XzDP1#a5l7S z9a&ARII$>moTbS$pJDb$C~-1aY_T;_C^X<~HE`H4EI8kUW{t*W0Ykp{3F^jIf{9Px zy0a;4LYO~J7VGR|nYUHWSfx7jrlTt*)!CBqY!B)uOkHKk7C8WeOoT~qAUSUMZM6qO z+{P16udr`HPw^#4?AH}_J@fY>fAsMag{WAnV5Y2fLmd|ZwUAv+F&LMb+NW`X(TMGe zr{yI}?(-M_5q4c#koZ{a64vhga>&nPkVZBLMH zxLH1wp%IQmvpUhVx`c*BzsW9#czG7O{sEH)2Bs*eCV?`jwa6@udW{*CSi>^JWT^ya zSdjCpPxgP#=F1#KtUeYUpIF>j;cetmzh3i!oDUQ_zZ^f?Kl6-Y6=HaA9RP>aALK_Nv?woC|Dggu?WMpqoH{DNw(`Vq%M}oik8UhZ3b4cf6X^U zep)jWaFb#>4scO1=)SGM_T{Kbv37D$>Cj9Uy7?~LRO`^~QfMA{u%YKmT>@tqF|S%k zgQ~tFH$kx1k6XR8!a>^5BQ)oPlb96IXUI}bd6W?~QYpIF8XZ3sL?we3RKXBC)%>fG ziqV?741svJ)r>}dH{#HfSAzVB6OZ1rCa_)cSCZ~|^$toCgoUGGeV}SrP;X}&mF_ZR z#0qrJe!Je?jz;wL5BCw_zRj-ije{jBi5^#VMM17|5Cfc<`ONm!CrqcpB_(sH;zd|( zYAZ`~@D|-#UzsmNp`r4_mvziACslz?@IwA09#dJ3Fh`7!M>?U zzxZIeEYxz<`qM|r08B^6ZNnId<6Dxsbxg3M0N3V=4t!b*sGlI5RwT0uN5TE1kNobZ z;Dj^Rc%saapOzD4xFQ*}779m(b3Fg|+c&f7<|g za(i|uTOnHPX|=e{ahit>lrfg_YaBFgd3zPp+*zYzUL>lXvY2*P>Xc{!4NBEZ?og>y z$}J3`L2!Ha+Rg0bol9N8JCjT0&EM4y{dFvUX>NlyWNZZ9cI{s%wK+TT-Sde?N|QUy z%~!C6U9Yfl1A=DzzN?0|{qho}zXZ5kSg(zYy3t}2-g>|6A-4vTbGRf738f=wFZ#6! zFehi;^f?z{@Vfat47*Ey=$1x}td-#YS*l5^Fa_*P09z2$EeRm53u*ZT=<-8V;xddFH5wZntcJ&y ztVS;ltOVMux8SMoR}6>4WkG{K2XDjGh9iV6Vt<8@XckCN#MSSw9Gm>irC{uREdN&zo>pGEg#-8IKYIE~M2iw!zu^ zEyr;;4D0IiHeRh7lEH902=RBdH!ZKYq2s3L4+i}a1R>uJX{@vCfd~{+xy3Uqk1|Q^ z<=;XC_})82udb4~Zy@e@{bjP+!`uhtS-6ji1?`0wL}@SMm=*F;T9j;}p7$$Z2sJZX zq3lK?1sFnOIzOLO8bRKnd2U_4y?!g8GR*Ttt%_v;Nvzt=0YRzu1-(`76&S*pV?Qj3 z1dH}n85RJ?aC&qdp#H|G&VJVgP2?8d5xO}vctU}?6Sq6uhfEcn?Pb+I4{0_rO|C!i zhoU5=rA)HcE=%vjqf*Vh7>sIrlf-P>2P?L3K)EIv_LyY9SzlPyvQi|S7^`Wq6r|0U zw3afqOtIESkvTp=&QZm0p`9&#XSZ0!V(fp-9EjeI`8g2zlz{Nq)3aM<7GP^(QRL9G{}X^_w{7 z3eP196z4{SH(Mu9{LY_L7l>dTrP1oEIp(eCxm`lv0orQm&?^` zRo!1iC@|#Kl6&PP$5G2lQ8bVxYGQ`OEEA}1w$)wE8}sDRO%YHYoSLH(5IT!B74dB` z40jLkSf3D{gR9;{U(ZKNyd9qocSG=1I$iD$YejVUom%a08C{=utSgGFA38prudtgR(So

DhY z$?F>{ja=K9Nsp2zbxxtW#!gI@<4?A$&ZmGw(pOn5a2>S$kV2tw8o3!I6jfPk_Ci>P zRl8E$s-#KQo-%-~$#D01qz%0*Ax2ej8#eC`;9woL{GD>Z6zIZK(z#rUC}ac<=cbxL@>pEc3=Oah!VZiYwHkaUuK#4Mb7tjX_kMu$4B@5*vLh0=;P`@$|GID0@GNNK>fR;YuaM)1x@>fSC2Q;2 z6DDR;SI~12$@MyX?}K~Uaf|L?Wa&IDXPZS?ViZ?@Xxa6$R@JhoiAk!HV}M;se(a8& zx|W*qx+Xh^M&-s*h3j3Fk6rYsrN#~8I5*k?0*tiSDv9AA?f zgxlY@8)JSC`qQb21GK8bUFBrWSy+kt9^Um)mqQ}_~v#7xu=~)8Fu&)%)8Uh=xVp(0+fVb6 z`Sm67Vln=}6A$hSGq7{?8hUD(P0++ z_#-FIfO)bBaVX9Oe?!PR1xoRN6!B*!^itxcAOs%vWCteX{yHvO5*{CEwhtX{YpBoV zC%ATPMq!R@nK{Y4=L5x~9zacnD~4lDOD>#&%^xEm9u{NyP$GCilMLX{@C3= z#czMifd~M_m@Nx3DElo`Xm(hNj8DMyL_7u=WOi@=`-$DH-#uFkV!;qp%yB4QQD{Y2 z=L>NgmW&tiV$pF!e=3_kjr1Qi^4#3~`~wR4)01=g{P||&(fB?#1Ym&!7M%D#4EPZ} zE|y#riUaunt?YQ=C=@K;fS2O|ucrNrLh-H@xRb4UoIF1-@C})0p5Fn|u@BZx5&l?Z za|+&0jsLN|Bo3vE^wDNzBbrqMwvc;k`r-)&;+3F@EOM>5`-Tau;`FcsSEKU2Y;??;8 zzw#CVxP819`GluGZ>&f;z^eO$ISdwXE4-F(#dR4gv+7wX{i<#;77>_Wmb9!ZE^$lt z69|xE+;@mI9RBV~$Y@9$KD>Kf4z2f1&LO&1CXk}z&kFga(>~;(aL=+nCKMEMjxGVp zIMM6uB9`&HHRGAgmp*B@I|B*}BIf~W8brEY|A-TjHnV^xc~8VQb}D_#9uwJeXvFH> z<~MmNgDUDdKfi^WB-G37WR6tw<&at!I=U1;K5tD`4IkgoVy{$CZE|FWkjP8j)sJV+ z>e)G)SCnX4!zcmlabYM}&RVq@FkP@y5%@Sq4Z+@qXwvu6=wBzuxGog}TMMuV$&M7T zt$~N@h*r6Us(jQ;9I5ARe}fA>d#vPiN_I&*cAjFbAG|Rxl(RmS!Ubh5nrlm?&DG`S zG6&-3>#0l3tVPYSkm6Gh1rp}#Jw!pYz7exnfr?431v!?5*x}w)@O+dBZeRX^^8B zdmm&H57eholg8~ycukeN!6>#~pM25|JMW+s4P;W^gwrjODUt1()OWcJKd}5Qb9owG z0sb`dC@0ZJ5f@{(H~O_Gsm{-HTm52G+wuk(O?MGyiwH>^FWZd4 z^lxVI-gqO3{@5PMHLvI3%HK69oUtb_M?!TmKMEDgANvdZ61mvH1qj%|;|;Py(6cQ` zhq?_!qy4yJaX_(w+azm%c(mU>25=WQ*&BC+A-4GwE#5%)>1c%EnoDw`0Wj&LP)e_R zU{@}E9UkHe$+$ZRkb4gg)`+_<{X<2^0c}B2{0u=FcK}KqMqNZQ7K)Eejx}*{`j1QN zySx@ojEO+;8q7qJW;f1eia!+E>gun~RLvf9=Ls_E+*Dm2F?@d$IqH%49`&6G zTQhrK<-y_=&b3M#C_9UV!70OMHjR|M6ZM@+61=9sk`rqXma9pe$$);bWO#KJKj4aN z;PVyRCM0Vc>9+7b3<%4=bzfnx)ezk=YvYyKF`Md}*Q6TdQn>ZC^}`5J zWZhT6oQ-EQUdBEB02!=i4}5Tr*`}J3+_~=9FNejWv)oG(XGU!gB7qP0PcPT!UzuQw z6m<{v_9vB$kCC9?y40GUk|}Gjk=fR&AEcOZS&(*>zr8fcR+>0O)Uzn^nriI%WrrMU z24azVCU&CB{n^&WvE0B*(bU!@w)MTPP3bjw>_r35R|S7UPF`PcH3a(1Q|A4(S)i{j%HNn}V_zoMn zJmBCl5gnLnmb`2%r*KCP8U&tZIDAAf5(|1QU?}Qu&%9%uHD|x>s~Jquq0kt4{Qs-M zIdmMJ{-+AZZ`_k%-4!D0|G^*NKb5VDN>~80dnr*7*-=Z)4B-B(4L(Aci_DVSM>0WK z`GZ-&g_DIV0^k)sI50MZz)8A`o5B4lmI+LtvQktx6V8V%iQw8!~b?VkXrR51`FqcM(i8wVbpO7W#gp!VSQrA*%g0aA09f zcLgicrO=*gBo-5?5HbLG^?xnev3p7w9aBwSlM0X49nHf5VU`+~SUfez7J% zz4baF!BrsKQXFPQz1{FTS&D;xA+78RQXF=9Ix301x}#@V3TIoQS0dfDZs_+AKcKx* zD5C=`>vQ?_BfEdqdbTH12Nj;-xZb9*nSrINQ$p@?`j$ zg9ygFQnNAO%D0AK@P3A1GRoI@+P=n#<=ZiYYCTVUwf;5)YCSrw+{9`D zLQa*6-;I+#j2d58%#fW%P56D8Z^qPG4wdnkEHI2Q_APTaxG)V=mEXWT1Zbr*3!ASWBl9~$)Br%YtCnt`(t&6g@=M!_B zHc9~lKr*oZV}y%6E`LpIJIGIFqaqCGw;S`cX> zyQWp&PdIKfC*z`Udt#a{HNFe2Zkg*eS<}sGhU$0JWSMx#cdW+y+R(zqQK$butI8JH z!A`_=_y@}Put`k zTAohsalX!3egw7kr`yic)fs#`88%zB7Eo-7d@`YL-R;_L28+qA!5yo(gFclhnd8xv}@?b?N-p&i4 zq~2XOhxdy_km%eO7RrZt;G15EZmhyJGigJnCam^D)UdLyT8Wcof<<1VHaEvJ<{?8@7u!dNnF!@z z8l$`nVT!@o3mch_gf=T%^4JTztlMFlV@8Q3&1OrOPU6mxVx^S zb1PgK^XQwa*o4p9_(!Y7L7Ky={HoWqmY=&MEHRtnlb^$rA}%q5`_E{$5k5Zke=+xt z!Iie{n{TJ1PSUY$+crB+$F^RctxkmE%2>wPtXZ#(1hupce{!!WF`f)5)q-sKJ` zQlkWD2rlqyeljE+FMkXqT=DM&nQJV4^09wDAq^Vx_f}N!eIWGA8Xp;N>%*0T@BQCe z?V;zu!|l>e+>qgax+%UEp{y8?GilCN#s6PeP^#$|j=r4=q0XMOglW&(P$FnK+8qds z>Q;gvfAtX6dH4{=9yA!B-{=Di=eKHRQkw42@Rfz{-AMj$bkBW>gG%Y=l&6EA1)^*E z|6EqKDV5Ooi@GGgX{9BLuRdw`sG>vpLaXaJ3$WfszT_w(ip|ZN^KC+UDb;OGLOflg z0{e1<6#WqZ&Th51>~dn3Cw12Vp~BD8q6E@jpeO(%+X3M~l9$ebDAJ3A5aOW(3lmU$ z2vlOkaf<_SsDLDCqpM4CHK6s&)3Xe`04d5TP^Xb_G$%O>xf`pohb9&qPi-mFFXMxs znVUZuV7|@WUP&)@-c6M(!dEY{lrO$!(iSsQfs{Gh0d3)ucUjX1)Qs+UfyI`9)p^es zh?JGoH~-sZ4Mws%3h*3Izyn@fP6Iyq&j!UXoxp{sfj5M|2>qfM)Ib!4?iB3S?L%(? zquaSj_&mla&*nkPZtgz}wf#vbiARPDAv0Qt*n{;skf|=+5pi@>q$Fw`^}*e{dHLd<8&c2 zc5!Jv=iGB{mDsgo_n8EarFe}Wh%M8z1ZHJ6;v}x(fX$)CaG-$QH{5B;YRrhrWoBbE;?du2`Q_U&^eU_I6^B`xr#m zw?1*LL8lMXS9=+b;i`<>Z??vK7F3bO;eAb6W+TWpfD z4ci>c;P)|+=V1T9NR+HBBsXd!-P%|BpzZ4?2kzB7(D>Y@mTPsajAgn>tw96&fbx>w zRH%82-x^s05yGTwtoY*gFq5Jo7)(rhTxK&f9sXz%o+UxJ$%b&kfgq`%#UhxwP5C(+ zzBXwlr)qqla}2Yc99zYhCM8k!H$!Y9f{_|VhLDsnjl8x-?>6I(1%pfk=S-J_5KRkU zYHEW0zX;Fka|1Aw5s?H#m|Xef0{D~P5Jj_VUwDF1(fquO_-I{$tiuGD=WxW*8@-i> znwp;@UBA9MK32Vjw2=p>Qi7l=A&)PBi;TQ%DSi7{mJ7>Lv<;+Zvf>6E0(tIqVLKGR zGu;{4gEPbSS%3-i5gCF2xA^uCAvCJ@b8U*x`ddx&u$fqMq%z4`KyFn5t65c+CCc6{ zDpvX?9*JX=qd!H2vL8bupJNDxm@_$Tqfi)y)9eF9K*;PwjfLiq0KhZs>Ug1ZFvfxd zh$mLg3U;~37A)JU5*oeTn{dK-e#clnEgxqs{YOc>*!-0P@zgxBwe97Y zEs+Rt-w9sxBb3gR@8^AmTh~EHvDGu3&*L@5jOIUa#xuTTV?7n-;@`xqi;f_QkF%mlvI-GfzsW zNObPSMN{CrOZ~CnoHNjap3^m4koYevMHAf`GJo_~UBZPCM6K)ATrtlLneojtT=ImQHuK zx*B`MC+Q3Ff`}B+{%e0;)HGVs*agx=fkKL%yjGMAs;W3KwB<5;H`rxNbLMUq81+rM_ODL>+3Oh^hA&nu?WR4V>En?boi~O#Sos zQ*PNrIq#52op|XYxK(+yQeZLIbaN-71<5-a3l!#ydN}Jnc12F9fo<7ECuD_vMh3KR z;#)$FX)sSvcf8w-)h;@B;Xk^hdMhDZ?n7;j?7Xn-HBUhmascYAeD7gN2$V@U4`l05f}ZEMEDFfNegJpA`3E&({973lg z;S_?d$l=6CcVY(!r9$$Kh<5_WKo+JvhYis~3F&*O)yyn zMF`~~)HHyNowaP|^9VE@Yd`<~0m?_T#mj1>C_C_cvdKFaQ z#Lw<3Ut;3CPo)o%`~hdv-8j+cuI3W)jRd(k}s4$J*M}8#rqfSRc$+8lC$fT&SHYi^ zePyFh*LL4)ij88)dmq|Ev$7!+H?Vk|I}DOiA}4ld&g3OH4ImiFR|=A0dyfk~nvzsP&}%mb zCzhQ>gL=IltmjK=ytS;W2{gIBG@{HPJrf?8uYWa_oEb_5MYvBRyM z1N>l{DQTP>u@jtO@XR4>tRXBsY5BmC|N3`D!xn1UBk3WfaCa`oJi(mt%iPh6(6Yk@ z(7p_uvIv|oNN595T;<}on}EK;f?yYdY09#S3zRwc-S1%(b^4Rkgq2k7f$+CXqh*s; zz8*;ltJw;TCe3_lZK?aQDXFouScbyu)H96ea}>?$Xui{Mid~!ERYL)sTBt;>0g1L$ zQmux9;8}^}dp<>GXDHFHF8GCo&F?37BBdvtlGu?30-hS8bG$eLb;d9Jak#+vtMxV| zaopxQ0-}1;3^~aiKCHsI7^dB&m?3q>F%K7};xM-+Zukc18;ctCN#Ck+WEmPX`ca%( zuDZW4M=8jkX+VdG*X+|i5o0rAx1)sfQ%XjLzL-wkkbjHwM1fEApV?$PPz49EvpVGo z$w0-8@&yvu9S=z=$QYudl_POGXaMp-#JzH?!TWfxuiLXM@`oad7Ce(9tTm?-X7Ul5 zoLu_OXV7k>>&)TH4n=XbwY}K6I5_Qqm-n=M5+K(cXOBrMM#=@J6=>E-w z;&l%8r9DwXHR*f4p$^PW$$S_ss-5;pU@37ir1TU8giY+Nh53b~u$At@Qq-KCc8T{c zL` zu6H3y{FaQbIp_fH1h^taz`iW<#{Q#I9&~*azh5WQWE`645~+)irRipZ}|L$zzmie*--}Ec>{Q=7$V~W8vF)n(Jw=ETfehrIa<5;(kp#d51 z$ME8+@m~wX*UhFTK1Q=S@sB6a`H&G3E;ApFuZj%%NSA;~=KUk<+oz364Hv>eG~V|Z zFa5iBf&Pd;@Oz4^c%mx-+BCfL1Qk7X9ZPsfly`o}P$Lr3V%n3;KWbhA=cHj-G03Z8 zIWVv*CGSD+vBatuxQE{3*G;i}9@3qZi64a|CJJeEVVoDlyy;`Uv=>bR{>(xhrR|T} zsOfr9?X=|*mZ0n*FlEchAxbkLM51>Xt=N3ekTWg1r=CAhc9zhrz;arpjAN&?vV$&C znu8NxtlV!Hc8eU_>(JZo@ zUxCqw9N9*qT{x*DzfnIU5TV^QMQ`wE^U<&1fRIu_Fn|4&KqF#WprEKpLnVr1DJJof zw4lR5?@QW2#E5i`TUJxlL7hRfPNx&8(OxcjnL9#^3ViA~L)`8IY_Pp!aZf-4Y~wTi ze>7Y~QX`JKrt1RZ#P?8lP^Z_lXC&aLy=aa~@VO9(-}@a^eC=JW@$kqBej5^EM1RYx zapTALrNOwP;Ku1Qzrir;g)HeQJ{0R=12Zc^_cI=doNL{@Y0d|~lFZH-$@g*Ts!G>y zPJ?%*CNqO;{+Wq3ibo_8hxSX4Xv#1LUR}%AtRz8sp~gJ%uq;`doGBfWiZYe+vPa^5 z@a+5Qta#UM0kQLaaS>SY=GxhLpe$(pwQB9HwIrRY&!=jlP42zT`)PlwzG8>~(~#e% zi?3+p#-;njLZ8q~uKvrFzm0uwB)9t4R#_OTG>DBczXXZ2*<$)HeZ<_3qB{OhsruCj zRL?Qw7cwZFJ{k_-wZl4{q3cQKr}zVo{N-bbqX%~-Ti^ZEVSd}$CyUPGMKN~@r<5yz z0mT0XEQ0R)-KMbjBE)dA>k$OI-VWmqSo{t# z>qLL}^y~1z^Y#pZ%X_jbQ#-;ntuyG@IV)?_E4S3kH`I&B)XR&#&lr10%F@C8lDtC2 z(+QXoDOsR;_dF|$FzYC6(Q0Z_1Ih}8m(m@gLZg#h0(xlMr7HVYkB`r{ff_qMZndfh zt!h7gHA2Gb1Ta(#U-sO+b3mCH-^rd9>*`?yTEaN#QCrT+_@`(VT_n zXb%y?8hB{L&~s=sHy0Gmuxa>Ud%N0Gk|8Z5^zkg5)*)L7t{@%1u_~ubH=nW}f3hSK zK5~wKyP?noGZ9i#@XT6wS10P!CG6~(F+Z))ij_n2H0xCAt|xmTW?PP65bNcwSxE4iV-OXES1jl(do_a`ByX-%MBRIzhmTgK92<6wO z`O&wPN2IPX7Zs&3l@U+1ktoauIi#{O+J-dzQwSq`q#Q^R4%lyA5$7XQ}8WUcC~gl`1!^ zMmZky?A>a!T9o|UVdygUI{%A;YXJP?s(@Rm-kgT*k;k?D_=~Bp!zOp~;CIW;5HAWm z3b;<36R!{9zG~EQA?=}ROHrn9p0&(&BwZv_CcOt8>CSrX+l{b5|I#G1YfU%A>Q_Sizc;eQO{Uw&}8shpN5HwDI~ecuEAZg!5)Mr)cv)!$)HZ< zwPn*}Tw-}O&diqW3C!c|WUM-y-gQNK+YKkdn6x_FDEag!J+B;iCULwCWIp6*%c6pa z!6WlAYoPvXZ+|zjw-)#Fk*9i#%+iV=sEqa#H!cq??-l0_DaOO+-K7TNktcuG z_@q|na+w?909+?*=7m1R=F^!m?O>bilzXmK_NP_KpC@S5CoWL`JmN!a@&qch(4e(T z*yKnv$t}m|6SG$W_ZJIo zx3i`~dfe0ma`>PJjlT=R9}|&Yek<2=et8(1P3FGSbD+!f7yG>=%g-M~9AcI}N{E+^USGb~gPe6W6d=b2T{$Dl z`$xw!y49OkHAS4;K@Q*~-N45(P)byI%bsuY9IB^4YaXLaqQa}MFgi1pbvJC4#7qnK z$jW!$H-vNM?YVx2B4?6NicjBsE8x7=+yHvF-{?mDQ71M%NLNs9m!?e2jS3ud+2d>r zemxyH7gL{hG|n@(6Ec|z2(}CxnCA>1GIYb*2qji#S>5~-HSmaAr*L!4Kj}c?ww{o1 z26E>TC%n|m81%F4Gw>re;ZZ*r!ei};M089&%6ZO#MSD}zsNV%MNQLsMOf9kxa7LW? zifdkePD5`~-yp<+sFXb|Dz%qPCxNY2&uwV0hrY!LE<%vRyvi^<3|e;ObY-75Box}R z9@nLf1dHSB-?072HxTRr6v7sn9Mx3M`ia!6$cDq%#*(>L7WF~40YdMf=Rl~*OM-bh zLj3R}wI;C|mPk=yMSL=8*LfVY8!qDgvuIguB5ZEXbee9WxPrTWWMWsxT4G26e)8_3 zwnV8}voKmSj9~&Qj29)u0arAmmQx3D5L#7<&l_b}4MRag`V(eQOMyV4V7D~CvS)s5 zT*`X^Q=Xz7qYw|F?#9dPvDmz5EFiS8h_$5s)>=NnvA?u6>=gN??>b1eFPzUTmfnxx z0lBKX$!GHiB+vum?Ecku=JAE!Pr^;cBzf1^6*Ps;f5LsZU7^&2YwcV--0`kB`^|F< z4D7-7{^ByCS~GmxWAi@5L%9v#?T{OVQ)Mr+tHO~@`xJlR*TrzY)9?+#(9JuA%Ma_N zI?lL1MK86!*S3C_%KJ83&X&$x-DAxcs@Ohs0;YZ5aFQYX_hjB=8;I~cBgf?`i##Nu zKJXafRmA9aihg<4F=HKn3a{-4-NrR}LTU~6BGDzTKdnyaW9HmvVh7FzhfKa-I)0c! zKDvh9Y*`S9P2S@Wixk`)NOa|89R2ptI>lS?GAn+<1G>$BVSm&F2i#OPr@mB$DKZzL$78CGhPBp(xA6M9ZrPibBq< z5rIZ8X#m5~iP^|5c3kZIOYRajm&1iWD83cz;sF!iL$%yV(M}_`!+fS z%bu0-y=ISAD1_UaYGAJgZ)V_9^e}(mmxE#r%cUCb7em<|_JSX>%@qObH7~T7^DoD2 z__ptD>|L_iuu2g#{1}Pa=8C?WJ$nMfGF<{n&HYS&c zjDvAHqyWKde3ulEAy=B~O)kAxSCF&$V^*(*LpVZiah_NeYB_u!LB}m&r|mQn4RdT| z#nQNGHmMDzS{)8>)e?l<-5vb|rUgl0+sQu(49VPZ3S{x{oF@ipPeum%Pb#$iZqp=( zp6io>9uZKgnzR;>Yh9W)P=1&azqWWP7R^Yc%Gc&>l$TT%$pno+wFRrxJCLjygK$%bwFJ!<{us&N62mmCM zsZsyo<`PrkddEu*EizN|13`6}-ID_cMC4e{%=c{nYbyopQuKn(_prb3~6w`zh`;O3X>RoFF%d zCj{DfIHGl3z|87u!JDdBA2kGWeN~@n3#|k64wPSN%P`hItDmrhT)T8`TZ`lc8+Z^; zA3fHwAE{a0-6-~AJT(25-dn#@0IM@10-^~YSoP>e8Wt>jaqHZy^ON@l6g!i6Fj!fi zlqtSTvR#&I#9GKuWSG4N?|T|$Z{A+c;KF-W+P)0IFDff}(q?;ic5Zr7DJyUGWJA8z(y$Js8y zvoF;h?cCVFGN{J)y>o*nJNL9v%io%Nj-V6@PSt$P3wOLfpxiLfX0f~_jXAFx@8-Qs z$sllRRa+QWr~(9*dKrtAG}`^PoNu6+4yE&|tq@!hj-t}FcQ=0R_X@PJO~2D=V$A_v z*OI41a=E|0672s-K3V&as~o!;5UAHQX>Zpbp~@^bwGUVUz+A)x1M{gO?gDOJsRI5O z(_7FaT#3S9^nKOOu;PWMo3E(HfOdkXKBdP5c0#GHtjB;}ia5XVxbIio!^OAOajIU~ z!+NoBd)Zz6kU6&oM|i{Z8Ticl64vtuoS|m*$ePrKUE}npzOhV6U{X2zT5_B-9o##3 z%IWBCQ@tGbl!kW8K&tB9)!b-QBeTNF_D({HRmQ$CTMV958icoauR#uWE(;-CoQlHA zD^!>mD%S*AT1 zetn$c^1i!1z7{K2d%Y#sf4zSM1H8_)Z_(afAM~S7Jof+F$oF{_|~|?WR@y5;ZzgEe*!v*_G;;0Aur8IW^w1wz7!B zvlE`?qCXo0SE57qAfa71sqtopKI;|1#b%dW5Fv3Aum@7JrKj%d&cm)_u>hUcN5m=1 zKJik`Z8_2p(^AneO6O<^uP$wPKY|Q_xYFL)Z&2Nf{|UN;beZ%nOPmivbrRQ~L-L!Z zHWy8qee#zV;Ru&??;w=QxDnu#;wQ^or8rrJOv`%Kb1ASua}V<;(%j<*NSlaIIMY+m z3Dm9mMMpf`D{HAe#*S&K|48a_>YY!T(fR=}Xd$Qucv{Q^S@Rkp8{I!L^aY`Hz|LlK z4J=?Y#dN1~_KaX7zwhX8KQddtp*43(t#1Wcc0agbHbyr;mBCh@P%9nzp$k?CP;+vs zlv79eB)K$|aECV%p^BGNj)$dFehz1iw)hh0`tGt`t z@mH-iZ*58~3fo;c0TeQO@cI$#JXy3)^&y9=0GkgH&#%8`dHuH? zw+m0!O5t&ctq|Ctq*j@z_tA&18fplsu8!+88sxIaV4m*=0{st8q~Es?elT zs=1Gsd_G0<{-lR3V4S}2?Td|0@0Fd}kb>h}Z+%MV&qDgeQZJq8YTte|u!(dNxJp1n z6^JY>QR9#OgFbki0w;Pey5*1HO>%~Wekv878v|?%bo(IvF<^|LOA_7NS3b8dksK1i z_NaD8Tpx1>^atNaV7x74!*m$=w0cD84YrfqTBFw<-D>Z12~_3a4VqMp%i6nZjJEfb z-zj?FPCH`#9n%?cnXag)Oz8!+h6-}B_^XBEt>Vz0=7_iJ3{x|Hr(MUbMwc86n=jK_ z>5h%)KQmj85};D>Jl#R0@MFyMBh;v*HWQ6gFrwM--mULg(FNbfZ`J%|D<=L{{ItP- zh_No9EAIj)Eg|yBtvJ2}pTu9^-C$-5Jfn$mBW51^?xpTp@HTLedoQ{J*f-?xUI+O; zy%qDp8!3shn9)UcYWv<*`Wz9RpQ)1owR$+a>#{#hn&-#Oo+k`rp>--v_YyE{r@B(h zIdX6YGHWZCJf$hYLDOTQ_CXW?*axKPOJ&d8z;PbYRm=97}e|BvJ558GT2+FdOu=thPO3hdw^ zk=RCkiIxh?x5yiAsz07V<_9|-vm@y)$a;|%Q0;`WqMs-)ckdK5)x_glWxGY1Q#t8d zuri-sU;6$7O-j1E#P?l?0)Qd!EQVx-hSJ|5FG%%lvWN;zO9W@NI~7Q=Fy86|+3k}C zCT3?7b6qx}78nw%bNz|Qt0lb98AvkSybem{LQZmQ-Cbebgn;o!2x6I)3*ZN`%kn;C zn8QM(R;qQ~A}5zqVQCFQt2cbMCj)EP5-iGt>;m}@O@mvT&lVA7t-jYGchS*hYkyNV z3rc#1QbCbk`4yBxZ=Ug*s?F;n!gki=xyj_J6#-bHC(*W#?cpDw29n7}5p9AkQ4#@b zedhEZ-^3bPaSPym=0p)&LeBir?=`!cBOzEB^3mA+;Zz58I1M~T@rR6}Ac-k@ zKs0(nZQ1ax1>&L)>IZS^Qv>R77JuVsg4k&%Xv%++1wO!OMG_fYWX?^(o{MD$!~NOX z`;nXj%(Xe?jvWKwlaMXfMSr}%n%UHLkxPbf&WBovWd2U9SMrD0raHctyTV%(93oLD zI4H*NlnafJH0mc=j+nBSEn zJ921ko#y-v23ZEcrFd>;qikrtk4TaJmC~c~g8>Tkx-JZ*dIDTafM?;y#D~_! zVGt>IV#tVYfOUzlD9M%^1_9Gwm|md?Caz69^sCvWOnClWPAz`O;i3&X+) z?QiM=M?U$DU>O_pTsGscPwurb9X$XRDmy%~F#DnA2#VxryDT7M=a0tb2RtiD6Ex?ZSYNU?_9+m)nJb?O?rE;-!*1Wd8D5AY<6+{fT^a%7!nbH@eQVSsB+*)WnKINgCwZ(-DkB|ZV z*%9Z%$eEHzUNH`qbuM0PuH1G|r_dafGCci1aus9f_6aYRZ}Ru|K-%e|Ph{LsutYst z797hx76zr^kN6*$jIv!P=PZ>brHMH`7AA#?Bmr%m{~|>)$y00|9|oW_K+9K|Q8%Pc zaBA&{`>Z)!BQlgi$eK)zL-)NOg4nRuqY6XS%Ja^oCGxW>`hTet?{K5)C=Gq5;J_`V zAzCE0BLDS}E0Cg)eI@wt%WwbA=GadfX>9w*SsV0ffd{rF$xG8uU637_aTf!Vq~1Sd%a3N&dqpK?L%7>b;4&Ma~r_#Q*^a^yPR6K$LaWSWgXugjrZkDd&V z<5eo|!WaS^T>J%Tl*620o$dr&9R`{Zxox-Atf={Q*Um|X(F~usu{u8uLqtNq%v(%G zH95)&PfD~n%DGC;woFR2L+(QNRZyJMP`v#TSiti_%KK8t3rfTXTEO>D`*Ni|%B7hx z3oe0L96aC6rUkt5J)2h6Q@}=dD7x5p{CY@~!QzkkQSrx|>?@&eb%qx{QXNbd`vr^0 zGZ=8vtqC|9Wc@FcD6CDE-8zGjB8R|*Zx$v2e+72L=8WmJ687yzV?6eaCKV0{x? z(CEa&ra!ZA7krc;;Qwd466CC!iK7>Gb}r3QBlf$e{^Ta!-PlIYn=@wR&o`pSr*~RF z(~@y+Ti;!~aN*PVmQ|_Ph+x)*5fKuSmN<>gv7R~YY+dP9(%#_`&)j-@RGCU_?^xG1 zI7zFz$u+s?MIfBP2LGOs*W7z{hj&3Det zV={|fJs2~#CpI13z~$=wW5yWJfczx7JNgD#cim!#)4iiO%`c3#-PmI1*544`+&@u6 zKcJ-_TUNDiKY#MwescNjf2@L!z6ml_;>4LcLXS42NtSaWa`DWY>B*^xQBipP(J;Pg;PzmR+5`nlF<*yyU_i6#o^RZh=0d-McBsT>Z-& z&I?HUzkH@Uc171UF38+*BG)U-aw8^#-4zKu^AtX4+NXEnb6+><+e0=xb|6DcuO8d> zlV>$!-XO#J&jz7R0(Cm_s!2L%u%d-eX=pK5-02`ofnS~kLZj=t2fG`*Wp}y3X zzOSlNU{1q?IXu^j#n|{M{2ze1k0NVQ5Fe1IyD#zJU(DTpPzF`Sgn})j$P+kF> z#+QviG)*XcRm)z{A-7jbTE|PVgDPsF`_?VL;<-~R!ZxT-sxGLy>*tjm>I$z3iix&U z!waa|3b!>y|DU1wEQ>h+gnuc}(n1LtFs?*dHTL3g*r}!9LsQOcKPdEi{pcRLMS@QxhQ4KlC7CGFQdbRyYtUvuaCrKIp za{6+r{@u^5=_=jmh6)`0i)qDg`BR5*ms{f)dH94!vV@*!2@kn5yLM!fs1p=07*#7O zt52&&h#llKH7@lZF!7>E^aD8qD#2;x{!yJ1QugL0IPZQ+Sg0OiU5+Fd=b}^`w}r*; zvB)wu!0ZOM)?4lfFB9H)I8*zysUlwea9uEI8#qCDilMp5x0cyMAdFE32+bnrW2z2$ zi!a~9FpKeAMn)37w2}eV1%A>@x|4ut-j#M@V%BrDp204kZ^<=3?OrJ7@s;3yy0(Y` z3!@-?%q{)xYtSMCiC;eZymTK(RW$wPKlTW1@T6|EU?G

a@ZlxBCF$P=N6>h*TT& z<}qr;*|4}r+;dZH>J{LCpkX(?p{tLNpC!^dh`85Y0r6xB4G|I+%68NJWG``;8Ej!r zC~ur$otXoo7kE)lFxLO0sX0zxEqXd6?qCg>)~Lt$IV12o@)$bfiMTRt_K6a45O>k+ z!v<3$df#Yjd!n=nsbv0WCKRG-pzu+U|A8I!1z#TlpDtGY_Nhe`Uf!8o_75PhpdqwW z@JoJeV4Lip*IZEKmU;dOEVaPomfxF8$$388L!xC&5kskVd8ADd1!MlQ_=LpMb6(jB zrMRAL_8US|=b9yxaSbJEVmOv9aZ<1Dbk{Rk5#w6+8M_i6mZ zg!qWrWT1wiOTtrrf##b8(dM8Y?l`4+e6wBz@hnD;sbI{-z2kaPO#~=Mn$?S`N`Ux$g&9Ix>i107F(GPWi zb28j-esJhZdV?9Xc8a@BhGE*w)%c$SDscN&1HWW;DsX*Gxn~Z$aaGkOz02!fy$mVr zw(e?HmztK=%CnUI!uhd<5!x-#27i^gtE1 zkm0%mFj4|<>(jikByAlgN{5{WDME%4@>=DYp7LQItwPaccVSawX2!%2B3z*umwv1p zO8%7l@}g<|w-;caYRBir`)wtwIH+++o*+CfPaiEEo=Q)H0sRLBV?rR*mw3idlD49f z_b0?iikLScUHHa_)qBLyv!a@u+#Vcj_W zoEQBXwLp7I;NO(oUwYooC{ei+*OI~F7J*wROVdB^O|p)bWmc@w&X-+`>^j6ZQmW4{ zE1eXmb1mkXK9b3w4OIZnfGLt3c5)a#Y#S9{?L@Z1;xvOKSwjcA_4&=nqvO!u895~& zmMVjH@wp<>t!k)M8}-!Pla}UT&v|nI_B~QXYt;rV9F;_bL1!o>W%OHvKYha1GgqHv zaCv{pEmXY4ma2*AcWF@Cl=)%|eC40UJguW$mjQJ!gROBWmwAR)sr(73z3NxB)vInR z0877pj|K>l^y05k)w3bk`s zL|2YqSk3Z&ESt@52?+nzz$3#Wd~zjaT{C7wnwZ zr)myYaERDXxizqF&yqJJP#F<=N<}p^;Cgj-*;R>eN#nmaG4ybFtABDX%lb8BgnktM z%AP`PypWllU*28kY7}SdMw4)EFuV?7%__y5_XhxGsrVKC%Qy0cfl&;@+1byTjE0m+u^O6mkNP6$}?e{ z(r#Z1Mz2(L*=cDUG{d{Yr~)cn`lsW^e7bag`VxV>kSRGm_&{L!A@qOh+ijK(fpB?a za*SGnJ?lr!&9}CW(qDEIF z=F)lAgK#aipy^%F?I*W_T{hwl# zAFozU^1Ep$32{*Y9b(HX<#uhnVmy_sE?+>9t;Fn5SzB57Y1eB2l>JE<7Nt6Q*UE@+ zRukX>E$Kg1*#?x_{w`Kx3w1c)ujs;Y24HhwZJBiY&}5SwceOBf2T5!3L#(#^0`;1l zWrQ7m0rOZR*HtIaC7j{n5e7ZVb#CrYGI4~|Y8O4E} zIglu7WrUmpzp+_&=haw3Km&1F6E7&9f)15B_rG6&7RcM-jxj;|SWQ#rjN+(0#X(5D z@*gMz|L?%P3Rw(0r8|#J5|iJ=Yo2o$cDEW8sKCt2b*di#p2tc%eK;uWp@R+^ds&ZaZ|MHaYE@g{x(U$k zC5x6Ga5K(!hy(A@^>U|+W1nN+7_`j4g15RY!cM)dn-FASFmMf=v*l}y&W7;i+GbOH z;++PI!2ZYWFsTEyoWmtqbT}J+M+LBRpa~uKo+zazQ&C1^DF_S9Cp}1R{bYt|AjwAH zNiR0#ykK4k=`{hlUko8(3pBa2pj_NAdVVQ*Bw~8SaUL>OA{@?vjjW7YK7#04sukct zm@DJ*rc2IhPF!Yz(Z)e00a0!ekOBi!Xi^&d?}GREKZ18aN1G%gK=5V>0SMm02|aKt zm%;$SyUb+-C2>3{GEx_pB}Io;0YY=f*7*RM>E)09M65DYBznXFa(xVH@=^_O+Kg` z7A=Iph2w{_Xpc3_=UC9rQx_(DzsqL)rtP)x{(3#yO^@Kz8f@!0GG^ch?19m|?ucmm zL)lQ-SXK&Vc!@)zYkZq?0Fc1R03!3&#{qG@4!qt-4-{dL&WDCq!pLz)><_(xIQ+10 z?wL$W{NbqNGkF!u%#TW`9W}vWd_3=cqW3o`9FL&)BB9E;9Wm}>ay*>prQ)tq>!K`o zsf=ocX>AHNG0(^Ki1>Q>-SGBfQR4JrN!@6d)fS-7$R7Jw-|m6Ll}AKgD75hPK`69) z1wqMlfWY@F0|KMyi|i-l(V?(_s$&9w(w&~)gsFaWYOp)>Mi#k6a);(uFnDTSX)%at1lBbEP+Yp4^BRI98e%N?;67`cZlWJX!gK(L&^GCsM?%13OV};RJ zqi*T$diX&fk&WK+>036jHQSjI6|zh^4;FvXCdwJ@lx~i7M}-20>Cf$)NIa2#*snP(8}n z4~$E)g=nM2mkM$of~0BDgwNL`(+`!iG6$d8tyKIKDQ91J^3)KUVI~upMraXBrr^1p z-l2nX=wJD>?|OD~VmPE!{Dw!Mz1B1Fr@S^?a7U+9LdytiA_nRvNTm@V{^hX_8+p3T zn$nz+>d?1xb`por@+@Xz;$H!qhPNfAAVWhN@z51StlM(CqojeP7ioB>(L_q?Vjv9% z;qE-`3=p{A&b0K6){w!c-36_-0(V-BFUsU!zZnB2y$qye%zyH!8_NI+{EvXD^;N=x zW3gHNIh~%vG}RpS%fA9Q5J2D#6Fti*?fvT1&O|ihIkNk-fNt{rh%XCZwU3#0h4Whn zZf&#NHmlBgb(TImXSXs=xQowyT4RrNA9JO}h7W$$n)OEx-~?`nH2M95HNH&TXFFZ`10NeXGI*i8E>h=Oa_hhtrJlb8JIK4lPtm{gxUb{a% z9xyxJutWDB&ayut=v&+CEnRyUX)aRdjL+bDCr*u4Qm%FyE*69*r0#Q>es)ofz)FQ9 zspsXDlhx#G*hyj@HtZ>IYSCs|`zZ@=PsRAIqW{sk1}Kiu&a7TPwtN#YR9+OrW_OD| z%DOhHQKbw4rMx^ah0ns1kBXcRy|zMVw5PB!%>A}!9uI#RcSGAaa#~QmkLB2FmkzGl z2f|l)&fs3#j414`{4Y)$xa{)yhbnKH>?_*Ojp3<~LTVSyMvG#0o-{6jA7%2^TwSoy z(d)fFiOS8}w5>cJm87;t!!(mt_`j<*L9Hn!my&-<66AZvjF?1ZqaFK$4H-lu*AMP) zdM>1(2D*)r<;tJ;5}KPs^@3y?UT|qn`i_EMFgM6 zkKq@7|6W5|T}4Z)okNpGd$sz_q4w7<*5YbY9les`(cg4o*_l5=XIvbA;r=2WiGw|} zkhd4E2l|%3%aI2v!r+6BX}eyC2sAyauzglGdE}l9sRoc089cwpU_!PuYk}go-Kz;0t`IXhp-9n z4LhF$OcL}BB`jR>p3s3#J%<}+2T$|g%${6^n2IhTlJ_C4$Hv!rzydbzjsb9S1CO^O z%!&NCfN5Ec2ZXh6qMyVyoFz*Qq2&8px2ttlb#CIMk%ryb!%PsyWSdTd&yC*Dxi=K! z48~Zqlthg3-(;{2`xjgC>1XzzP5xPx=rFx@IE(8r^;Iyzb{^%ExLV^_VKwV)fq^0` zUn5;^kX4UtfrQvQ`hfL7(JYmci)Zqf8GhIT%Ad__yn%F>_wv`x;=I9xBhnv8->H}1 z;07=4hcmbA;k;mP<;5Z(fI{hC`1B;nuxMlH;Uy1Io;`eNK zL=j+wW~>cnq6wqvgW_1$S+cwk-&7jQ{w%IVeLy>~Ek_u%{+i_HizDFz!1Z_la6Q(% zg2QwFffOzPvkzA+Vl>jkj+xX7gI?6*QNa&7>Bhea@42{*R#$ZJ z723}Z15PQy+<$%Y^5^|RbyY4nj!o@(NcuJ)^kA^myyP?62WSr=6(-~(-+)GwkNz%T zz!DKcFyPAtiOBs17hVvXF6|RAGna@%3Q{mU3jDv*>)_Q9J@0-wF=xGsRmjYmhcep^ zsAZ7U%L)nq`ZX?JurR+`C{}7qnm`98;Andt{#s0<=n=<)HWZZxY0PNw!F}m>*8Q;5GaB*0Z`rPN6Kw?5$!G?VAE(2w*&cYmY_vYh_X zlE8_7oBS4DzIyoAC&2Y~HZMb(FLyd((2RCVlpRs#j-G5J&_%l{pCcQqw@8Sv<2J;f zAS&=taoFw0;%k+viI?AQ<*rd#3Cl)^(blfLxUf*%TOxvb{TWhnt!43WveX6pFDhx5 z+FY`#OXR|C$y|Gu=CXK2?58esJxas7`Tr@xDiZrmdwu#LMgs`cVT6Qx(YfdhM3=4|3?y2$ghH(Npk|R)XT))@l!gj;VM-h;mGzR~+!k2qi!?&5G@342 zVmeXAafY5~Azc-ftMS+T;mo$;Mh`Fd^7C)eg#kIwzANI5(+{TAzl1!rknBZ!Q?-ow zdH|d$jI_i;OL=ZRdY+980LTrbDzSKq25SWZFq$C#Vo6Ta5%+iwb$nhmLb^Aw?@fA= zhdc)t^`#IZ2`22Aj>Dt0(MfXCOFCR#V z$WSI&U&R$I(k0MIq;pLP)Z(4~=OMbyXgK@3bMpK2C= z3Ue*#U~d2bLbI#Wd?=ESmEmiDk;rzQx{@kF>?g(?PoS4Dow#O9C=y8thgD;j8 zjPtSF_+bUU9Hd$KoFjcB4!MWrRjx$yB18sIYr+xkx1b{&*^nS2qu`2cWWW#rs^=RXH`>gKiI#KgmJLYD8RLROrTevr zq%znNH%f}CwCLo4U!Q44gq-bBaPX;7Nq3@idCq<|ocv7KktV+skcb zPralq$wAgFjW!}X7ES^4OfU+#+obj$09uMu_B9)%A^@R6#dl$Xs0uiPQOLWl2W@`m zqvDHb{zL_|?Hr+Ha=<4YYD*oaNE7vfE8{8qBz+Y#E1(oPdkJ<3{9^WoZf@E@eID&c z(*LCAwwn3a!SF5n-WG6WNUNw6jR_#CJdh3|j{uEmOoPYm&!LQGEh0R;oO!Og5nc0Z z@3GH372;ltjd)=NsKXmj{I2M@bb3Uyj^pr;moSv`a#P~Ldi(m!5o&v69KCp?JV7;d zeUh#c>v)$ZYJ};KYQ7Mnqjywd9@APl)cfjvO_wtA@NGhZxX0M>6WUauMxlx2LTA7L z;qIwF!}QxDb8H23Q&OISK8KM(glJ~axO+NkP~@|eDq9`b;89ZfmAWPM4AiOu?u+u^ zxtO|}k7KT04Lotsre{&4l|kZ4Fa^=9-wCL~v2$;{5AKXNZk0wgzowD@uBW;u1*0`Q z_lBrVe20DeJ0`y4_=(l-6Cvt~_yjvgSBc(Auq>N*7-Qa14VmMY?g%Q$7b0YQZZTps z<>(K1>Z&_a=ol@i=!FDD0lWUIY`LH4mXIsQl?It;eX@th2RUsYF2{P=aWIfs0*)|@3W090QA zgbd3*S~T2AK$K|ExMC#4)uV@AByMpNSHTm2GYiM#2;wx>v#g9Qg+USfD`4M{VB}BZ zOf?c>(jEH~Cxz0ygoqNRaglLf664#h!q%P*?E&~thyqQ)7foYn@cfJTq5SrBk~N5;18=k!4hoq}+nBIbM~eb63Y+R- z50FsZmbMg$1QAv`$Nd`&Ek}klwG_FmO(mLqkw7lWdgk+pP@qg zl!&*E1OvVC0UtNON8m9wQgt{9=0%x!>u+x_*pcwElDqHq|?ON zH}dTI$Q>{|l`J$tTQg?}&O-Y%Yx%Z!Xu`;SIc}F3^oOZ;Th!N&1M`DSgqCkl1(a_i5Yav(48wfZtcm<> zvakI~*nMy$q;9|asvxL--8VG?!~eJ6Lcg_^jXmvNaZA=9V>!7)wwLxRh8}UGY*5^k z@vYOqR(ZNKuub)9v&J`pihTF@9XNbj`#t5lCZKkqm%me`ArSJnYSQ3dOZ@4ldRRqt z_3taW5!2o}my&`x>CJ0iV(?GRLfEJF*ZprGVoDa)t6n!V<-(3P{x^!mBh(Lc?Ai$* zZyD4Zl+DV2Ac?kUP5qEi#`9|Yy)(#M$ene%*uQer!pKg>tOP&ce3e|9QZaS=w%~|h z4-I^w;or$lA9o0wpY9R$<$q+Gs5!0-$rgm?JyTK9ET}KTZ==LJGoDIsq`^A%9}Hf*;m{OUY~PB+Dc@3o z(q|x0UM!^I;d!||=)03)0&smxjW$$#HVn}?;yV_g-e3$0FbZA>XqksVFbZqHfki&& z0WfHpfHt&DSD>UU$iO1xB|i`t1>X1c-nqh^SzX!@J{4%uX2DRA(yLoS_QQ{jcw71< znd+9K8GNYrC=3s|`;HR`Z>3uT@ocreBxob2s<-rS;BWcxL?a zwD{S>#$Sm~e?GZi&kmp&b=5Dyqe6=Z;(T^JIsMNLD7&L(Zg{I~auw|iVrJcy7uAd2FH(y84BkCaPPg{Rk_i$;TW9O$5YjI5ZE2F&w z--<$35FbEy(B*uC1+HyHIX#Ma#;=#E*1sUa-FO&_GoBvd%jI)!%33HWvC~l6{X?7E z%Q8{n3bz7PgQ8=kD%?5^gstB&_ExF4m~^3U1Ra2%ep510Wa0|gKJq8zg2Kgu;D;wE z=t#7RAWJ?ZKMFRB2sVCu+p!C`clPFP{H9Fj8PoAF^f*1FiHs?kRmQGQw5y zK4CuHNr{cEWKktTcrm@;j7Q&0O!((DuS5nUYbt;nJ%pmNOLWoBHoA;`3 zlzWn|6fe~%hV-j>IQEzBK1%~yO0&8pzhjJD+Z@Y$C?CZ}I>bi!;X3Q8sESiUm@Znh z?>uVkai}atc0J$R?p|BpiE7)9bfPv-+pf5y~xza@_0C7F^_+;NC`~sLs5r!tXv=dfRBQzjBkbG^kNxhiZD{*Xiou%)haM<2qwWu zU`IH(YhaR-7BLafkZ~7e7KoSC`oXXlyn$WaUMC)U6`Ugq|MXzPh(>J8ul#L$ z)^sRPZy7`8;{jis)x%hNsebp<>NyQ~9~UIaKp0dYq}AtH!hrR`I4SHmJ=wg~L^ozb z?>x{1mp{P(IplP13D+19N)q?!75A}ujl6ax^`>lLX6&tb6pQ%$wdO&ILM*#CaICxl z`t^*C-ut-Qv@_#g^`JdJEdkdteKKcbGXS9j90m8OLt_=<}ZZUn*M+K{wTTIX?8>U^T37XYD zOH^U~ZNVbtM0iw_E~U0CYOnm9Ena;AhK0pIP#ndwSq%VbfEq6x>~ZTK3q@*hset2C zc=*=d-tGT7?!Os|vYA+5Y4s+&TK=J6YV8)fl}h;eb>*9~wWo{TU)~&~Qz4CY4qCW# zx2qn#(dd@2dhHRzUCcg#F&Efz=z!U-2FPGe9O}>WL4|?G2TP8EK~x7NMUbB+22DBB zlDoauKOJXxjE&?=)F9hE8}#ARA;)U3GxO zwH@OJaQk|S>?sfW4~GAU)TC1mqZCA#iKIZzW?km*_wM5jS+{tfyjYd2_;cbr_XX3WfuE;snCKDXX- zgIDK-cHI!qm%360r+ylv#phHNY@V-+k0{KOx1ZKF^wsEDv3HmZLy^i{y^)eJS)Y%e zLzqY80@=Mdv+g6NcDSGgK`RWIM<00>ZBISA#ZPFfzS-yx7)CM9lK}7LkjlZ^~2o?ua{e(wbD|pGkg`^>!uM7)ZodCgCTBs zhhiQj#kAwX9oh+>IPNg`misvrzl7Q1OZ9^frtog?#BdVSs<$iZ-GB8SRQ!PM#o=!C zQo?R~0?k+H2J*11FIeE5sLfAuQQ~ZlMIJcVn8SqS)tK0x@BAGf<7k0(v%3_Cu@)wI zikTp6rPgEPMH#5&LlnbwQ8GE^)x4=)HlW8_2i1-0%_qbpCH|O++D_J1Ht*vz(Rv{emtt0+1NOckAAJ$NrqVZqpPw)$0f>fvS;XamrTocfq%O%hg$GwM<#hhae{s zMR}6>F&l3W0=hFj3~Dwl#VT9#I7DkJmHq0;^+fk19saLCEu+PRCS%o-RRDS)b@~Z- zG_dQ?xpXo2R7Z8%ylGXSGwzgC!yK72LfRmIZm2f}1gIeSYJO7Tjjz!S}1?%;(#$Za_-Cq3OY`GyQj!BX%FXOL_{fvF%J6da;k&6L+^iBT*^d`QA{e=E= zxmnbD4=~luuHW}{rOF5Ea3lWM2W$7gyAgO`UZREOM+#)_e}JfBcd86ik?)a)OtEF- z+3EklQ$zr6aN7!Ll@^V8)-|P=8;XO8aVNUPr(1zm8PUAezKOa%oURW$Uv-Vq*<;Yp zvUYMK1TeV(9m-wNn}`@6!d$R4TGFLq=)DWu=4Ir(xom>%b7fXKhGyFk*b83WW{d5_Qd${?4?LML?`axA7Y$smS4@;#f+9l;7v5dXACZ2U#-8{Sd>4aT-6&N}3{|I@zG|Mtl2X6<{ z8p)g{EnV@IQpG4U~`c`fPaHd#ahaUu^`q;x7&SXcF^c4kJsoPbI z`8LLyO z%NNuBL2+7G(;_s#A`V?$3f83M9oip%28XY#d?{-zeQzJ(50Y+XRzhI89{s$iwR-t* zV3Rzom>Wv(1}^(z_DDL{Sz*VUKIA)&^+NAid~aV+s$OnBMVrhp))>F-`0|A2lgs&i zVqFz_cPLO6dA{EUCt|h|sa!?~6)G_Th<8 zD3hK$G}iN}2pMAoKCIy|DGaDU_fLqCZ=X~F3O0{c=ewUwR zk?T8Gu`yeZVlCn@p^K5rOI7Q22D^RwaQr07e|VeU?YBCxQdnPl$ExyAy5)3snK*yrBBzS7VooN+?^}nW_Q)0iY8+v;G_d_FmzmSAi~CqD#T5jY4|L@Kky{MudDbO z60)kPpA_v9EfH*T8S6ezYib?7LPU_atQusq=XeXi`pp=R(K8{3OGOYKH&U}+D$mCd zAe_w=r0k7%R#=&O%#Yd6jD0k@)&NcL2MdrulY$(%b$J_J^_&L7+F?w7?e^9hh|xh0 z8QO5BNj$P@X2KtAeZB4+Qa0#@dcF)iAr@HoRidL^>Qs`Fr0pt!vYk_+hg*b8EN=pP zJtck+^^Oi$=Q9sRc}V&l$hejn5fiZNsaX|IRYP@kd{Hy@!fQ_Az$@Q`0>lb%nW*@y z<(1%1(`A}_sFgy?>UPt4e z*g-6R6=~z|xTOa=k-b=RRj?VT+AkfF79;Fo)NAhN7IMu9gr_KS+6Gi zv*E3zKx-`x&IeOlPi<+yXeQB%(~dUd64(=kaq5S8qAh?vswtIJe$fS+&Cl;8UU zx0{Xv4dGYZ2hy&09aGe*n7+~TkZA>5wcjvJnPZHK?n-r6L)bXn?UA}Ru~>%P))N-% zmFJHgGr=KWq}Ao}J3{0y6k#lEf9^g{{4?bVPg|bvS_8LF)zgORAA!Y9*kW@}qmHm0 z%;Z_#H5l-3QVTMVamB3KKDE+V-XoqL#JGdZc>7`Qyfy^D+M)FGhU0D``;Tqt@ta3N zyT8dx5(RoN+J9rPhrw&okJ8094$HkW*Yw;BlUQRr3Fqx)>_@2MR@0hKSf|;C8wxBI zzjzE&@?mbeeeePkpF0@~xT}Q_`*TgQIKNL^j8nzkwOoZ67g!eTQ8F`Tx^QJ*3AsLt zb%dW9i|6*g+vDpGwzRwXL&2;RmnK|<1Ci)<5XokTMYbelx-nbb;^2(PEO)1;k_P+2 zvFYAHWyUPZT)9RG;De4&-V2El5bwUcF5$hcq&qAqD*bYpo9>rv7YzT61J)t3lns$asS!)B;K05Pt+~&~jCBm9>m&=>c+!1+gW*i-T~534 zD&xq7Bk_lXZ9TkIoABg3UKTCZ5?LYsQo9=vju#nKd(>C&F3@{`sNXOOIWe*AeB;xq zjof4mmUZqDAm81OGYWYBGL>iM@25K`3+Wt@HkR`Iz3u zZ6190==7tOkYfQcd+LCVBLn|AMDFs z1swsHHS^k~twFP&IA+Uy3X(lI**nVCtl}(JN}rli&5z<$q=6NuAlWimYgh=Q#+T$@U zM=~vS2Ww@%(QHcRk)7=T#2f}{9s8eI<1@el%4$|!^%_el)t(_O83I&n8QM&%fixR+ z1;zKX_PanA1`emu%n9|ABXyVbqNj_+3-z!T0h~_XqPIOrV3u zY^>2ayNQ0u54~*S)cX<7Q7wpBIdrO4N>eoae@?&Kax1FtPqhnsa(;~G;Z7AdajK~J zde-oz@-cyt^AbBHx&Yg0ubL!(efJx!dxuuIGH76X1H;am&XOw_a3AhQ!fx>&KE}%$ zula*{?3muD>+>~z+*8XJCX8&ywmpWIw`n4X>a66vmyUUynlneAL|+KP_Sz8syT(}9 z2(o+eGvn>CcfuFd%qOUo*uHEgtFy&nlDiUPzq1Q!3AdIr&$_$_eW6*_748>boKn6G860N}rWbDP1%l$wTAf(g2h1pd$bp|opN9vqtp9*;hjY2uIEj=GP! zEN;^S@8P{ItFL&(b9||@gV2d)@U7pxn5?VVGiv^{I0Vmd%%vF}vr-+DOpa@cCQ2il^!+M`0@z6STuu)qAon~-F%p9F5sb&Ta3o@B!Va7p9jVgBk5QD2XR zL{WEdw<@*Ygk_H%_?zybaV2;0dLdWbiKFgT3xy(&J5VlP(h~eOLe|eHwmQ@T_gA8j z)B?(x>2C466U29YwnvJZn!yFyTnNvqmOHxF@z>(-1W!L#fLN2Phy~Se6xgTw2?%v~ zP;XM)hy2|K^UmrH@`$JJ(s@^d2xCRICnnYMkPrX>Ko#t(4IK8E=2;LA!dWOT{M@>g z-m5_jr-(ot>+pC?Ino~k?5Z!PV?*XBoNWnG_E?gaMoMPO`oll@Ie8!f8j&JRWC2#BTKKTBfx{F>+73r;Y zCgjLp4vv@o`-qf&=V*|{2tRFx46FLO>fIGvbptwM`b;7@3o1W1dJALL zf4)53R2i(_ydpA4m#m(`<|JF%%xT{ZkZui6^%30k5z5GzcBiJj&a(3-X7L*`n|r63HZEd-B5tIvD6PbeypVJcV;SFCUhTha&l%7 z24`kq!60IsW=eNzel2(t&v)5%y?bZZyH(U!-uaR(U1e8|603f^L94C5T-z4Y)nfw|>BzO0tKS%V zwqekAr&$`Qah~$st;NQz=JMBwrh^xxgAI$*jhGTfcEewIw-bzE!EsdTOcdX z`By6_n&3zm_^8<%i(ZNR9(?1_9Y3BgoPv=ORu0&YQmj$7X%zyO5gp1#D~$79VOrtU zuk_*X!Me!ydyaJ&8!v50Xnmq8zB%qy*cTml5p1{#DwfDQ2~N~FuUr^B#M=z!G=z=J z*&_AU5-)Dd##G*@n+63#Zhl`tAwhaC3&a@Qqt4L}nt4eo8`6M>>>1~J^eu1oJ3=GC zQA0#X{tPb}__^V*p|4?yT7%Dw z%I*`xR!PXJ_YHIr@7%qA-=$JKujPr~7ts$xh1r|ygQ z`-u!I$*ahVeq6XvK3!5vez<5aG*)JIB@VgnlCtJLE{t2X?TYu|0aw_MtF3pTGC^n6 z_N?#KW}o;3TOy*V&wO7p&aD>>?o2@%^?eE`1SC-iBcYL3!7|Dbk2Inj;ZXijx)TJb zGgLF?KX4+<`y(tkyX#}Sn;(Nu`)xvEA&G3?;DW^wx919GQr2C|X(r!!g{+e#J%Nnd zru@zCf%x@sGDcjlb|ORghd20H$`%z_{XoDR40A7mgFyvAb7w%Goh<+YE z7}&d&4QFOp^G;U#vCiJORdgB@Y0d{iG!OFnWY%0XPrc}O0|ZZShzjC8^C7%~FAlPv zhFW=$7j-Xi$S3}mKVSumFFg@A7P93QZ!%|~rHx(p6WdFXl5J@Rbw0b!)KtOKQiK*q zyRMgZd9#B+q}!aCsg&VoY<`I-<*9NbI@4Ivi!CixxBChZv~^8(lwW=qKrq z9XXOrU5ZbMGNU9cuiKn2&6`DWCRU~rc@#gwHvH)zTJ#zo&HG#`R#I4sBhFgC& zoEmLpWvZEERDNF^ST-&rk4x)syKWMK^}*(%?~&%?TYF)*ynPc$Mq+qT#SWzsyY8YU zMfQ4Z80LZla);rOp=tTqdAk%U$HmRi=$tvb6nB);19BuADyr+hL(}+#euDN-Tyzk& z9_*wYU6PoEnNbYKxn@c|4bZ&hc2e6io3PveiA28-*}$c+H1W^_!L`B>2n(%Ur8fPu zZ1rbD!!l?bO+t`{EEhS2I(YE?Tjm;*mmN<))cS>JKqW!Q7;;2Lugi=kTv8o{;sgy^ zAsY$wl39r0{E5}zL$ZoF=5QmQne%rYc_E3$18RUlvBt8Jc%%?-J@(hGEelZbrB~By z)E3e6jKf_YS}_3B9psayT?H*b$LFx0JsVvOV%Pp==;(k@8{0ovw?UkG(il+Tt|#@q zRrU+RmlHzwOPOBlYZUVgjh|BjF>;q1=X>NFF-`rYXE=!k84k~BK&ZvD25jY!8YvPy zLw-Fs{fB_hpFuu2UFJfYw_mHJHFgF@1ITpGPngln4UDF`-*h9{9$&8r2EW37SZ< zMph#sg~~WDdIJ{QpoF2AS740xs zvQX@WQO>YrxLmC!-YpFQD}aehF4pC8`*}CQiPj2L*6WLn+6Q;G5}zTTk@vH#6sa_o8gl0WTPQ>dk!jxZQ7lxqlCGp-p80 zLvtj6rQ=D=Kvd2@L3|R|?+hthilY2={{)NgXHwwYJ-PpQa;65KPfXZmSw>3Y1<4f@ zCEaxtHTfhk2pUt$Cq~ZBlQ0IH|MTKc>}&Sv6?*SFO9-k0I!XFJouq|3qts^Tbp5eE zTCa*--DVla9UKQUmpL2B52&u%f~;v+64&;H!3M_C_lSif$n_Qpk>4B&ux=+2pZh9q z)49x$IHz8k6;Pg|;=Y`gF91>p#tr~IOWURrDSZ=mdxs*E(w%Tbz((x7W|(6$i5 zwwihQ*GnqF&+A(F90b2se|9eQPQ|VF*N5exx_~3f&X2!H+t3x}o45C^fADw1h83pC zEo7_|^3n~b+JNG)Md9-+xX08_NpYN?aoQzAL?WQC2}G{aOA6qCx*cP^O3_>%Of zyakr1?><6FW0FlZt;HxhQJ|$tn3&tA^hiX{*x}$XKOLLc;+aD*5B3ls6hwqxc;n^$ zWiw|6S}mP$uJ4rJ+aNK=4tE)ftDvlmw3GoPV6GP;`D&5vaDFa^rYNbLP$m((9`c{B zXgGB=-E>VLl8f&22hwaZf*K9yovWAXaA?Nf#!wM-x^}}~QiOUML}(uTQogK$x8MhC z>(gF%oQHKZ?i^13@AXv{v3C5pnt%ug3}lc*NG-+<{AKjFaM7`bf!CtTKt1L%4;vnO z47NCxh38x*7l}w0Jnm%AOHC`pu;fHvkdtn;0UTS6@%k`-m*u-^gE=r=nR_mn0u%ue z$&&tfY1xu~2TkgPWaW?}6Gw6T31N|ve);e5(&x7Rp6+Rxl-xGLQ*qn)i4LI=YwBOk zF}eD6(?CovSv=`=@w^3BFRHrIf?c#rvcD`;ZHNY=4m-u9l+svvl;@SFV{$nHBhlEE z=OvZW1eE?BNW~@=x|5(6hepYzBGhb>)ot{cD=xui^FR?Jrn`A`$r&~D6;iyYXe-O= zN6P)Jyde3=fcy6xt_%&I2HR6{&O2t$dTz{O@%60ygJf#NJOiJyis+r{P}2)Y)B?i8A2TQ^i63*+iO&gxd24nLn+eLZ;cbj(fH(*D+Ytn# zq6Y6=`6GnE2Jd(Um@fm1_RUO$AGo+2Z5%Z(oH(~m7orRi`pW~__x{^{DMY6+BJ67} zWb1hrw>PxS^#?-NioYRR9fxCC$_qCOc?^d}0sd+Fhud>&Rf?*NlH*AD1^m-7TqQn# zlSGE2UX=eW5^@C9Qo`Sfzr{(<&3m$PbwV#Mkd~h&(V!6mYaYWnFEAhgp0e6`ro8$< z?(HgT6M|S?zG!@f)WI>gMx~hnCv0aQw9Tr1ITAeQmFIOrnzxT6uK9?d!a z4^Lp^ts*sI!mT1;zQ0x6n^q*CImjXCHWxSv9;03kl)n!qrOqmySA-v*ulD2F3L*iW zM2>chFc*cu`+J*a9NU6=r$ak>3f3vMGpoIj{ zS2JcZ-+%z$s8@TU28yFjBjd zj2Mp+vD+!EL0t>lr--&=RTt>oRBGJ{yrlyHBJJb(aavg zG)z*>zQYP8^7)1`M~cH6c$QnUA{+Ick7VG4AY|h|G8C*0w@fSO)X{Un*qdF>Ahdh( z!09&5Ox>zeQz3u(&!|BqfFtLoT~YG`940W8l?NtJT1X;CQRSElEmSy%3eECUl=@$5 zbb&~%OFyQ836&S*cv+xPv1Jf@8geMVjxl$%j&fST`8%fbi6PMV* ztKdP6U@JKC0LdAl5Ezb#+HFKdm#WKZ3GbHkgN`lc5W zY`Z`AZwF8!AQ%QOkhjoyz$;eB5yO;%Y=>7jH;yDWbKwTioHPipJ2cK%e3|+k zKbKK(i5x6uAmo}J@+`J7R!EVOa=Zny{>Q6*2FBhdDYMCV-d8<%O`s*g6~y`5i#-+A z%I_^)if0P?(n68iAc-S_I3jzn{(R&JNhG3wv?zV0i6aExDW*dUDG`h)8wrEN-y0Ka zPB&7o2;hqr1>l}hvi|c53jX4?9Ya40f*X81q0YR2kN)%u9nW~g?iVBH`Vk%}Z4dCy zQ1AfW85m^3b~Xwgz&j)7+MQN}Mxg0&08*7OLR6L5sSb!UW+BVAQv1ow-9A8C%GxS4 zM8HH_U=%_NzT#uqeK`PAV^~PPfeN2dJ<~C&IuRK!29Uk4Ou$iZE4-WrvVFjZaR%S4 z=oe~BkCIxg!BT&E>?sz5Y{hu~73TT?VgBF=gI}_guOH|6SC|71a;FVt0d2xMqJx2` zZN*83bmr zm6t-E-RUzi1kpbu@BOKr^C6=N1UpMoJaGMxLsai$_spvLsk`KHuF)X!e&+82$%30YT0Rh z&m&UOkTw>sR$KV^o@!1S=xVkVY2UY2skDJeB^H-BB^CiGmO4aM>bo?F3Q9_BWOXd{ zNj-E*EI;71V-LBiM){B?7ui$-74RDKIk~dcaFTq}i0a?`k8R}k0K&17C69O~L5Ldazy5S~Kv2Z$qhqHDYha)p&96i4yOI{|Vs4he zVQgH~*GK}7oV~-77)_pkyQK%NyKni9{;zaT0@|E<=$dg-B1dsHl0>P$FYY;bJbbmf zg6J5=PC|U{?^So}gMN}I|6$CTU`?`_`g>+~OQY}ctmt$e2fL&2od$DU5Fav{fNoh`ZzSqTV@oz>_wKi)Y7)7wJ*bxEPyGWOiD;XJQgtJ zlM$0bV@n+>#D|mpwL<`biPaqthB$W~VeWHQS7ab>; zYSM$`FwPH>x{?2iK@j+1LIE@9{U`+?iO*+hfI;cU_p%3&JMTAt?e;PuB8vdd+_dJ> zl$v$B2{%{tv`-{Kq)A_U(&&nsPMY$ZtA#=f8%j>07LJNC9vh%BB(L%E!v-z?AMJEP zy@n|g#JW^^AZM5AKhE<6%2SkCU|`a*h!R-o*sCtG#{oe_?HzAj&{TPSx%c#&*|%pG zAh9f@fI((jfdN$I*yKzSK&WcN0knb#WO9f7+&~YJvQjkMHi|wS3ME92EnGvbHuB<8 zQG(>!b12sy3?Z!)n84(HJ9FvOq}G?uL0U4^w%*fSG^v@*pg1eSL7K?kQ~}WlZZkdh!#@F#AefV~ za4e~>rv0y3>y7X-qkgb=r$%x`hN_Z#iEmkG?X`Qb+WFUoO-4f)8Q zfWVN15Fjvw1_%sE0CU3(D=`5ALsUe6ZC&{FNRZ7m*%}nWfzAS=_vgJ>s>cc<9N2sJ z%co0jr?Gi<8>nKt8*TOtGVc#=^_u(`r4iJ1^n z6bUAEmm62;y)PU|Kcc}NC3=ldQO^RZdL!MjvJk&E=Ngcl`6k^3ixsKwS(r*6t;sk3dOBqizPogFnf^sq7X zkSC!JSb`5fj%61bn5MW0B)8PTsXY7f0#S}(N>~?`*&m!|h94pcr(@n=R1NN@+2keM zQ0i5aY++8uXaw3|DpFPKP#|zNV{WPzBAYXET^VHQ5`ud7N8v_j;^WAieDCD$ceUk+ z^h~*+2}ph01) zsg>%aPjjgVb(J!zR@QFNm zT-ojreR?Of`4aW`w-@4^dZ=_8u1N&~s0{^c{J%57V@p7NsxwQW5xZiOFzVh_sw9#MC5GwvzC{+i#kz@n>vONo%teSiA$-n3aW64tK@=~AiP zILEu>6az1uH!il;c{hh?`za4*sm;sq1t`AhDm-Q5_JVEzr{~T5&i}biIIw%MlO^AD z^53-B`O@sl(u^_TKl!keTEvM)gUx^g1B5YkKst=^y#l9rYxDE@O@lD<^PEI>GkB}W zQh~SFoc@%ibjSId;}W-JCg$Zsdal=9$NpgGEYQ-y?|Wf!50+5{BCZ7H zf(BE~W^1zoQRm2i68I-yvJ&BZ^H)d`C&g*tAung27LrZ(%trKVvP6ux_4(`T=Q5b; z0N3$pMoxAdDbq(B{6JRO$+C2k^Q@Zo*~ESe;Z|tn1Tp4Wbd31R;C>@inu7(K%CCd1!27e*&^F zvN?b(%s)Ao@hmEI&Jbq>B?nX*+gmVb1SHO;C*Nb*(wA|)ee0WXFpt?u))VE@#?~WO z-<>XzrsNu&W|1M7*Zxa*)P|aNh5&YLdQr+Ud@(UCeE0t834Px4PG#2bg zR_L#)TMt_CnuGSFfcP>N!jW$WqPxGGMv#2CNt_?HquVOL(O981*qA z9TNyJ{^nk80b1QA<*)6^Za-R8P&%e=RV-uY`0I`9jn)n_NWwzQE4x0o58_e-ufj$% zZvm77^N5I6%9?KtKR3k|cR6$^L9}p860m180(hxQRi<&i)JC)Dx`o@*9&Kud$SEB` zDaU2W1Wk%`W?BhRRkp87Taf>4g&0Ry(!zs;r<>~qdKd)@oK z*IF}kKfPm}TnMA)luQ%b8>Mb&LP@xb)5SssX-)87k$0i8Ei@}m2}#kWQM7&a*)PM0 z?aZLXdfAopk_E*9TPSjF@uJz+-yLs#%_Ynm1qs$i}|G04<8cu*I ziHs+8SFE{!&O2{0v9Qnz+Jl?M%{KR&ZoFN-a@u6r4BLWwd=7^*||2s!$4 zX&n5qQj6-kk8J0xl*|ANQqZ25 zV51B=q$=X*(tYl11FGRqa7baB-{{M{8sI?n+jE)Py_apyU<=1rY8DJiRX3nSb}!%et;QuLRY zi~}{P_ohuZ%R~v76fwmqLS?l%us!$mT_a0yz3OwK+LbY>UY(iJYjo)<(Inp>8+$UI zXOy&_qh7(`XVrC^XLqgBieXwCmGo7m@mO_*_h;|}W-8?r7b^;h4jXF3Y$dR2Z}$zE zYz-k+6w+*4xO7QH$w%>1ddiA}9v>R6ynHCgRYX#e;x#JndeK7DSb~;x;+`1?Ojen( zwiDwHb9@9ev>bKsX=)9l1Ehv^k2JO)(S&e0QnX!sNib3u!kye1Dkbf4wJFs} zw6dRPiG)#FO{Si3M1H8;on=cYQzu6Tq(wUJsCAyQSOTVgd+w%Vtx90CBpW|Cj*}7; z;koGgl%`-5HGLGfyCr>eE`t-9R1qJSKExM%{e@P;j(6HbcPNe%iaT0B9=3NKA4Bb* z*c*ZH(z6UL9bYDL6^P`vtb%eVFQ1*?Oc(THnZ$EUHm@lJ+C&xDJeVO9$;iuNC>KZf z9zc;Gj)$Sk6O&==S{(O@D?v?O`l)xa3kn}I?@e{LX zCkMii=gw0B8EkFhT+5`?AIol>m}Q$Sve8YpBwa;cJ#<%^KPs+|^YPX#PsSQ9nu3PY z_j-lJnd@xYB zekZ@dU^I$)l*)nZDCrR2EG7*4_=G7kHJNOD;j3Vn%rMnJ_(%A~fC%q%XzU$NsR7v%ZnQrPLOP(Y<8BLxb!L&b5boCq6LY7&Qg=I zi~6vM)-rSp8AAdhijF`TI{E?EiKohX<7iH8FF*m(P4~Kqu#ZzF1&Q=Lg1Jpynf>tZ zGEnvTq*;ohlEpDMh(hKih}c+(+UL<}$tj51&oBlnLBT<}sg&QgxB43Uol1r`U9wfc zkx$Ulf%Dz}J3s5MR~{31J>WNUJjT`?)#h}MpnlBLnz2mKwlelqSQ6O5X=PCDW%uqK zxEenyPRLn_p`51P8>BQ6_q2}^TSd{KuQD=Gsh4y9Uenf5d*^8{YEv8K@N_-3xIWnu z@D*`y$l-xN)T$<%Ir{K#si*T#nhB)R(o~acrZ;F8M z^`_|I20NiEF70Zz#;x+wm&v}G-Ibj!q17V|@fq|UB2Lt-#7o~Gme-KfF3zS(Du(}Z zX(5osN@HeNr5X&z7rmWkziq28Y9y+?F=IktR%^|UP-|@$AS^d@4)}VeVVxWCw0G#Wu|^@_UyiU?^Ld2~hWEvL{D;y|r~gAH_Dg)W~Ay@54BBbmDO-4B+4q~s z)Lc6E?f~sGOa@Q{xG1ZVJxw%LO<{-2(G2FRiqdqV3yeXYK5Iw#*C$3VxcUw#_1zfe zLdAGryn|J{xgbyRbFKL~Ro<~Ky?Hows55P<^VZGC*)0y!U9LTN2m?_Ng8+# zGt`X?p*$<2g&mQ82i2tfU#@IK)^8fW;?n9 zz}Q9lt?e#!&`f836>am1*Ov~+2@5Q{9QpL&==cCEQd-uXXe5S%^~$m^x(lMFunY%1 zS75G4)BX(W<9_6!GJ&y`b)<=t1=X-2;)B)73!<+|7T#zIn6GxuV(BcOeXNio}@Cmd)c z&`@rdv~;{pjc%#`?g8a4oDT{pGK?OmKM|Lp!hJjq3QPksiv&`^6Nk`nTX_yG?g|@R z7&X>sasxX#vXdYFBxJT!FWcy|wqUdHsB`DZZ|~fr$PK5?9}IeEAnL{Nv9>tMCVrrQ zgwEgFJo`o*bcd_u2jR+nQH<(wCMv{ppIhxV*$bnwO#oJopqY1MPM-3!=<+C`Z=mRp zOL3UM>LIHLbc%L1F^oVoPFO6ByCf96W${+|!?*Zi-8Hfw2?08-EWAvnYng_>!*ynD zQ51xXG9Rk^6L?eaZqlrV;=Sz%v2?1IUvmGm{C1-gkDUjy_u#>>V!Ww>;m?lTFTV+54pyTh6in-`2f&q$NScOM0ZDLHDU+G0{-Ue`%%LCmAB zY&FalKzsp!c{2daw@v_HUZL2`dh!+k=D?6LVxtSR+^!1_$76F-=WWv)DAk~TC1=kS znWyXT-j^Rdbf8MJ7wbDlAxG@JlsJp(*J4h{fvJj_LZsuYFS?Cp{f~VBS`fm3NxO-z zxuHPF0P#8YxwsDo2DBlN5kcBpALGl&gV*f3nAJ=%6dqF6%Ry=#fn#0FoECvk`q~XU zf}WB)jW}UDEkme4}TWyoH#hUgPDcb1nVdtjnI` zxl~?Dd!$EZoZ*(*B^9ycL3RrbrvFR-EG)S|T)AG~eMEz3)nTDDuMHU3R4<4}o6C1) z{PNR0SIg#U0gH%~0GO76w9-*z*@%<{i$%P{vu{!S2E z+p#otka-Ja95(+&&cV&aKpz@_iM8K{j+?acecf-3$09TMpi~kR(O`_TFJRc)-0tyJ z-u!AXPIw$QWC}W2R^Mrwg|g}3p@9s=%lv!Y#y_9t7x`Xj41s6|az|XkJs~6|{}fRW z0d?)}s%N(aE?%k@R&VW^=IdIu*XFp0N5ZVfv=AU3_YN~xx%_!8kAx4d_1c@U9-m0) zNLk%CO_qnQgj>pR#ojvZB=ASOCS@7H3EZDKAIjp?9!~Ux$kL%BcyoxW6mGK}C}KGb zAF?sCK<0~zlP-LSdagnPe-7J%FiC3i{rN_j`3?X43Xmka;ChS?9$avV>RA6LNv#`{ z=oR}Knz-9FxZ${FZ+`gXx_1}c)JI7RZYs#i4H$pu5_h0^xgyDrrT-pyl8gSrMWb2*N%lCCs z{&|vPnaY*6pRtX~MIS4P4Muoywq=T@7EsYrS+RN3mnVhL^VK#9YMHk5E4x{%jtXnU z&9IsuArR(3$X5U;mT(pz93=5^=Z(A2sn4>#eg_@mdNK)D0i+u?vG}jlk zUGSR3&sPnd@~LYkAG6d8zDr8pb6g;bZ5%~vBmM8W?}-?HUXyIz2*@IhEvcRJw9{SB zc${2ek=m|g)F&$PM`-30((-p(7bRI_)~ro&|4(#_)yh;vLT^AQu@9(Gl!%DQQI3td zUFCXp2AKIxls`hfS&2H8|0NlA){(5Wc z`a_2>9AreCv>%x@%%|+{a0vfo^kGQ*xgf`2Xy&D@Cp}-HGCZYf@8@i1pzAt?mcV$L zq~B{(gVyVz?-$S}5G7TwhPpF0TlRfI{=MF#d~;G#QGO`LD?Mx2^wVTcZM)jf7xh?z z=}jr;kC*e$4!6-lB^fay%yhg%+45NUA+jS~KTyk92CjF~+HEF2q3BeNLLSW08Hy6K zkfd5Zs6d+2PVZ(%$}F5j$}VEl2y25Ry3X4m6{FqeKRuS>q6KFyPY!~4oUB@u5D&iV zay@)L=-K%jJ$8FP*6ch84|ZFHjCa$Gj{h6J{F zQ(1|$~#t! zuxq|~p7a8hPJ?+%4EX`X5PK3p3}HBvM(3IU#E?4l)~=_jr^Rd%Nj3#bhI&1FdVbgq zR^I{GS@Mm;nf=+2rvkL~mdE^)*Kgs2yZY?f;K*-y9z+jWA)j94jdQ z)#Rjbl0t+2f;w1^C57l#*{-qldsWusF;dssof8v%dJd&e zkJ@gG+Ln)M5>~6DO5&d*#S_UcMNcVz=a83ob#z;CDrrFh2_cs67b8JDs2i|uH^IB9 zv_A{5);=@kA0AMEea5o>76emYR(d~{JJ^FHNtTLTd_gd}MZ&g5n7QPia@9Ym)HS@0 z10Riv&(Zhoxz+-oadc}O0*CMClxp!k~uu2BR+xYC=T zy(5`+%lFTWj$bZzNYVOJR<4jIC>2g%9F~tCzH{-a@ZUci>u}4RAc6;7dOH+IN12p< z^Kl_R-%0LU_jkCLxVNI4DSI@iAjC+mVTWEVtIF_Oe)&qSSf@}eO9uxVu2|i#mi3mY z`_e%)S3qfgIfs!X*sCh^H2|smIJRmhCsZ~bT|ZYl`ED#M?)}YL#d~<;V&_2Ouj>aT z(?fMsNOf&hy4+0jhtXo~4JvO98*FQJBix7aB(G7tJ+zlIWsTco6RI(}Qt0O2T+S3u z|KajOp!t^O+a{bp2i8{7y!V@1)BXr!Iht{`UFyC#q?_$iI9NSNo zFSQ_8$JbV(yiO*!ruX(J_YSK{_ZE$(#0mU;-JVoA1%~~)$?VT0PfY|1k|T}JVeYUn z)MefOTk@r8enlhsx8}=CXm0B)d*KIA^@UwdAXxE@Y=gQu0Z1-!PS}-9`|Rk< z*cPem)%50QtvB=24eHk!Q0vwI%j;-0^X7Uo(fHHFk@3xSqQl(vYVRwDmg~zBhnr)d zyi4;J%rav2vPR^q7bJ6r)Av_lQkGBuJo)~IPvoniHii>qAKT4HG=NH}ERVAran1j* jkV|`qk3)GkvhEWR5g9?Q=h4v6e*MyokP$)?r9}HbvikF7 literal 0 HcmV?d00001 diff --git a/assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz b/assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..931f34e316a990e0810edd644c741b0528c93d3e GIT binary patch literal 317124 zcmV)GK)$~piwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{dfYbhC^-L)o&wv-Ikp^;-7Q~Y_e^GwVmle_*p7}QPtN(W z`6*};-HnJO7yy*qWBdE|S@zNPN%lkGPO>kOWhXPS|47szP`DKeRfW26TxAQwlaf_b zGES@c@aY0`nJ#fz{ONZ7jYgxVVovR__d?;MAXpGH)b4_;X!L7C zgcM0uHxu;W;b_!9L|3mQCF9EpdN3M|UeeyWa#^btC>kLNPb6bSZ?%RhbgNlKDjCjt z2iNqUgbT{53A#Mk!FBC^j?xE@)6q^&YEtE-$|w<&odjj9%Bh4JbB<@Y!YQfnv>^Eo zGI(pscM#&FWCS!G(1))V18%0|RANb963J;My6_b_5UNH} z>MEN$>Ne=~c$k+@StU6u3c_FF3eWpywxZ$|{r5KO8^v>(<*PbY-?r-uYW9IY=IqUK z6@2)(T?e{qUk|6*g5*uHdih+1?RxUnquzpx0_V8y!~1TP4L$ZWi2AJ7owA^@s+W-M zPTI<5QP2E>9BjtV-dY>_?{CxTycaF)hb_A3BBUxks^**s@oG-1H@(oq3S0CNRqyoH zkNfV+7VvwpUKOuK`RMBw9jrihenGa{{Tpol=DlCF_1o=y@5XQ1_v>x@+Ff6{>09o3 z|CX=a@oQ}Oiv6A!Y>ErZ`&`i~XII^e(3Ed^rMGM6L}Z-Sy2Gam12QR)AeV&W0&!Ac zNpkdeQj|zT*hk-KZU^O9ET#?RI!JnqCVrNUNW--JGWZC|G}fQuI4)zWO>DS4&199+D;N&Iy(t!k2DFHWcAUp#drSp^*9|rN=M1)&Q6JG zB{8iC2k08NE=56EQ&CJVUD=e167%e0Cqbmdw3whd#T9R+l>LvnDp2$G47B|gR)@*Y zFEE!2dLjB+*>Ap;$e5J>gFl)sqnc36>3q8MRZGg5DDY*v!1=!xlw9`o@V_LTFL^L3 z%r9w`r*uiGIp+UEG=fA84&nRGN-;@*%nWOH6JdE%tCfhT#U@?#-)Z<6#qja?MTPq|!|NEr>dh~ynxM+yDMFrqm{ono3c>L9)mj3VI!NFIb^?#q@ z-!6JaX1FON(%X(^jJK}`B@t&A>CP@XTTp?hKp6e+!hf1CgsSk2WCi8~ zU1ClZ3j){nl%QH&UOA$bWN676jwC5-#W#p_XJ;3kXeSc9peLgz zBQ*(8>(OVNU`fp6)FPk!<2gER#6mH>q4ILg`kR3b!`05oWpa6tK1}r0IIMAYf#*cH zS=5bK)SSIh3*RS$L`y%zg-~m6bT`K^mGS7{;lU0K}jXemer>H zXgt=dEXWI%;bOsrbo-1z);}eRDQ0|Pl-3}ib5@Y_!m*>E8`hoH1+GY-gGNZQf^e^g zM<_vLHY1swpusEl{0+$(X{sU=XtAHap+bs5w~3V(*0k9P#ft3~a@@0!A`oI$tlztlRx{>-JksS;^^}XMAw~tG)>ntqNE%-v{tp(+)F;HeCg3 zM7VrL`2-D#%!VFAhC&oUm2Z_?>$^?vr8PX0sDBq^+4-DYkY!LM!%t%%8FpWv-KLFN$L_vJgnebX37y$^92-H@_-IBBvy3&Be9B2qDoJr6qKdQW_!W8)^FkBq$x;%C>5(th+ebTCojYV{Wut!1sG;Hzodfk!A}kcE(xDP zr8$wVI6=6k-*MK|@F}RyiIvdNj{}7i!UA6p^S3zA2noIB1_^b?q{?eX-3}*akNxWx zY$&T3e}Si@wLP2^s*qOmV8!){*xEmypBq@`HI|F>bH6SU^Er`F(RB!w){I1bo}kVS z{@%w~b2cTv)oLnI^N(gq4xhdJ^pt4D`{Z_n>8p>)g?}O{b)D-&>uo1!@EczH?WfW0 zcB+qa`%pIj^9HTkpg)=%5m+B=BTGE)6Fj$(C2m3H{5@caBI+09;I~k@bl?2{&2%nq z|JF!gpHK+diC*vjJ=8A0$0hvDDCTb^z90NM5X;TVj!%szpS2!Jpq|ZWMdi|VUbFnL zRiq@AUmMCv{;W~=ih)h5`O&;$u2_$hvdXtpg92HnjU@IT*h)WtQ>$eRmmmaiL6#FV zz;)fx_?nFvbQ(poJ*xUD=tr$?f4a|szmMX^lGUtW^W{HaQ1O7&&Q`c2aSQi+)9EbH z0L(j!ZncYO1+P9Q|9F02%~bZGB*M1f!bDV{oYVzdk{n@Sz+m(Y%1Tm6ZQC+ddyB3X zq|(66OTTLV*RRnyJs9o#wwRQxIwi8d{@pAEhgm!n)S!lxo z8$dA67GS3X7C$R{P|bG&4ywy>dzuw4^OGk=O4BGG^Y4nm5fMAOtFDQ*ZL2T?q_v=e%7*{P*7fdfA)N$4n}0mMunEU_My0JghWl9W2p_@dfc%B`?Q7^ zisXcbZxb}=+O%mx=4|8i#o{C(hfp7VkdevW1PxZ%*9}^$e(_j1QA?p|Bbj%WK(vG# zO}joI@&<5Mv*l-iC&oVCcML}QkL(-Wib?}Lio>E{S12&^w^ygGn3D=!Eoecs)t~i` zFl5tqu?lz#vDC?Hrb1HLNCHTtV9lDM(3_+X&T-KSw))iCeGOQjzUWNjqKF%3tSnh& z&*|IuJG)3^YUud#2H2M)-g&XmY2#xGi0)Zk}eAKX{?z2n?G*GNle zfeSbLNmET3yFd*uP|eAVz5$etkQgu#s=ZzjN5RiKbOH!V=^I*E<7n_iG7!@;-!&s4 zd6N-!FasVC&>o45)oT2>u3tGFnWj$@G)V6a%w){*?wdg2&ofj#^f4=X>xVHdR3p>M zE20YDm&ZbNkoA}WMx;;(D2k#M&q&Ql23~Jhco}-8WsQ)mMBHLCVqC*ie`~6uX{{Hu zD#=39k}BG=8}uKKQ1d0bK59m}OcdN?MhhjFDMF$(75Yb5@f^O`az~=v@5GE7>gqrJ zN2EkC4#Ew(7gPvo{w>XZ<=kK5+E8_XrsGlcOnTLn;|Z^w?#jvTXphT@4m=?XBa-M_ z-uP0SkU15SFWsB*?k@U4J5|PkKH$r(>OYO|W+F7&^DvdC#8ms}jYfm}` zzQKBp9HbA^$9t}~GlrUa&T&p6$U;pe9D~?Lf{=A9ubM}M&${FK#TJR_i${WlS&Egq zaz$PVs|1uU*1!tzwQYpj_;4bz2{@Dmm&S-b3$s)C;C6Ae`jv&ODW50Ysy7-zEM zk^A&S>>GjQC9aL%@F~eSkydloVzta54(D@D=Ih4+^v0>?AB*U#)g@avXUv{wm~OBJ zwWyzW^xCzk4_h~n8{273GCEtr+e~mh`3ff?5r`k0a+Zl<#;T0eQVeU@^kL2N1a#w6 zE)!F>i|ZQm(y2jj3#=en#>)D(p)Q5PZ;NeOYXiNdwn2)EdVyQ7f`CjUKjuu`d%##s z(4BjCt_Q^+LI7og?&K`HAl!cQ5bff6kW(VJg2GhW<71u+3|NzLgcmL%ck z?iyOX9DF`*io%>hqZrwBx9q?GP_XpS2P^#bLP4nW@)yY0cJP*W7={gpz#@bqm03@H zx5b^9ImC}p{aoZ>PrDVIWKFeR&JP(~(W21T6+`AmR1Bg~YzLrIbj*aH(}Gx!OYoN* z@1x5D*KHi8O808$HNu);cgAe)%k(zz!j~K6XkvPGSRta@qsK`QA?p=yc%c5Zv`9jL zH0D(BMn9BJn|!VgLGRXVIX&J~N#OM!PB)(pcZDX(w3;VaEr9P`cWxEiivNgknF>V9 zvXKg@kfL>F>N(t1fC~130u;s1zHxkSK~y#UOY5R?-OXCbEc}xS(GW3w@bLbV$96Yr zmOpcY{{{wcpY=MA^d+r~mY^ULq*aL}e)GD*zI0%vvIxQAMaU^9nWUG!lxW>yj=&6e zqn}!g0eJAQAKn$2O2&!+CTETMf1;SRgyf2sa;U01(CguucVwP#i%W8@s55Ki1U=N= zT?!hpl|X_xpDrip$2-5U>7AdV@+(Z`1l=ErsMPEDAC|7KnqV1x86Pa%r;Jcg>fEWC zqOeyEj3Rg-0xO!(x&&sg&)5&@Th8Y0YcEV&=pK1>~`cn1*JF7AdsT*w^snf-LV8 z1*(WUd^Kk^;l&aWk>Q%;NH9&*Rb8OT6_c7vtvMXp=~4qzW9~uu1u4o@EHtv`X(o{ilE}J9W=#dE`;EB1_Uxz~I2V$;h1(iX#Uz~>x+sPp(D>YFrvZqp z3r*1Dx53`MftUfn~Zbmq6;3Y&nn z&^HpzY)0Q`dOanmU^pjvicSeJNR~Q0LU_t94PjC@JW%d^g!3FRsbo+MiwMA3oNMhz z^krZ5A=FK$E^2sc(D3^E(lSz3H1N8?1o2&5liq%utp?H>ZH*=wMt(gv+b3YXC+J<` zNYmT5iP~IR5i}45&Ms2ZCY9uk9H8X=`=GAJmqA$Vyle_d>w*kWilPPyB2^ARdV5>} zB<%FwkKdhq|N0mu=oyii7UHLS?%VePpNr4FnZF-z2F{Dpg25hMNm!|mn1*Nl#37!LjT|Y z^Z%lIZ{MO+$tURj`^i1@v-%0$qWABAZoyXT*|Ws0B059q^EZ<43Ky?WUPMEGL8}Xe z&_D>R7r{NXyQ`W6o$U0?695Uc6{aY*=Sb_LltwarL6Uo(1vty8W$awPl~?>E^uQ zMbxK#OL~3sVsa1twcTml?A=7vl;h&OVv?NKIG_A&(>Op5HYm{l?Sz!-+PkaSnbSha zx&wDG254Y0bASd0hX#8+({&WJO+SMNp!G!b6BEwuiu59dN{j7R(Hw;V8W?09ph18} z12hQs_r{AFDnI|7RyLsd#>SyncGg;P^ey9Ih)J-KA3p{o5@V)i)C!R`e_+RdNwKzp zprpucg{K7;;+41fISn2rV)e$fVDsU@=wLJ)Js6G-hP13Xy9CQ1kw^vthV2#CG@(@z zyydE~Mv4zrJyV@0Y?k24HZ{X&k8Yx^_;yw)bfULf`vmcKCZy00K3eX&q`9^*HLf{` z3cJ|RBMLmyI6Ew3W)`Z_a#mtmK?p|M*)f(2VV{m>jN2)g=f?yTtu>YlyIUYt!-j;Q zPivB;Ab=mk!+JO@)jBp08@leVhaC#i*|H|+ZcZfOC9Q}+3wGre2D%E&|6s5r-?QC) zTr`;yDG5*1AQI?VA&eq3x=1c-ViCp8WP*;Agy15$>UR&Cxdl3VaoUpLJ9^Bc5CwP5 z(~rZS5?2i_iltMz8BZE-@)c~AELwJa083+XxZQ~{zDZ( zNLarG=w5xr&y?~elyU{3{FbU~bjEmzm{xpQUo+T#*x5SRQ0mC1h4A)mcZ*U5L{l;J z{(bWHE&9R$c-53sV8qjv?VbUJwKt}>BRKZvMnK4VM&&URMB<;5xZ9sCC|pCv4baOe zSUQTcK7P8J(2T+i$O8|JqE`&Xfzyp6>*)3O#b>gAOJv^=almDxvb83aa3koHIq+iE zekfeIqc^=9WFbz2dmuoDQ*EwIazmc`kDb}26g|b2LqEyp1k`=NhO7Am5e~xpNO#?) zpex)ddx^rjv9(BoB?>+LruABq;F_C1YI_pHtr={4^ZARX?aHx%G^(FQ*gHCo4=&?9 zZ=m*(R5DahAxVWm#qJNWjc$71F(knwyLLj-ju+&Oy+;+xEn|YduZpGakk0I4r0P^DKKRZnmJtzSnjLQGD%#pM|%{uA>o(RcdHXh6aon?h>QGOK9!rr3DyB zhiU9E!Ayb*i!xC4vS7+`p)+wU71| zDB4qtc3bdc*3rW`zxmS{IJ5M!Wvx@OfwfvGcWpcoA(hzTblmiKbk4;G9*lrsUFV2A zaQ(huIG-9sFn&DhynsSNT(jrFivX)W7M>l=z<^@kTw(~f9Mrm&G%*JKCVp%PoSll9 z?L4rR`?%h1B3lr3i~s%X?AZJWxj6?Yx~u_{f0l*NXZmM-TD3r@FhC~-p+ZuI%Ci@z zdKk8=pmzsi(j(ZKVSwqD^RqM@F8Erfz&CE}SK;T(AWM&xh|c8Kn+IZAu&Fg&eHJEG z8RD9zWxgv5p~q~w6FVDAR;C1V!q3e(`^^R!)6@K#b?>-3Ux&N#_KKT+HUX6@ET>A``u zTSsDnBNA$^J2e|Etbx(C7410@HLJ9_WZ-6ltq{~PuZ(H1+kd9Xu!NX?Hl%BQ&ekK5i44{ad=fkxR8w?;CN4~xfZ};9hsG2O;U}*@bj+F^r58Y zz^|&u&`RU=zTy1E0_)+Ftf^$+X5;wsu%WHSe)XTC-;L50&lXtpO%64@#@oV+u9>uA#* zbF!c){Q5jj(pS~?!a|%$gB!scNaZ3Y?eVCqLbJu1nRaAoQh3rpfj2c&>9duxPks) z4Y{kO+U0@a=n`9p@pf5qVB>(T8N9oW`@^ScBQ6s-Ef`bqF$@55R7D@cz-ZpbFG2A* zH+)VsQQ!TrHI5dSvw{qiY@%?Xy^_~mGs9X1vrynC?Md3-u`A>!Z%CL{!twHu&nG#VG5F*I{jU0@p_0Xr#A; z#jQudbv2TMo$IXk#)Wn$tQ9ynU%4(4ce|UohdMilXWC}%1)D1&v&2SuiCznW3O1jW z-kWky?e;H%RqDgsI;IwEt{YBF{XnBKM}=Z^dtFeb#1rnkORNhvf1%n=faUgV5d9ai zwr*FGp;3CrJf3kDhN~)gFa$1)C^lO^1C;nevwHy~+aqr(c!IFzXyn%h7w!!z z971Y@xFE8jWhQ7zP;Rf@Sf9Dj!70=ojexPAG4AeNP-Be`MvFVzy%8QTyd?rB^QOQY zoRIaQu|57cN}l}m<=s-e6Yt7*i#>F=q(wmm$yk*OWdC2%s*&)h)Nrxa5=NyKLncTK z!0&(#h+sDXY#u=itJZD7u8=SlqE|N))2o-u@J!do69~OVS`5tq(=y_~g$?vz=_$Ho zMN^We1*YYh;qU$F5?*XXLG$2UcWy#}1m`i!h!8JXuHyin5S;(OsU+W585#T(-aalQ zMMRG{`L!XDtpP&O&>xPzqk;4v+z?(La|URu_2ZysTfHxC3*7?%YN}kHC!OD~B5FpM zgN{SnMo4wiI47A@&_!QeI%{<(jG~cWsymdk5^=_)=7gWUIt6l?{#l!<{n;zH&Cc1` zyynFuo+lXQ*pL@3rTUx-@LmUn-~v~9p?<;PvmvPmZ2}*|vQr7UE3Nod_BgNJzEXpwhLIm^RV~kM2o^2!{rGGZ02Ooq>m_j3yjw z4HXFnEu*@QjL*0peSGS@Dbpl)w?3NLdkQ3D;M6i{o#jCqS7RxbY60{bTOEpUJ~DF# zqO$g?A$-PoN%DO}-ejbfCO}6)B(b1l6$Mswq%9Sj+e=@-uhhZPnrfEoZf)%I9C=mS zMxVgo^$LRc>4T)GNI0M<*mbBhF=O&AQvt~<<{rRmg-Fb53taDTFe`@U4d%F#1a3oXuow-^3~7ORzGg^NpnEo`_KgPA z*XKZ!@0<#t+;wL=tRq{+S|79tq$U2IOKa;44=YJsbnuq0E{5n0Hx(Vxhct+t9lpdw z4TE`60r=zHVUc9};e*URnqgWroFvBFv&ZfJU#uc)CUF*q^X`x4?X?s_(0OG;*|gTq z><{j{R<}LsE;vH$%ZH&~@WWO+A02uZz1=f0s!kliefNeD+%>-ulD#v+%a)Y3PKI+* zTq_g60ZH(`lIX!f|63`}tr6$|*myee)Q#YQQPUM9H8 z6Av`ntuVT4_}rr-++UF8z)d5J&#L4P{{9ZrHWaY3H4N|HAcEm)BYwFQZm zmTlY+gr$BlBEsl7%hG!?13#!A+F~l12P)f&RhpGHk0o+}8k)le4M+c+PDE;%j z%W-az%hQ%`_p3xr(;1wfA`-SFMc1_l+3)l-~Z?7Pd82EnGMRLKN$tSG(ZL($Q(+n!fU z+O*z6D*&xAYSioNqkRCUKFpaAv<@PLwBL*iKZ`bV?5u8tj;SONt$wi&vfkjz?NA`A zDNaTDU`)nO8CM85azQF-Mq;fq6a&$DVr)Nxm`;L6kkIT)3)_y-V~wmEiB8R1{3(%v zra?nCEmpw$CwzUWLsnfEsBRWL*Bn(;Zn>Z|s=9Jfa}b9FD=kOkbhCGB!b_?z(0!Cs zjwB~!Pff$Vve@M^_5?y=9X!u#MF3bllxRZ7oHC#?V5^QaTj3v!l~fXON~U_C;0PE# zzwpPTe|bQDWV3LcLWBWoRTE33jI%$&XhG+TVi{;4TmZn3?}@vQ=gBx2@P<4l^o)#u zaf_?v*4+1sO#K9n@zr5|Nw}nf9BMPlKowcgj7n=>3A=3TB3gM(BU8$`gI5Vo|S?^rkitNCURQHj9DYUfO zqo$m5Ji`@+2p@?F=V4Tmw6ZY)Z6ysWUE&gAM4RGCCkRy#@IDT83`_Q%ZgxkBpA_7f z+jb2uu(cUHt-u2)knR*h=z~uyYJzOE40I+#xZzVXNSu_k2 zv#x_rCdkW{EgNVWHh))H%|tEPFe|0%3@-mK$xF887NyQQDjDXz6)(MwUE|7kbEV+&%$Y4!(hZK<@(SW{rFt%qlSRauAx zXTWgkT$oNgb!iNyMDc*0HSZbL3U7MYTE||!+{UxMWuevaZMIi>;8Kqw7ktNeW2uw+ zSV|bWXvfA36TgmeN+TkOJl7sB}6u2e>oM z)2P`5jUR5eOUD_rnktDBX=KvxU=)) zkq7q)oSh$zJbSRU7iDcz!(YdfrJz%e`7#N)I`Cf^rw8M7oZzCS@WiC|U0--g7_qVa z{R0lIS}XcNDtL!jHOm8v=aj$iV6gTqTW-gmS-4twm`XI9V1kml`%`<;AvT-+#edG+ zpF?P<|C=g8XujwrMuR87EOZc*YLJBqx-!( zT5H*?$NSl3!9_3Wd;!vxw=Fbunedb|CLzKjRotPq7^hXJ?+wH}mq`0_uF*fFS1{a! zEqlb+8qt~*9t0+ZU{H8q4H4UBh%*HmmWO(OZ z(p+6%!Ak#usL0j?z=2XXUY8d1IXLyzGe~;gvc~JHYNJz}E8Z$@ux`Z+4*$hN`U^-~ zZdwu1IX^eg-{=`Me-jlbh?cy}-^qdrNph4O=9g43M;QtoeR1WZ ztR8~N-n;XkpC;VMGrh~nE(zDNvvxi(W~LBT4&*=G7L-haIN9$5Jbp})n(J00i-F&lgH&?`FRev+qO0IK z1~|n_pCsivwF{5h@=#dm-%ltD&c^383D?A4DxX&+T$S|_(r5blpH4sd=hI+L!v@t- z5M{zAumwT#srzCRTkZ5&B<)(eExrn%^_O?a@xdgmX8FF09)5Hz5Oq5I8Ee2!%xAgP zl6&~TJ07Lu2jlcXdT`Jwx!);y;76)G<9jEVx{kEBi}o}#51#(55JV0W5Uu;p*|jRs zkCo%m!9yKZD13GFrMoTd({8M40-@cnZ4x+X^$GCZQTzvs^efgT6z^?QV@xbenoMo| zfbQy5C}xRvD$x<~a#9c-lrVn69IBs;(|?&voePp(h#ql1N*Zx`LF-OP_)A>STtkVX zshU;o>Sn8^C@jQRCiq$qa3PG$YGGINcDK+zR0;=B{}4*bTezwIL!LTT+zuJz{peN&p_dE2@750(8i^n1Xw^TUbc_seywUwVw z-{;e3PFU~hGe^$yXzkP2db=}by_G1j_|@{kmK_;Ae6SO;yT`3^ak0!R(QWl`MXQIO z&++GT{D(Zp!693(xBZXUE;G}ubt}KuU0XqYiOh0KUZ2Y>-zfE}2EQW_SB=>jq{afT z`t(s{+=KgHJ?XG`u5g2d3k%;iG}j`KG1zudEY%dPOZ9XKxk{|lzKK1pW2)Pm0#|w- z$fv#YQA=V!9xz~zLecFz*KD8bD~B;8SwTr96D3>ObyA<~N+aZ_{j8>j5ZSXMm$y z1#()!GF&W}koIGSA$f&1^Y`<0LCo8OGzHkTCtThL0u)#%7i4*JAjt(;uCqV+%$*XnmigFk_`s+S6D;J+&h{F$zOI9>ZqC%2X(RnV-p zh2u(9p;oG`duRF&b5b#oZTz&h>z*ZKVS8KVW3Kr;I}VNy*wY7MW!$#UXYUWkQ}pJA z*37wD)x=ug+n50MyvCm=E29A-#HZLquhSl??nu`@s_!u?XtwOXfY&$T7^!*o2pAjc4` z!T=VK+QIgl)-2a(WLYim(q{kq1Nip*on4`VRddu-k`@TtL7L4)l0t~yMs7Jn)mF7( zjqIJD27jh&{1(*lgG@#L3n&YC?W0BsX3O@94f!@D`T zd{=Xpy%S6E?h^B1L8rryUu1Jk;|Hhum9^VZX}zD zcT-x;N_k#Vk-eMNvv=8?v!*`yKi_E#pNV%lnKt_Wm$iid$+Dh_ce6&2Ocw7J&78<$ zIuq}xU{4-B8oeujZAe4jRbnRIDKV?SOFbp^pP6`93&}Wn$Ls98rZt&~clON+{w!$K zyitGs+F-Fze=HRw$#F(z0uZ{-3hS#Uk2+GaDcpRe9&|6rhu6JP-G!>HZbe9nAv<)O z_1FjtB0d>5JlCpA)x%6|RdhK@?>|X(B7p+yQ&)o~`0T|gs<5P&q*%HDrP3az9?>5` z0GBYmor#~M4`?gmGAnR3hX_~o#eA6YWi26);&8XVnCq+(xH9(ZvJfw6^-mj($^3El z;&g27U$y`q?xv zCgc$St8G{&oZIm3=!#4ij9mzS-&eRWQE9-5*$^Moz}9z5t-u8_(x6+PdP>KQq*Y%e zHZ)4_kF2K2X6J!-UY((dRwj>|&QnlgDUCAU%nmlC#23c?opN-Amwj)=sAiB$5TZ01 z@YZPFJD>tM8_3=S1cf>OV3tT@k4f@lSXuNfrp0Q7(jhv2{t}TYV`?3q9-?Ve7ZQ$NTG>{B`149bs z)T5c5&Av~nheKshI2aSQwRTw{Es8`B@g^WT|MdW!4Rz)aRsf5Oi|-ar)5ZruW(D?eDrN z3X76QvsX+Wb0TaQjPNE1g2n<>HEHVWI2%J{5*CEp2@_Yx<`*_~Aj}{A*%{0?mLK+p z_UvS^)5V=6Qr%2Neg+>Ymkqj3Hk*SRWV1mZE1ylUDeHrBb+g*6$!ik@@(Qxp=#&X@ zVqHfu933FmnM?f@I3J<@K=%qR#8u!YWai_>+Ynp>{cR9@xS&-&K?56G&wSr;PjWt4 zw#Znm=_}lIn#;E@c72zW%bDru=Up8Tub@KiY39Pm%xg?SU-CxX(e%>fyUaNrSTN{SWwkcR3%Zv_x-Eir*SX*Exx@=+T7v;lP|PexB3xQyEx;GQ4Rryh=vgP)4aEH(X@1dA|M zXQvl$!~_lOpuoz`QUe>D6K9zcKzlQTH-e-)w?LqMxslrv)9bKhl5(hvd$p&I>J3`9 zlwJuD96)zMd?=Q#?Mq*v?I3_V^2vIRj)RWZ2T{FN2-Thds-wr|PO*h&YB={tp$y_; z6hkykH5OKr&KiVM-#%TSX(bZlT}`XGEgSAa5b{LzYPVAOSp>=SS z^}MKnTv|uRJ~% zvk+b={(7Rnv}2S;O9S_TjapjekaS2^e4^(7e_%@f1u6O)o;*K%_VT$- z$PasH#&EjcP-S%tHXjThwp$_}n&%)3GXq(GVHZysgAY+}*kaW?L=YQU{)QL6#UpF+!b1XDm3% zY`k$WVfC$s(@rZN@1>?Q2`5TE?Hiu10JoMRaY)w;ZYbZCK4vEd)Y0wWLu-KR(Zb5n zvQ34}EZj5&%}J7Bj-DRB)_jVcP8Ln#sSgu>ZP1!sSqJ@P_>Av6!01~_iX2(83mLAp z-t|h6Taue6HsR$F^%Gk8>shUbH=V=LfiQ~F_+5Xpv*JO&or3H*%7X+KQLhl)r@%W7 zkKXTCf!C*eg9CUP$iZ6o>_p?7ii}+nzC^6D+5Mo+^B|UWh82r?LC~3Q{68Djz`TA! z?VpnbtWUnqDhz1Z);%CfW0%gFqEJJBpXebaZYb#&Z=E3YKD@iM zuJvcN2d*-7Z^mWDk6364X{;+%wY$ggc!4-6NjWuHSamkzjiUr|5)BN!ViNt*2*p0v zOKk{%g(UySo>TGn3;01^=gq28p9f1VsVh=P{K=^6N;pup1|22qD^>-$H?NUGY75nD zufFw($+{Eap4FWN{`no0^QI|)=OR$!gytrIF>b#bss4l<(_|NGP!WAyKe~Be?_?21Hw&c zkar%7J&;NkrzkAv5%XKwJ{z~EONrjk~NmIUj(rU;ez z&Fc#LQbPb-qHm4F!m+ulIRwWb9EF+JdsC=Gc%OfG-R$4KhO8f8z-Js%tb?;QVgZ0b zh*@+=F?^bVlw>Nnr#I8fDIqH`Wm>TL@L+T>8jcaRMrJ_ z18AnR%F@i=d%d~zjRg3KQt8LYus)OiTEwBBY0s_Ep77Yijylutm)9o&yWNcp(qjjk z7}JaGXaPzPtMuWudssU2_Ev&^&KgOMIdRJP&m`m{k&u8j|43w{OGpBJleTLv95LyT z6aRu0V4``(vGinvBviRg1!r2||4LlLm8>q}t_T#HyM-Cz+q}429&?=BBa7~FgYfj3 z*xiiSeM>7`fd7&;_FWkA=Y`x*z@(1sSqN|6cDE>1Ks3=o@82hH-=Z%JfL9GDPT#*z zSGF^z%J1Jt^mG>)c-BCvZ&V&D!NB+DB<}WS3kugYsRG+)0s%YqY0=$;c1LDF9(d?I zzG5g2oU`{Gd}j1MEtNj?@l&lMjrFQ)M^$T)?^XMGQ&KJqaT*ZqL8#N!nkD5{a>*N5)9O+Qz;w)ByNbz^H01WOWn`c3P#1i>{of7JFI z`b(p&tRsPOv$ZjRQCjoAn&sZbs)mR28!1_wjf#dbtXZBo|0YwmI+O@F zRMJ3+WWFh$^Ef)}m#kB)K`kUmq+`Rx9v_{;%iU9d@;=3~Ifu{s6j_EY=#s|B=F zdrIULA>bk`z=rYC1XK+47S96b;QJ$Aek+qRo}9@jeeeJRO|lbcXWkr({fo4sW zX*NqSQr27?-gw|jr6mLnqyg@&$*$gyhruDYY*&C$1(rm};jazhN-|cbXt=AWMgmh% zf<^o~9!Y>EQYLv#&W`0H`n+gZbVIj3V0 z4|iwFDBh^R`t0J(r;cg7DPLtBZ*R3A$cYa4p5IYeRI`H3mq^s=vH~h2Ijl$j8CbU< zSBzg24ChJ+(f>&-{6xb~0{E@P(e+ND+EZUELbMXUIlUlP_N8<;X!sAci1tSskMduv z@+^#EwO>~PODbkmzpy@Iub8xJ<|+aU0D3@$zjoS*kc_n6A&M=gkq$xN2hU8*Wx3pR2Zf;2|+8L2m70IMkPKD5-*w{7ZQj6%2xEQYE zh>uVWX*GY|3X83`J2Ly+jok%rvtU0uCrt?*GT&%WMQ~g>7@!&x5DOtpQz}z}h>%>^Uu2bJum*!fx zzR2#Q?b;V8d9|1cJhnOqu28RqP{+eB2=1`^I#$lUnVDE%jUftyeMw@Pj;X<=jgLzwyk@qjaEIlVU$t52>15A!#71GTF_RFD$Jtr+`LK{VzUxf6lTnm zOU)aFk7v5vEVyEt*$fTL+eZRV&jW=OaZz$$IrC_oj$2>n3~hw(mP*0Ob1OZcSNc7N z<68eU(UB;3Z@!k%B63!c0WtyiTT8Zib-Kc=f;VZ+=Yx-F{6hGja@w* ze#{dXNdCWD?$a;HN8&+i&ZfU#CKN{3e_+CK_nei;lIB>0`Cv|S+A<;x$FRlO(4)Bi zv530)s3$`8^gBKbYIy6>b7N3(TH(5mZ~H4;JoU}n^nRTJx8@99SC#N_ z+zuyVpFoV_Dq2x>)boyl+F1%1y|z$)Yq#75=0+zBkw75mOl%8hk9WET9K=~~ zD4?K3Qd5&m;sRB!5hyGT1!$QYX=oGVJ#>|>4=y<(8t0Yhpk2&9m+tI9%hsSG&L%bR0~VNi&Z(iqoTjl0-Kw8u)eWS2pI zM-{~LRPEOGK`7X{P8%?guuo)?R*fa_&Y{yQ%t4vwhT~Om%qYa>1)IW{)GgAA|ADLA z7OBcqtr=IdR0{;>L=Q|dgi%H+$#H=SrhRWcIZ`vw=7icx$)vh~c=(mH=kDk8a}!+P z{QPH2=}RJU0yHsZv|*V-OnSlQNT(8L*)UIAx!poAK0GR|W-NlGGnrfyST|ZL3Jmt` z`wS;@s)#EBmn5+dxn4PiB??|h^k=tVC{}geyrC7Y#7OmCKC-2he3zhcj6hIE(en0oe}q?<^;g!aR!guK13b z9H5fm${<4AmvLaYS93BW{GLvWAzcL|ub6utg^$3Uto~BfQao`uZHiNf_$Rc36|LinTsy4?_E3>5p}4G3Kz6v>hSCUhOd` z@B66OLVMFVlaVOoTi7r*5;G~5OpE{|*?wpZzHc)c*}#KSBJoNSl-<5boP|~_aZBs$ z z3Bh?}mecS;4`nhO>MG-*YG;S)Jzh>60C?C8T-rQnjX^z4qKCs^;q;~YyIVOJR%_{g zP-Pp}u5QF))!G4s{>6h&y{qTDjb*CgGee8N>!hgEw}(1A>IRH89Wh&JtU}wfeC9y4 zg`l+&sskA$ic;Nry@kRSSZsO8N=#L#*ml<^aUA7ZF6c@4tKu^aC{!Aa|BfoU1G-nH&q@Z}8bcO?l3 zoA5pndc914fh+IaMVWDxv~BWBmV<@xKpkVij_<3C41Nl0w)Wc*&3OAfEw%km(8JMp zG#F=}@>y=|ad)$aYPl(r}Uwy z^WdD4f?a9ZW=0{G3n&~Qg6qBy-vZW)4z0jJJiS*6ncmxX9+ct3f{8kHaQ~|(I+p=t z*dsE_y<4e|4FfA_4dqw`TKT|HKO9rU=l7r8h{5@VP0uwEf@rg91YTPAj*22T2-#xf zwcUY_mesQ5_L9FWgn{yqkWx7eLb&^LgRjOr7>Gyu#Z) zpZ-haLmIU14(slZ|26r`Phaj$?*89-Fow3H>D%%9i9+qQgY2DP><5eb-Gkk5%n`f2 zZZ@n|N~L|`s2$K|sq_{p5G-q(X9;OR-@1Ps zVz7b=c%kZ}5QFWgK(q>WL?3|~#3!N^4t90a7{BS~K9c-)F=DzbTr0^xTCgIAr{YB0 z4Y>GNSQ?8H{q&r%vSbx<>1Lc$V*GlS2Qfw}Rw2%q)Yt=jSVMDAAOpxb%^^E~+SbE- zgolGjo77x z!5AgxiVS_Vg~0h?PMJbdMU15Ac=?$SB*2^-n54R-oK=x2)LFoo!z1sTns5p$Txi1{ zytJNwYFZFRuadhAt6Quc3&Acf5nYlkV={?114bvSV0{}Rw!=OePpKI zpqAiBFw9}1PTZW0PV+6j8MT9*&)-6CN=4<4)%6fa?dl6mk$$1hX2_Fuv( zS@2^B0Q7%Tb^P2ny`gCE_AQd;)dvl9kb!eUD9^PS6kiTdir&9}`xd3z7&u*P{rqN` z0`Sx$33~s2a_#04&(Zt$12AP%(@=OsT z9i|D}ENi*Us>amPANg)}cDfnbneN#&||_hc-x9$I5&~bcyzQ z!&4C5KFo&qe*zvPc2;Z&3j0t6-jbl3IFN>m`x6Avpd4il=cJOM19}*xFW8Q4186+g z3!S@~uyuC*g}c3j$Oc;YV>84!ozuz(_SJF`a9=u}sE$e}45qg1#m^QNlr~BdSF7zvpxdBA-aP3BF$ z1RCb#a%k#E2EHwNMqu*IOBX9x2G+*GMWGr9$q6p~oeewey$)z)b?g2P3N;w$Z(pN> zbo?kC>4?K6gU~q=(?aYcK}aW7Gs^_JyGAc$te3!-At~5=sNZvb4Yqa_p*V%N@)xwE z(gh09WLukssq52wifAI8yU@B(6nu3J*Xrczg$ZuAYKek=>=4wJ)uiK9%=l2Dhrhn8 z#>cTn_HAdn)FCU4hDRT0wRYj8B!d@77!EF+ekYidp3Be#3~Q>~sC057sJe(@9YQ3h zv#1Ba_$z3HWk~%L*~5y1pp}pW8$SjjO{@7g1Z^xe7G+AdC_ zc}@(H%NVAj54g`faepKNun?LWGM*{a(UKz=3!D8udTXhG3-Z*k_E^$-b{D`1{p&^m&2Nx1%# zn$*L+5Gll2=R`ICr)tqA9{oeUAj=Iyy&%g~Bh`-{aP?SUR2b|M5;XbXpuKSQlS%j@ z6PUmFFe3fTL#&XwHOAq%6M^JoGY!Wq|FjH4&2o2QuFW;{+_(1n4({48r0Ul9>~Va} zJDx$57k|37+o|Iweu55}YM=)q`o|G}R|<3|r3ef1|ax~)mB`_~AG`JYA~ z+*f;Y|0e(5zC~Z8Pt~oO0t4{=Jz8Laro`xia8ZyvMNbzbyFgS5bwkTWpy|@OiYO|n zKdSfzj4{4I?};sv9%L!OqSn)V-+Nobj%L=@BV!&%G3bbtDaEp!dZ}!z?Sv5-rddr)}H_K1u1I6 zMJns!1NvBh{tw0v#|N$R|JD764?my(Pw{UTooEc$dHXgojM^I0kL3M(s7PndenYF^ z(+o>lkW{xcPlG3>ooiNeTFDt2{5LTi+z0@v^3LBoZ{H5@?etKB1u4vbs1OYi!v_!V zKiq}CGgc}lCVBAHS6_Yg`2Lge&T9cCFp%9Bo}thn!$px)L`aek&|To)QZzVy{ms+A zAD*0@zdC&Re1HaL&tD$DI6Qkk*hBB%@4%b&*rL(3e6g|{n?hVZ(?T$oX z%(pLcCeh?;M5~;V_@!z zfgZ2+G`DMXBR^o^eUIh<1dSQi$pDTxNM{yl$dX!nnipc0Koj zU-Xx&28VgMs?9<4LG?M1ydi_$gQCyLiqSuHdBlwyz&2A^*(e<2=1Ld$g;sQ|n*LV( z9IUSOAq!*EKW()joyy?=SAX2N0BhkMbiaPcgpa}GZi~rA6~h7bf7m$5mGBPYFCQ|w zg2-*A7F2WP3(Rv;k^CPkzIW&Mfde%UDx1c;Xy%8$gPH9dyfO7 zr}km}7|Vqp(HE+=)<>E|Y>H{IhB47)pQ`g>Dy831S3e{J5hQCsi2Up;CedB;Yln2K z87mstN1dT99$t=dQ7`a#uxBQ6Er53I)Z&5(VF~GX%Nlcn27mi{oF0tQQ8F6zt&Zxi zGoX00R*!e({_Ub4XqB@ofliwm-ug6yZc8(5MPaP&^4#qZldnr9b!Q7QK}OIS-cww*u}h8KV}Q>OjDecjjJ~nn@{xPzzI(RC zm8v+E9A^@Z@9Q^!f*$dgV!8b z(-|d&c>{q57<)vhKzEIU>9bd-sxH{_*Cg9ZcaCP>Nl^hYPx3-s1AVO!x5r=zenl;nxR`(ynCQk1&MP zHS5_TAC@+6O9pKHp4|$=52=!MRc=@OKu?i^cl&E7`#)g*3W z9(Q``U)sdVgST%tEzbM*gB}Pq<}zWk$+pi@`bBC7wq~nFeiNagxiO*X7j07cYr`bW zbU`?kR`2{pXYGQTts6u;xofivEj38?zj0agR_IZ>_91x4dG*fGSr_6gV~sX&SFFZ$ zsiy&RsG+PBD|>Voam&;&4yr9eNUfp0?KYkI9!j3>U8Cp9plWojwZx!{a8l8EpaVh1WCRCmDdPc@6YW$8DQN;*2A_5ZWS5MUQ(BQ+-}Yi#nIJHC z&=YTMnfo5`I4qks6QzEg0wXxHvb}z1) z#^jA86?EO(YBdQ46D7OfLShqF<(j)q#VI&|MxFk;^{#}-lJ2cr|BW-y+EW4U0B6gZ z1iCU;bcMlDTI+FEF1w;xfhuU6jvrrlS?p+zP0!)-Fb<0FZI{Teuv#E^SlUB(;V|9u zLTl_1$#b)RYwf?nn>YHAE^)cNMc8`#ukoX=#t&oruY>#Qf1mBY zKEc0rT%&!>1CiXGwh8j6l4gt(2Eyj>a=ddvt9%k!OYYcQVUryj*JcY*I^ZkO`}c7O zN90+zt!4SZ#B>KmS;Qbq*tIkQ@n}Lrul2f<6ukpms7j&-J@S0C?qOJ67;;cB>5=tU zHtu$5irPWQ>5Og);QGsxiUrnf z#R6ZuW7oJ}R}*IB+#0e=Ri{xOvcJ4w87{5?BWPtN*O5TCIz$_#*mUE;Xb&w+zX(GM z3QRb&deu2u2P*|FV#psW_M{h%Wf0nSG`*D;Oi0l;Qj`424EV0G!rTmMw0FG&79^SM zOc4wk6fdXf_>n*ZT0xl9RhGI9FZQ;sY+n73^1ZzkJGHVC^#1+u;;|SS5MsEpvg<@O z!8ILTj)y+^aoDaaM8AJOv|i^!*o_ans8*6K(@6@+Io`k5fgpm7=q^rx8#fi8D+WKN_qjT69>eYi^qy5U;(kF7>`kd(ohU)r6v)j{L+s3^C zI9MhF?zLb+n--`bOZPRd6VoPwb*(Kk8BXj?0zWo0HLIYk+_P(qNxS;!Q~-KlVaYYt zrw!=C2J{lwA{>tTef^~hVBOAYg#}N|g#8gjX!ZB&4}MKwelq&td+NDn0O;*)&bu3# zZ$7Lx_^kfqE%;`IstA$BOLYuD!K|k8@e)f9^KEwwAf_ho9fpc;qlZ66^ zN1=XI1z^r;HKVnx@$6OZ**2EboEE50XqH8^J0wMzdhCy&p zx2Wby~j@Wu4MHw+j`^?xCQ;I7DxgOJY;0z<=4sJR@emXs@sXlHW1ge|kLd2j5O-9{*j7`ihzJ7v%-~zv}+~ z%<<65_0Lkn`ACEUfnDGvs%y#Hk#DamnuA7flEeKLGDzhO7Amz?SZJzJCGwiV z0KZQotYVJK1!m3JrbM4BabPWrsE3i2iz>#MGzV93W5MD^O(Id!NIHHHN@;W@o~xw- zOJu7?Ue9F$J9tba%l2x+T$;blDQq=S`i?Y%L^)bCwkC;g$pbh_GomrFBcBY({}pAr z`c%A_%lVYLsvP7IImv|qDwQn66Wq^FV`8TRHwlwMRscHeMB!wN1WwA~<=o!ET+nlq zODu;*0|8a3iRbAOT35)k ztM(b;z$vCwepK^HMNB!dlh$ibL3$)^iN(j%)n2dX+{eSI+|O!NDHI|swbFvc$XD)P zg=%&5_<8Q*hb!+yW2Z^#Q75ypIq9+)IAC98&7q|Q=T#OGD%x1^*vk0^QfvGdAd&_Z zDkH%r{C7O8od0_`?Duv2_eRoE_%EC0hP)3}9fv#ntY_8}O8>^%tEYV=`GL7d;`NC~g(8h|86BJ-)LoEe0%=a>? z!oZjFrTsN1?S+hWvC>53qE$YLh-XO~av;kYAEjp#~Y^ZB#z_73E`800ekf zIXAbRN)K|ho1_8`trQYJ&y8mJ;O+7W&wUqSudJt*AqXhKkgR4UC{pIi0VY5VoPcEk z3Qz_q+!mfE0a$4qGsPqXEnq!jsnQGrzysQV9v}rifCGNk^EoP@TQY?@)j92x>Y$}g znE2_FGqnUS`RZ80nmV<~Sr2hq{aocsDWw`GEt`EbPm=K11hv}kH4PTULh687CKNXh zMAh+M;M?aoBvBBrO5aEJ6j4P4*nt1~M<*v${5Lo;HU8T~S_=R1hJ;|#aNs-Gy36+D zr%2#qJ-^;DtmxHH?hqGyZ}am`+4mHmh#eSeylRHMR#k(yzj&}xxze+i)#LChRWK}t zYqBuSpGu&GbuR~n6dx@;BA1KUSZ!({|HGg|dvOQ&tm7Q&QVq7tb>GPZPFR^E1Z`xuRXp;Yfn*Ki+9&7*4M$$&)zp~JuFBIP= zqf9RY!ezjB&?hvBtC0y%N#pJTP*{Xl)RbX#`5UrmDpC{vpG)Vuur^XIi|0}w2<4G6x*4w@o6yR{yGKY>r__G>_W5D;`7XG5U{o%xkZ#P?~J5ktrE zZ$4&x-sNOPhS|+M1lf^iLysnRKzP2_i5Y?a0yYjAqj`-AB_1#)mk|Xw2w2bq0r9V6 zT!NFkqHHulUWfqpfQ3edX%h27$| zuf)yqZGMi*x7icq2K4S6ll(zI{NLC`{P~l_OOXF*`#0VVB=*~n@8_A~nGsUt(SNWK z&m4%|`0dOO>Cefjrt|iUAHM&1R(|mD{rUU>iM+SrFCj{eTz>)|5pgjMlj|w6O^2)> zBQNO-)(?5(hX97)202cbF^KWz2z>h~X8YE=`<9u}e!^aKn-#!%IGNV~h9TSY#!f=_ zZIoO#l-!N|HVEDl*C&8LI*Y3?gC6+&j`0$g6$OEVT;x&cq%g5a`XLG_BTw3sxo~r9 z-k-n^KDor~(x2>dZuYIym{B+1SMFkO1m;`HU3fbJ$45tlqdfp7VWL}Yv`~Ve{Ws6K z`{eud2kfBabj7TX3sPWd1x9`SPloa$DnQfvKRm3)|MicL^!mS%bYDEmT%rKH0{fn? zy2U99(Ysq5QtYK?VWpQV_r6PH#RNMjUJ_ssI2hUBW`;aAPm(hXu0i#>vtaZF>}Pw&O3wME?h1NUFpROL*>`;ZDhhyc z-8X=de0MX;A~tzdtaefWH-IkTE!@^rb~`VNc1x;DEU1jQU%KI}H}m}~V-zb1owSz@ z*dI|aCD2B7;!bjYhcN=iz$m}YOmv-O88JrS3ZbCkP75ZFDnV8an~yk|HnxXqQGG2t z*+|?JG;oqby+G}-FD9?^03~UVe4^mIV&z{R50Ph8FCgNdCsrt;k-M0+XJ>a`B~e&c z=@X z+Strvvc$>t8N2K-=#QXyddT~ajonwy*|H_Flbhdvteo@x{-b(J6qzj5FOCoG@1X-d zYu*s$XU(lq=dna3J~J)v69dfk>J;Br_J>;7CXHKf+U6fIBBA(Kq=|&boA?i56SZYPjY4h@kPkqaG zM&RP?qnh-XpW(zVJW`ik)tvccIjr?*IrNJk=e5!(FThNRk|SnI-CsFUc4O;*YyB_1 z!LW@Q*ckuSulj!mgOfw8|7{|zV*h95TFC}=F>?(sq&2F#h__9DtY1j1{K@Uu=9lbO z#M@ex&TIgzLJj2cTEQ`wD>>w{x~e<@i$QDopAxQ6{tu3itM>oFa5&KNe-mjH@}Gxy z+ua%Wxy0zH8x)pz-K*_mSaNXzKG;8rkOp_4rjS8ni{dNxjCTT37XI5^e=Ip>4L-|5ktg)8J@O-TyT-Pjvjp zM$($je_GG^OAV(e)vB}MGl*(4WOZi{b(9Vvs(flJl**nu@N5qgTGcT^rIFa~gdcI% z1yA@XGpzW#;#Br|HPZ{vH7e(9a76b|>k*sx(@iESo!Vc>T(`32?Uzf>Qkt-Npk5k+5g^1a)jLTqp{t$^UaW ztnL5oAD(FaZxg8kdE$OP_ri^a{={Y4UbwuGZO#aQ-~3Bv5gUQ*>Ec$ml0w6>Ch_>W zIj*qI{_J~bue8Wy3(Sntpp!!6y^7ebHb2iRU-hhW<++GaRj`+Zx?m7wnM3If+d}GU zBhF9KO8>li9d=kZvo_6ot{e@zThes*(t`58l^3XK|Hoih_5Tl#2HO9>keT%-Eu1mcCg!?SYD=1YA*nh!WKNQXtZD{# z0TU(HNJCzJ`89V!?;4UGiM(|8T-YlEm~u>2kH#6RR%k&*R$w?+=3KinL2NS@@N91` zS70O!3(<;$Qc_(1nKXa_W;V{Y!5~fR|H<)TW&J-k2ipF>kyM$!aX-He@MqS`+oJ`* z04D>ltOukgovk1|Bj>-o4p3PsSF$8<*0yp_EfR;&ii3Qim9kP=Zk0F)oY=W85|$zi zk|%9yx`H*eCI1%QXesCR>#H(5p+6dwq7*Wh16*X3Td->pnj4(sD%Eb+D_1x#xH~5Y zg=-7g>450-6%PJ^2%g+2v8rcFSkBdY)e)QJXr*^|3Ic5o8d`Rp!2B||s+8q_oAuxF zJxYAXiOJKTfLz$gRDkyO-{awlw*PJ+jVsiK~(SaywvC z{O?Ka{@0VEBklj&NLr8l&%o%`7!bu%Z+&jX)h`SicQeW)*7mv`m4>FWiL^DRb@&7q z{Yquqt1>5LdvGI1W}mHY3!9s9*I`;*Y@qOsf{J#=rTB{ivRf6vGmuJbtPAnu3R z&oGR6LHWPR_}{^>7XLFm()QoYq;~TEk%0TU1AtesKs*jK->wkg(vl_@#;s9!`&i(0 z;_gL*iW~AOp(jrMwB0|f1~#=Rpe0@sv*y%V0Vt{QlbrC+9mWM!=V^>$wXawa>Rxq3 zxq#kzGHky^|D1q{GV@_#rSROSESk;eZU zNejvUM~m`W#~M(v6SL>rWGI%ITqTmarLncdsWC#Uwl=j4$|{xCY?tMew+X$UeOHU{7Z`9Cy=M^*dp@v+|jv5~Zl{NK(fuXL(E@`2y0SW6zqrksn)?Jz2< zEFrD!a4MNMXinx;N7_O`M*e$y=vFYNP+NRb>GOK(qb7y8nA<9_#a8Hj)JT|Hrti zxd0%0^9UXQHvU$mnrFPK;akb`EpY*G+ImwyfTU>c1bFJHz5H+Q0BE%TA6M`H7#tny z`0tIR1?B&vc>vb422^|i>stiY;RKM0>Xu%BGOI>6Kz)5`=?5s6*X#%o(6amY`YPA0yRpY;g$2$INGfA-if6ls^s{<6@K7t)EABQViql^5iSYiHdOKgII zw%?Rpa9+H&4L*gmnEY>N18kE2M}u1Y*PyTQ-$v4s^8eB7fa_fYD)zwjE&}VY3G&7C zqGrK5w>dFi^X0EnEvz&_Al)|9d<<(eXbUNxWGTcXM*o&$b-|RvLlZqSck^v`Wnm20^#H62@iA zbR*%4UF_0@)uI+m6qE=FH+7vxfeF7xGvD(`svHAKBE(%kB4b+LZTAya0on8S+HM zznMTML733hW?S(|fDmoxfd~k{g%GT6%?7 zV{;bFxbk9?Qc=+jOY2nK)TG8-S@l)O+pO_&m?$f{3VH9>e={@BNXB&Mm0CZQRC7*) ztVknQ;@naZ=kQ!i|88K^M(yUXvfkR)I85BD?dDqm>1+ggnQh2|2_rohTT~#l2n^5# zc99>^xfQ+eP^BtdE{))KcO^!Jr7*0Pur&Gm}fu7G?sj9ELj?&8aS?F_-eSb9Nbw( zapDYbttD-K3TRzpCAvmk?a2Np?2$=!Osf0kYhHPd*Fq(hx#F5mZl||9mvS z$KRzLE_MR{%%y7K3Fa~2xPy7MY2_2vV$wE`sg4{=@M}_5AO_(A4pN8%gP`^hsG=N_)Px`!{=TqX~>0 zdY%u5cU28Bqn!A}Lgy%O{JS}IHsfASu!BM{dIP#Y#J{>fI{qav=A*3B@Aiki@4CN* zzGoDqNSaY}+(hC*`2d5Ta7gzsMQ$3Qot&rhGJte;kT5y(J&HWaDlzBEDwkJ-DFmZ8 zfS@V5{e%JsTIj9g0Av6E>wedJwcq{j)t4`-~QlNejyV`D~mIhnkUqy9DI)&BA*nusN+nVc^!Vb1K=CJ~Bj*q=1b{z9x}e z#NDqrYOt&oHm)U%+jj;Jg6@GpWkkt)ES&e}i8Z8G< ztzz%yyLmz3RH=`79nwWJIn*eqK5kKTL<;M9RDtBm8Ow1FIjb3^!Kl}3FAV1IM}_JX zdZTivAuEDl_ai|}SLzuGT}b?hqBKYKyoG{ZVp%8*N1%ArG7is^9xH_B01)d6=eat; zx(B=Y5J|L%%CKoSOe}(6T;uF3VhtBtFsumcx&9n^6g#o#QyI}D<@QQE>N@2UD+Qyk z*!4jvulgu>Ssn#h!QGm-2-%}k^VH-FfR_u7fQAld#_XkgT&gSzh6J>294`#eiOc+4 z>~OA0NS?3B1oRw@EL)tE^#3XzhXGE`lu?5KQvLtX9G>)R=YN`q`u?|#qIa9qROE3h9T_ZpEi-whx^!1(ifd=fBf%*B1IbBAfYLAhA}FzXD=Nb(sEXoJ^$;WzzErx#sl9- z)x^T9sfXx$+ZX{aa-8CG0)yFw?>iI+#t4{&S2Jugt2gnTki!vkxW%$l@}U9rkdwSG zeoXm`8D+X+7$aa@%n&;9)rl3f}&e$lwLn@$1p(?g2K4LjJ_Ef#W((q;@EZ^ z7=)ZzS|hO~G=j+_E_luzTC*&0Ksc6*b@9pf(7KuuKk_6sD(7IrUzJ$=89Cjb4o^?5 z;W4KROJrnv3HJ{NCkLQ^czOVa<^eFfuTNh!<@=L89Kr!KgjD~Qd_zez7%vNd$}%Af zyO8zZKuT5;DSz>AfD64l5Fld3E0#ZD0d%pN4E8U5I!pA~Sg_m>OwlWVJuonV4evrQ zgVzXLBIE(+g*S*G8-x+FH^fTF9m_R=AqB|uqv`B_Wc5!(P+X_9DzQQ=%P@t}6bWTe zPUgbfZ0z(+foz!*V=p6aA`NH$P4jqUq;wWfao@3%NU^rLK0tDX*qAO@=jw?g33FaW ziMqF_iWonp6pny#9gmP005Tab z??smJIvamdQc3f-tYBg-U7&)8@(M24U$^Iw!jCKtuxSz+@z`OcAJV1T@;wh(6xlLS z5a+sxzqN7j1%5~;I94+Z8N-z92j8Qg@gJ-rN9H%u9L((6$d^&IV9UDl0}NI&fG5Ov z<1*tmQW+LBX;S0o-diPdKWDy%ag^$10?jcaAy*Fe6jp@^cAT?VRbcZaUgQV;1JLik zJ^=mKr|}}+f8Dsq$BUezFpq0hEH5eU&^!SB(?MfF#kFQ3@y%e|neRld*EB?vD^^xA z-q3BpzBdQH<5aa6!E1<}#0+&eFzx$mL@wWaF`(moF%GgTY2JJ>UZy|47!N8VaIQm8 z?4ogq2u7hw#%%Ta0a}#xkpR7vGC639Jo|^dOqGHNnlRXGyj{l}$yJ81v6nL>^S00v zV1HoRufU(d>1o$A<${Uk7{6hrg)>Ozz+}&a#F#1)A zSU+wNgcs=EpA?POwJcJI0;aLXD7Sum4AyLqqSp?@#$eYp` z(=-|=ks8a*g0aY&0Yr#Tz-44l5d}B|4w_Kl`2H34rT|jlM+BJN(^K;sP?V%#8bJa* ziclzrT9~a{()NjIek9PwiP=m>x*BjHTi6px+bnCKgQwox@Pco&xY_n-2*PuZn{3%q`e3)1Xmy-Xn@)S0H z2qU{mKSG8Jmjs|Sh|-`=XZ8#@Rk2^O{ZjF~i{dICHBqWaFoHZA5yVuniQ`KbPl5sj z6>wCdT4nCQC0dg?ywpT?iU3~ANGPSI?WQ zyc)m!rA+F3 zrBd7@cd9Ifj?129{mWl^Gpn=Xd!VHd)-2*#&vDzeqs*0MHz!6`S6*%-#|NtB2BBN{ z-|>RsU3N0L6qeD{$u%;F?DM+zg{;g`Yc8NDYaPTx)j;^Ds(AM+uw+M7UOsq5!HQ$Q zOFfNrZU59u?7Sz^788-%^hz7)i|r==3_e|qreuy7jXY$Z0B60nrOLi!s(sM6#BU;) zh4EgRqT{IZ_4s_=*&1@iT=C3`=M%ncgp;fg^qdWEg+KKz{n8P- z2Tj4w9g=2KtnDz4FS!TkJPu-oxRQ6qdDQwwA|lj(C4P9%S8HfPzj?Kf$}%g-e8iWF z%g2-Fty8~66TmWA&S9oIfR8ZwXS{ww#eS(XJg_fe`}z3bm)l%t_~m#XesCYF|6p=0 zvZ7bopcu<=g*ajq6fyh4w+F+bZIzo%jy5qpWl%#yvS)EH#joKN!dl$WxZho$o3F2* z-fnu~sCxXLkAl!be2;d}!I1o)cX&?SCCcja`Y6UixMV%j*w6{7(&zy`h>3e6O0Es` z9WJMAmBkA^uqzC8KlMchjOGp)arzQd)P*g0{!0ZhGbeRU%XY}DXX1raNn=GGwxo^ewFSoC0# z%gG?{5!62c7`HRQ`q$CodF*i3S3ib-uv=!caBPrp$O+g&*$oqc%E=$ofR3MaYvnLZ zMRu5jq;xU;hU-DoC8pOsaz#KNYbv!+hGU^xC`}bEQ?O4nQu}TnPBhdd9vkM2fY(@H zB)!U^jU>j5qv$J@n{nttq|g8;!k|nMC_6lko#tqiDYd7fx5g^5VBfU>{$(TIai}Fw z_LzC-Jni|X*<+HE8^2@g^Yf{B5>uD|!{PdVcQvBE%Zu0dakeeO)dSK)>IKdheC{+=UqKI=JkkLT0@nI-&N z$hMBC+oP3xrl@f`+E}a%cWk9rD{qZ#s4f)ii1ye+nyWe7L;9saoTEZdx)mq=T=A)6 zBVmK7ln^-7L#Z{|VymPw%wh_=G@+2a$X3uPuqm;^M9IUmU<7qFe2CiIfA$8U%;J?QQ#kzdH3l;-`N9iiGT z3HyHt9vB=Rp$pAE2g%jC#3_Uf%~thy#5zAGV(i@zb_{8vJ7R?<4K7YomhpvRKdOlz zH>-6R@m<6`fehwqgyjw^cD}hmE=N3Zv*g?QA9*`~f8fP1UM)2BkV_Pu_(R+YF~J`> zURVO%eb@|Q*p`E8u$Q>-@Z*0?Z9OUMiUY$&;RhuG_>(1Fu=rOfa+%?AS)CHU(*fg7 z?rs;^8>W5V71LR1Aa=uui91AaRt?2*4zxIX%B(4nk=8-trW#%r%`E^~btV>1dfKcE zN7H%Aw1USDN}NPulWImggR`j+f4|6BpPdEm22P}`r~pHVK{a-X61WB8I7$-B*tvt7 zI*^YgnrxkQtCuOgCZj*@Hl(aY;IYZy2zaoHV6&8W-m=eg9_{D4`Vr`h5D4}*wkEh@ z5BKXz_Y&niLUkP$K&ci<=JjwS`%5ZHjyWPu@O3ttPi?uG)I1A{lWL|0p? zcAq1(`L8-}Jz-Jd8>YPAz4iuui9h`*!Ew|<`>nDGg}6PF5U|;1G^Mo!IYEN~LQ+xS zV;Aw5_pg&cS_VIM4$>zY{+5pI3Tl=9V`947M88D~-Xvt8l6nmt&m}?Rhy8+l` z_-%r$I9_yiSB=4e0E8QLGY*QvIlG##pNyT|NlXdfH8B9u`Wzy&!Y)_4B zZa5}|<;Id^!^Jh%W|rhwLYr!k zieK6j?MzcGGgduVCUmlN&~iF0r5JHMyO#@goKX>y8O`7&GLfsfS9-(|oG8%%k!pv* zxdaV8TtG2JGD>i$C>sD4UzvE1r6jj4Z}*M(oKTV&15&j7!_rc2gzN1CZwvaU?pM${ zr9bLXk4@w+T8UN{wz9q|Y)-V2aBep@hRaJ}2O%&#JcQkxY|$)EXgt}G?VQ|QoqByAFvElnL4pP8^iEA#wNRvUElHIs0osR#Q*DBE&| zMH7Zi!3xt^DifvS5iM?SiWA<{sKoF=W=S~6;KNO)7nR?Z-}${wq0}LkS`8LDV0If` z2h)HEUqstGz~DLB4+Jc z0Jr5XT4ta2cPa`;O}BQdTOJTRw$6th36Kdz zS3)^0;cn5?s|n8vW@imw-I!|6b{F3h#-usY;LgWBj2XwAqiJLwuJkWIIum|z(XWt$ z@LC2-4Bhj}cn5Tt(+{9hoE4?3*;d&*f4Mw0Dd8OmsB!DuM_e;ZGP5i(A;J$`=IQ&N zh!eZJ3EL4LHMS2EdFBYg^y7Wo*SVh{sjy!1r)WWF@t6lQ#wz?a;)*l--0&Tj+4hsS zMeU3Jt55$1_sf2CO_YEZRvzfis^&5Q;3S0C?i8!-$#)$V^haUq$+e}7#0&gEcu$Ae z;h+te1PaU72UY&HYMBxK59a*w=WB!K3h#O5O<8%8gr=d6zpJ@5KHh_#->et0-TG!* zZ#FN8X(xNnEF!~_BXUq}0QU;$*%SJ~hrv^AZLEzPeoBIoDJN(EFBkA2yZ&Lu6wqtg zN5&6B3*L<^k?1}r)vFs7gtK^eL%-_U-ZS+rw{9PUM@N>lEloYA$U@~KcRpj2TDt~U zU&PW+YA0OuBh6vxPLQ+Z;R3x>JL7a~4uex+E+!qS8lz9?fLJcBw&)8Rr| zEVWVJsJaVJBq?UlxQyJn*NlJSzHB5My%?u19{b@ZsDfriOB~A;`r!;rq{~S$*X(=J z^oD#BElIK4}TewV*m5c~;4YvSmr#M%YLR)0q13WCwiXqnHvSTMkI;3dWGo}Iq zW6MMy#g5pvwK{53HEehFM3fX@m&Myktk1EbL3N~7? z5Wku;gZQ;Bl+VVI{pU?t&=qU&g=FU7^Eo14o*{P7f)7^9YpV5LomY&|86ndHQpfek zd@2F#wq;`Gd0hIAyUSxB&Opa=7roeHS0@(Yr$?H)nK(T(j5m3>+QZrJKbblnQl_U@ zogP1OSd3JW{-mhM5oT9o4Uy-Cza~Xt(uHaGi7UzAv&$>NjZeYS+LxBOi$t7IL=`CCz~!v1`L z0rB=&@>XcciJ4ttPaK3eXAp$=R+vArR4!&~s)bYGbQ~70c45I!3%^2O#q4ZaqA8%V z)MQABN1qe73H1vbgFCN45_!8VyU;KVif+WG8A8PrLeAwR+N^7GUW)) zdlbMvkt!Y@S=JNYL;$4RgsodkO4AJu4pi@SOVHO1f}|XSI(RqSZlpK=&`I&$2{X=y zQ2J%3zJ;eQ0yAbhqI3~K%=3pkTuJ)nFiJ7^w%Hqsw?FDKj>dx;=uuzjD5ubSF4s^! z?cB9Tn8r$C8mI5$<+QrXh0p6KGbga?&3Lc1;QKGdmEm5Sx&aXvXG5M)bOf!ik%K&| zLC&6N(63Z1!J=`g?InmKK8uflQ9vO)v}ERqniD`W@RQl<%M$n;?hESpq}D*Y@mKwt z0p%pVJ@a^~w0|n2xGTpA(Am?0X}${BL5jTIeSyqf+emPnGPHX){2qRo{Rhj-GYTq` zh!(8b21u&*O$pCW1IlIsD>2>S>)v=KUD^>SzW$EOR9}p6Q_D6v>kjXqE7%2&H<$qV z7=drg2V%K%0k3yrdMZExjysV4Iw8+S8Q8&!*dMdl!8n4Y;`xzQj>HNl!|q(f*QV$( z)3Z3X6XK)vtZQc*r(>v3FAjEYRyp0flD-BAh#|taPi}T^D_ng32|C-u<1AVTp0jcn z$){kQxF0d{#h2&o@1HU;P9Dq*eV^^YMsg1a`)*cw!H!3VyP6~7PaL3HCLdpocknOX zK3ZKGCM}_KoO`mE7dhy8M9=C0-YVYq+Q!h;b%uG|6NR#Cw|8Ec>JpFe@KDT??`4b+ z_T0+y(?K4}7Asy_c^R_P1pa)j(&%l<7IbUz&dQJGZG1_9ttQL#m9QWo*Ghv$sVEIi zHf`t4rc=$bG&54}riHrK6Xu{q&wJtMl>|A84z(52xU46#&}$mJCo%%}_S=n>pU-%X zI#AJrV>7{3MAoUOnl7kiR$_E+sAZv0K<<%la>U%o1my8>#hJnIzh0n$)h*h;-4`lo zHFjdDYy;{v zr8}8}MGIF>QHck-HAdGjuZs0d(bH3Nm4)xe<_Mh2sO?#*<^hdeIZa6*1enf1ELjL~ zMU^chsyFSU79O*lNi_H!Scnr%|b zvm(2rq}5N)9k_i}2#0hC;Iy}YFlA3^2i@MXegp`gI9A_p?zF)SG@J93!*XKeK!u#3 z`maWocg6_|UH!mx7=~K1AR}D5bH+LC5ER}PklTR!aqFL%eCa-nk{MKOI}K!^idUq` zA|f7Vvq%ciY)Fya%)5SaH7gXvgoml`WG*m!&D{ajowps2ZBXv%?jfCe)R!O?G% zs9nc|u<)zH5#Y4)pL<=K-C`A(1`-8Dga6(HmCMtlrcRtl6f-1Fk>;x=j0Uez7b&kv zzKB$ms_J08NoPxn->@Y02Nr50zGH7faE*&jYaEINz93V=nfX~Stmf(?SD{Z`SL-*( zc2iJLITD-Sbf%qVKrcSIP1|#!%C}V78D6oaCb+YM7N@fZwjmpKxNcgQ^^KF=n;VbQ zrE^7(U$v_dT9^gGO`=AyK~~aMAe`2xe%3)4wsq)6=9axRpt$VqqYPH-ncPkOn#9h? z$Zlwbd}!rx6B63RvlfLqxeF57#LiK3tcr(9`~XGYH>IiDaLZC1DS6yq&FvaW1O5nq!Lu9g|)KYrWVl;6ogm^46l9f)O}bi-L+P)_&votS-dL_DMm z%M{A+gqd4eE12N@=i+rz2|e!CAl-2DVp%Rv$?IG$&nf_#NlyGd!$<1p%3YuI%H6C$ zg)Be(T+Di=wJiTz9jgPqu?O4myA$-@M=Iu>`Ce6ATcixJD_^bH#n<6S!E4QjAE$4i zEKc-AB?#-Bz}SEeM`%`$L(-@X>`+z@+gzWsgSjK^f=9r#*wm|`PGZS)o7g2&oy(E7 zs%;QBWsmMA_mpL@%dJcr)$8Q9LZFZ@YnAxvCzHfIKNYN|2o6S}m^o6k2d|m>@Zi*` zM(3(9V>UDtg2Gap)0;UxxOEm-xibzw95)FyJzVW&5bn`3E;kI0m0&p6RO`(fHsrF> z9#Kp%?{k(=gg(4A81M=d5y2`IF;u<3TW8cDUOr)vlb1gDuG658*leujC6Wfa0OA$r z2W|d&3uzO|SrD2>n=#eMNd+ybWm95eathKDaumMs5HR5l1=MsRw7WGMC9*|5G`;nT zRXoj~xR4Aw0|pgzNLzI-;sp}yz*Fu>E0lT^k>)x^x%mLT}M)uVztoS6*(%U@pq|OMf!!&f^ac64JNme zCE~C-VhwCH5}twsg-4StdbzQ(eES_#eT-2fOE>Kt^<t6TWbpG%pSZW9nV!7iY$AzR^%8QwwlIGBokb+BK$}aZwvwvaSqlunc`sIN{h! zh0=A5i`}B=kAY8>UW`^Vg|P`hI;>+-3(lb1NW+r19}(u5>c{hzRk;ZiQJlFf7pkh~ zZ15W?=5hNTkEZb+j+;7p_%pZw{uq$vF$1}cps(LHLwb0nkQ`uLUEO5q3OjU%^!Ay%P!afYJ68#aFh3yT- z0Gs~qQvsf5PE+Z^X-23Va?)%5+hd!AMq9cFFg;kLSpIDLS5GKQN~!fOKOcfx&Nh5H01PU?Up&iUzX%Y?y%Clt9R*0@smN zhXV>N`|Mnfg$+Wq$)c44IsPyCfoFxvm+JNsOjv%&!FX~$B;bnk^nm4w`UzAR6u|>R z9oHSEg+8%d8DB1$K})49Eq~yW7m^PSTrXF>gg_SNy?OPPAtx)&p4yAq#r%^7)JmI? zT|dZv#e3JPW9t-S5P5N?ZxIH3YWnEbiN90K?Cv=Rk}N0Pv+{xP(R`Cmy31E>6{XFL zX10E1K2^8T&}aUMm2dAC{~+OHkaebA4#N0}8Z6`}KHqHypi3(=DbgTq{j$0R7w)cm za>NGaOjZyvbG|+=cDpmyyqO9?|sLO)(K_RD82y3mc~{vRM8 zDiCgk6rp-$-SI`_H;nQaz&4x`>{2O2NXW$TDn$mJ-Uv)i5_H-_U0?{A=^{(SCWG*@ zb7K#PD-&WG99eqsObkMzDmxtU-T1&4;5?MTY8Ih!%~8&$vStR*stfDYFt@Y5(e*_Xf~aR5og;r;5coD(glV3@JONVwL&{|UUF}= zaWN96GXzg9F5B>qcu4B+jb&VVh^Q5Jxxf1TGCsssQwG13r5?0`8tk!z#L`#dKgZ0n zRfCif(!l2GZXmg)f!;ZD4g7mO(vZuIhp0I}j&Q)EeO&qvCbv#&!mxd+1FTM`0ik+QnW;}~TGX&ro`WphQuxVzAM5VEj{8tD7 z`X3)tsO(R$=t2ccwvgbr|jYp^uv>GCJ!~k=nCu( zSb)>k!+eetB8l7Q=6lA|P*d6w&kj%{8HxM$Eip8sKs1scH#=KHIGepyM65W)?$gfB z0q7;91X9lo52*h2rGb**&(lBL9W8^;7+EXAntHf^q5X$(%6B<^mP*4>KpL!Vz1U@j zEbu4Y1Je%K3`>B}2xf9n-+SV4N%B8Hd{|L`d*B=$mQjyL5Q8#X(*)b}PaWiG4?*|F z9Z{{8gpgTyB6V2XD4g1OKH6#7_#5@5==X;Ag-bQc;(g*&2S~4czUJz!y!HUthsATw z!Yf0JSK6$fuwqR^Usk)OSKk)wTdZ8oxQ!agYtN$@#*L$q5AlRxER3$$d;sm~C?dlT z*)2U2n+TjZ$Rd%P7IvQtN>Q|uht||*z@P$#G(9nqXzy+A|KnRelJz#VtW3O_w> zjVqBS7VQqXZ7NcA*o|P6Dv*5eib&+j5A$>=7qIy@#;zMlBw*H^-1VHo&-`;591)Qb z5>p|d(hf&}%ky^NsL0os5l`6#o*_2jNwaA$Vy>Kb$Ye&N+D2DIScH2_c^z}w;j<60 zCvPqv=mlXcwyzs7Zv*&Y@KNHE{V&4J_WCO#V$SlJXy8b#QR3M?0?T%xhHszl$(dH6 z!Y@aObetAqHref#^XPoPNapy#A)~eLdQu?RVxc`lQ*^|vF^hZoM{X}0bh1+3 zoM#pGa2@Yroqh)iUlm~~gte~igZ8- z%hfH^LPb#nLDn{N!FUMQeIpOYi&162tkulZ%LCwp@cx)udbMT>w*XBC(d;#?t;0CL zR)TN+O=XMmj#!N0nj_to%c4j39i>Yp@a4;Eo72l~LjupU9ifV>!EiT~?OwW7t8Zr(Eb z6n`J#eF<3W?k4e(!db3&y{Cr<5XXYw92pX6cn^n2^5yb2hd;)uAt?vYpTU^-g<=p^ zybLDvH!#W@n(1RQ0c_a9#@WGu%vY{R@U~FPW)2~N<`On^GbR5}#S9p*!g5A*oaznb z+v1t)As4G_+mDC*2;mH|SW*T4VLM58gF+E1yp zb}W)vHOt_hZsN4g*sY&x;w0Q>ZkXusfoWwHX!5)<(b{`2dp2I~;tId%9Q}@rV%G(q=L`5*ex<|~!)!pZ z)qS-ts1`?mq_Kl9WLD0JcGh-so!5&cXY@}e!8xTegoVX(^9q8aairjJzi1Z-Zki)! zU(6Tn>fCG8;ilwOQ3RE^`U$+ZJftgtHpnDlIE<1v7~5W09dAamVS`y?^F0bL2iYU> z{n8&}#?#PPps*{#XncCL?WJX&`-5ywATEXFyVV!$ zGA;NEyGr%HV3$JQzr(KAz8z_g6y@>Yy zNAsLbKV!qeQLOUXnalwRO;`e>Xf>W46+^}1RP;^@+a$8auK&p>U6ZNTqMTZ}9B;q^ z;@gL~(?h9F2?mJxr$7eK91?K}$4S(Ns#O2rMj3+*{3?=*ei9nQMGf{s&O>odP#)PF zaePX6O3Z`~2u}a{T+z_2Lx^#H`R}L;uJ^yAu2>)*p47)jAWlLMM8uG5`AG=G{MMq} z?aEo8xmyL3!u|gn=ZYB^=D0d%d?5P(mVm`<>4Pay29iw|H~)1QF2)%&TWI^4J+H>G z#@w>>>)VdjM8#}cVndoA#ozKAywly}uq0igDY-c0$E0dpk2RSXgc&;vGuwHNPwJ)f z!mKU&Z1tT{RX-ovJn?w2swiVR$pd)btu5C(6%|`)PUnBrz8U|jeaHXwg@gCx-W#ZazGi$mf2G#+a4=3uWn^AsW8{B``-k$(#qa2XWkL0BsFFbAgy8B+}1^xiNJ zuc$bxqnn30o~)Inn_Kvq{uk>)5cyBmWg!-nL+`YbE|P0Hfpq-4Go(zuhW)$<2{EWc z`P;=r(w1D;D*gjf$BvUe)XF?!Ut>YR|v0i${b& zlr40T>dJbpZ~(mibTX#Hh*(+q}#FSKJkV3r3du6AcN>n&BFEsHS&iq+|7Q(cNObDU+}9 zp?8A35;{~PbKb54p@2p5cZHF=ES{x897deneR_WZuWT2&=ec>Q!b-;K?zV=e+slXu6b$poJa;MQuqe+XEB*j8(oYY?v|8oe+CRO89P zo&7-k8I7qxjW~Jt6WN&;Dj=xUAw8-i0uBId-R;dFB ze2VvkcdhoxhJ!&g>kQPHL3Ft#&ksDL^S}pGWjkk#3#N!TB&;VY>II?Jy9Kv~3U3H( ziR}W9;k@?LFW`&}M|n3U|6(hvIXI;f01o+8u1oz9&rH7ApRC<37#xOBU!}!dOzsMy zC+k~VK{qaGn^tZn&<#=<=}Z%SLCavenus@v9%swvX!*{Nh55v%xRNbPSqGy74ALDF z`fR~}YF{@epy=Qc{(8?9H0A6AKqijg$M!KWR=R!DV)%3PIOr5VCl8Q)naShbUeXdc z&21??8pI-p*g@jYn(x8I$=RNJ?O14%6eSGl3ksf5<3Y{p^p6u{)vXa7k-x)OoJ-4o z-`)C!2+Ulm++YDAb!~QUA6Op@RcClch%yj-lD9 z5NJWM^)Qh&QtkYqV2no%E^cv9bs{a9;wo#3P7?O9*7=VgNt_J#;bU1e;=FUGtXpkYHerNG&mLaJd4v|CDup2~QZD4McgvaX9THkeU zgSZVTVI&oJODKw!v6NTG2W=lNdZ}=Dz*FEj>v)8sS)uaNUemTN2&MXo5OgiO^LGh- zM+z~8T-Yqe=MHuvxsLhGkgAgV#ZqRZwgI;V;(4kp)G0peIZNZ7vHQTl79SYmj8)hmUxTfK2 zP^&&m^*x8D-V6JED1&}*^P|;}cn2~R*NC2zL8@}WLeHzK)xWmgfCkzm5V!?i36Cj z5P)UL-H$8B*P5D=*Yr1C6@j}KiPflwS!?NM!wX3yIPzh{)A2_r z#V8HP!l1V^EDfCp_c8&erW7e36tV8Uu?y657Y#fm2NP}>=_&fYH3)%OK4yqe#pc(h zZ+FhJJmXXLH=hRiqAQ35CAt4+tl11U(HZ-kuyl6CzIv)e8h!lQ< z1Q^nH3{_%)m)2QLCQhn@=i&rZ6>?SHr;6Bp@aiepRn}}8E+e`Cc37M5Yz(=n9f%g54?EO#e> zs{y!>xg3eyZmgaDf808cM<&p=M1TwPn~@ zau=edQvd`OviaUg5kTrVI{uTc+2DU>Rp(PxyJZbm96p?%s9lkMne$K+FSs?OA0x9D zXOB`i;ZzSc!~~c(&dLaMKzz^0f|L6mYP~mI8=;l6M!UQOsEX#Lhi)B0P^eq} zt^?a0G^n#=9hxf)7)#WILY`aKk>>%rRQNuCYCGG6RrrvIIhP7MnKKPvs@tscCod4A z=YfzqEjXQkI&GmcE=f#PfS4Mur8h2|yH42QqW}6I(!Jzh2gkXzKovmqvpOz|0I^4` zzCZBxDfTo{1xE{sBTWysJ;fc&;R3xm%7WMosR;%SaR=#)$gCVz3=oPMlmBqfdRAHj?-NL^v}zsklK|4~}#| zEM&wghpDe*c2x)Drf`WFrN!cqcDOh!N}RH8K6@CTl|A0$G6dKPm0;~g-kSk3T?CHK z7d8R5tDlA3Ome#0&*Wb-S?D%b|7t|M`Cjz=nf4KgOSF|%@xfuvHHaGr*cwYb)F$ii zSm7J1!=%gde#A)#*HXEI3>ZO#;|3WV!%G5RgYy5BxSC_{Qo?_VoP;O8bei4EFbT>)T>J8UBk}x+xv=M@cdx2cg`jhu`8E z38obW)EV(fmsazYrfrLr3{W`j-dQhfP?_BOd=uPTUe35Rvk>|6c0z&+sV~_)$n4g5 zRELX?d%TpE@h%l9N6*H#U1`NzKT^_U@g~z}H}{TH5VAdN`y%e7Rg&|xnShXavZg0T z5rnN7sF2MA6_VbdzeQGjyDO%k*~Wqt#E!FnvA`kPgN~Eg+z38T96tl{F}R1g#4#Fp zaf0F_0{NpqCd`qfu~R!P#T}J{aX}hY!jheSxCy~?uiWSxRf>nNFrQ7g^=ET;kM%!2 zI}xr2$bl3YxNKy8I8!7?zewbnwn7Q)_;R5k0GeDmb%fx5FaT7EzYHL&>+MyfWC}r{=C`G@?iX$AjLX2>@M-pwIcD*F@Ank zX#-~g9^Wsy?nu>uWmK(DXx{Q?W-zJ~y;G)d;X0vtm1-aXK_^<~-ufhzrn8r(p)i}` z#ow5m?scYyo74`3cL}~WibkT94bC)$kHlrknK)!exeo#n@!*|TKrXbquTTGNw!SB@ z)MlwZb6Cta3qpj89k%$t`i~*_iWN8m)eif7^2FE?xZpB5A0VGwdeLD+bVDAMdoTvl zWOqrm58m}VaEJ__Snt5w@@hOrxJCpf88VlX`+@H*k=I^IUf4nTR zJ8k}IbkqSyoAY9WbO20~>3G%ywewV6R-Y)ukhdY8Y0Ll2)WxUp`Re1aQu@1~r5#MF z;0EgQpLVzwoe^He&#wD6-o43_^1nKUlQ4nFbix^XZ$zb>ze#x#0PR8Xc|Bw7{GWcI zN+$$&jC}Z^_ixvLuxY^b-*a+&y!4Pj%y<3Gvkc)`95~(7kiL(&XOL8QFSYpmSfQI< zt=5W@p>v6FNbyVVFX1*0Uh7D7%Kieu51iL7Ouzu84)}q~ACz_ueDhv_99N0HI$zqU zC(^mB30}NQYo_cLbpIV5yjcJpVPaTVvfUDb=2x@2ih+i{=r*O zi7pnB9@l6wTi(kc&k>E|W8Iz4N7w%ysbw)V^VtRn8e}kMvtPK?(nTilR@C|BlkclE zm*+0=I zOcL&~Z%Aj;&+?zikmgH4v^!js_(kxeTO|H-7h=%lGklmhPu)xjr{Hm|14*zF? zF7vlQSJMbC=y>%Mc-PH4{aPy%l(|LSjo0R9_9dsaDsve0(&N(8qyMP0f)3%(E$1QD zyNhb?R$dtN?IqBQN*_^Bpf09`!o%Y-x3~9XVe!7nvu|=hH6qTZNcV-^CA@1)P-fDm zj}&4~MnlKbt1M+qL3TOvtgfa^g~9rTTX4c4VmUZUC}NAC zu@7J?_y<_V3*-pSzuqn2^X*&zC(1kCnjROZg5KAEo0dsD;y3Ts*g&7hLdy>|OutM0 zP^&FZQn_0uy31~3mO$6_w?L6>EyEMS(X+evzJi|PH%9-SGoohhLxIh1v?9#OXo1fq zoXpHlymaxQk`_ke3zgN~D2xSt8TFQ;P`4>yM(?ui=Tt)HPp?aX7*|Ep?Wf*C&eo-B zJ6Y~}9UT!YK&ArVXMqlV2H6rl#ocjryHtA?py)D@^ChUtn{CENXe05N?$zWR7sXh~ zf1k;_T1BRiy^rKNk;k8KODo_V?7JDK+ zY^v6?ZVH{l2cGMz->ZJ}?DaxrnuT|?Ja2LwkW0E_z;HMhUYbcA5>#`4+Kou}rvK z`)KN(g4sVG2i(%$75JzL3Ha`HfpfgBjjZ~ba89FmACDMem1okNnT~;BVYcxz^$>SI zvQDU@DpZQa0)4q@G%(|?|4zPX=2@Xq-PBVJ8E`P-3nsRXsL&Xv~h*eY=%9x#* zuj$08jC$Li1f z7t3A`>8m9Dj?O_3E%0;=TC^kDWu;eT!fl&}frS1f?q&2z$V^3PL!~I$`IEBRW1i;0 zVtKp_DoE0Ykls=10HuyguMeTX*(ASN?Ug4Kh)&FW##*nodpw(DNx)9Boo(&c*-R~z zjR{FjPk5>8P+rone%1loEY%y}1%{iy8?{14%L+EbFB=v{h}W1Z6Rn zD_!`KS6UkRfVjWb=;4J7-|)7L?5Q(4)V+o!H`_OTCzqG+THd=z9Eg0DW<3dBolR^k zdC^HUUa6lZ>JmP8C$W~VRrekukXs;Lsrnd35(mXe`eor)04#UCy^uPO_$s}V(YbNX z@0)i$L1x%V#EoS?pOpk=D)~fLZ*QjU4tBm_zq%6PfHN&9NH@7nu^}3xrSQhev z6aEYvrIZ6Mr)@Gj+xj$WccQd;-%w*hzr5KqeYSY0_W8E9>02XCN+ zRNl;Bj#RE84{vbT!W!zGO^|$Q=}lYFP82*}TX>5J=;J%5l}WQO7qm=1O6;|3yAe$o z!7Flb*_(bEQ{k{0C2U+9h;Pdk$sUl+p@@A!yAWT%wKg)pS18NY@SZy{yxzum7D!&e zzsGp`df@yvGmtww411M)^7{@WA`_Y0=xc_ZC*7I96$@BPGvQ%9gq27^4Nd{lEOI%+ z=Nx5He0?kzDBgU2eE52+md{WpPdY`v-EM}M*=!;@Ic;Hy8%&0SZk?a5+&;oLNSXfx z?^$FA_L{rOV%%35kTnM_i-8{khlFouzH@QF03De|aha@}obEwi85VO4;Z$+kdTJ{vxf` zi|k(~$HS)|GCbnA+0KIyMC}jdl~LMHiHf!-%6Tl<`e6UOnMkoB@@B+C5GYnqzK1LV z9#My_yEbc=|EBi*D^iMPxSWYBDGgfPS9A>z>ts*OfKG>|B->GBfxn6LdiWYi8YKLeBo2MUK+YNuP%htbrZn-gV;B_7$ zzM5>}q#x)#_44rW@!+%r9gqPC{>=i}c>Ko#p%5!%3;p7=$*W(XIQ{=)DBjUBx^Nws zS}pIPHcfgmu6w72Re#np)rX2U<5lB))8mqD`Hc`;)ANw;$_wUiF9)Spjmj}4^#9Y6 z2IbE3J}bSBZw*xsou~ePgo!kC2aPbtN0WNdzqX<%7U4Qg>H*Q$22zUYKUPnZN```kyuS!}40=FjFlsu5%cme%zXrN0#!=Hht|A&1(4ln-{=E_&mj-*#ccx+oSv2 z2X!+V#C=&Qvqgk%0)*`o*)3FJ{)96UBU z;i%eP=P5LrK2+B&ve!`=E9upOBh`6YEmjIqC!OZ@XPRncO)Hh7dZ$r(keQQLMC?0M zTUl-nOi_27dI2gIn`NS+xM`He(Nl#|I8Gj`RNmKOAxiti1+$>&S%-Ld?Kq_*;pCPd z#vS8vnDckGk`L*IY(7AGP#*&QDN)~AA{wP=T#9cfR1WgyrZw{RTeLAPXwx1Wg2aW2#f^j{X&}Y+F@wB-$3n^7>`WELJ0^Dep;S{RbnSfmtyROX!LWWjqTO-4 zG+YtXRxM`gIcv+t** zXFpd(lwnt+0{G|4SbcU#qjCUYtUeZn3r~{%tW!_Wdr#)M*9m@#yW~+hFp|3^nJUQq zBS;B>+A_j)s$4)SIEB+noU_crU;CG9^J^0Z`8B!p!`eyubnmhh_f& zqUMc#+|*Z?MR*F#?vVS4sL#ib4_|z|8?O4Uj}*u4%-Ci5r8bMa84|VX`w8d1S@4oU z2s!4+ka=d%vU}-~vW+f^gsaC7T5Jek>3u(HV&*F<{eK3q7bnwB_`J%4xd*ki4@ZlTI+de( zZ$`gFqMb%ccBNg@rKY&WEp;so-_eZy0$XbDICOf+V=$#TtqLo2%c%)}ul|EK)fr~C zx|)nN*0TI*F6b*&C-R}W5pRtzfmX4;LScypHC>-rpCR;8I8vFU}8)x|dQ1Lp_`9ryNTOuG^$nS$*`+$tM+)iLvV?p=jod=1ht+0QFVLi^^-J)i2dhnliX*D-e%3&#+J_+8+#R2!d>^hM&g? z)I%X2D^kPF1}hs4$EBldLDlkPDaGC^{G!QWThn__pQe|ZZL5P(UAHSaAY&6QS=J;9 zO;$sEvY)1gm*)-3CXUP5JQH~6WQ5SH&~}1T(Wff>uZ~bUB4JyiO*C;cTe1cgc7z439hZC256U4Jx7Zt0@m(Me2|jX{c9W3h56n1l1-*YWY5 z{OX*L>eDW4G$t+w|q^M{&%0n7-tev4&MkGJHs@fd?)y^(8& zG%l1Sp?h$a$GWXY#sP^g%;;eGL1C}1w6+%h|Dx?JgW7D@{q5jdT#LKAySo&3cXxLy zh2rim#oevAyIXO$7WeWGeV(=UT6^tx&;IfGd+Q#q=#bjig1*(GG4auD=PsmAb;F!)I)bsUAx6Q6IUKd$623_QIv-ezmgQE4YK66;*%3E{0lP$NZ*rRf5 ze*%gTp;3`6fqtRJGSJjdE-5}wOj|}D zX-nb)N~S@7Ye%9k|CuU=Gp)HYW6otaecMCtLe^ntfurFB>Qk z)7C+HhGr7Xa8T=FdptYe7kZJ#)i<7A@K8rQ34(l5q>=EDvM`4Ds+3(ejHHkV$ReVn zHnxUUAcB-dyGVlOdZ8ul!GaPhxKK=>Ouh}&#%9E34TwSMLgNc7BjpNT;UVX;LyEH- zUxHwlk!~VmTN$SAahpO1by~^5f_n?qs8>OPdnYwO_2}^+orystlkO6YhIMT3SWyyd zu&4;V&DbVD&}XqUUVi^1em|8HdHg*aVWBdyZ?EH(BMi;TtwRHwV%WnUp(3}mAxp?u zRk|m_;N!1eouYGirg9ayZumCoHEdrsb*AOGS4a<|s#!PjgatLEZnQS(C>XAG0%}X2 zZiOB7Yv=ytq}Dhh18C4tX;^Uh2}O}^1vV~l_&jka_yt`eLYtCKLy@GVxD;_RK~{zO zg1{~QD_%pH{J`ijNi7#VPafd-^vPAB4b8eP`7f*TT>5p*4dP!X)k)L9rSu8L96Z zbSVN%weaO%o3LvT05up2pau}#=~MuXgkqHLuhl~iCn+kR9c_voPv>mN9q2kZdxJVEsi&&2A95hbM4iqH;-$(H{0P1 z|KHzs%9t@gEOdCe0|qTm9gGD6cF!S(99~*RcZY(Rp`o_mx-kQ)TL2Hz>7%#;ivzmO zn)2$wT^B2)f;B!_KSB+DQUpQmj${Z@6Jl&L1{lJH0Qy`Y%k;ma2t?4~V!?w-%`=uJkvT zExt1IYvFs{kGTj2b(SCaa{W3V(>7=G7Ajgtw<_IWDbUD@$8LCexZE9@JYC9)fV>O1{4`)xbShtUNs-uJX@i>pOA< zNMbXjpYY-`oMUlp&Fg_tqY7{bR(lqJ< z3!iaOZRjU`WN{uFXx)h!BAcAL?!TC|gqzGZ^-A{7#fCy80Rjeau+ojYIY z#FThAdg$i$G+Zf20DdV4ITEbhZB5sOEl_lpWBN(N9>q@lEYy>DbB_`;cYC>Gc1FAZ z_Ul{!5cOq^5~4XaX*R+a4983|v1Gcw$cgxsTViUYMd2%Wp4+y~8}v%X)9T)fdzKiL1B(F5Y>HBmV;%MKDSg*W(d>mQBf36pk zRT+b9T5}XUjH{=oc16fhUCYNJ3``@a^TjLvWN1r9Bnp2FOKMj_8k(9XZ54*SYA}v; zk_&etBg6p47Mid1nMl+-9h=d|T3F|W2HEdM?^Wnd!V@Q|cW{S#E|2JvvzjTgd@CMW zob-~1{#BOcVrd1R%#jaDW^|B?&X#jNMN6&_Gg-D!M#?0fG$#pu#Uupm8>^ZS)hcae z_O}~4EYz~(a8NuY5!Qr(z7lu=<`zt5p^jHoE)F&LYx zN@Zkc)i0V0jMV8;SlsyMyFeZ4C*vyRIg4FF-adp#jz%U~aW7f{I!GOSA0}aeRcK7} ztQaWCCFfJucTzBh#7xlvdNu;X%9CQ_yh!ru0Lot@&lb>6VxE46S#(`<6=mN}P8ld4 z6+?>P2Z37az>&Ym)dNRCjZ}=5I`y4R-uAjQHyL$rk3CVS;? zAp!ziM9AQ=-9BRqs4O%3Qy(conwSYO&1Yb*>=nt3++3Dql{DQ1IKg?4lr#PH&Jb1f=8C2)ER-gO*Z znhBl~_$g!{ja1f+?&8i2=Lf=lZ*uF=XN4k`=e)xmg-LIEGZ#^xv^s4H(`Gp4{77om zG7sQ(m?VQ_b>yj0F!>d`T+77zxj9%nz2u-$*)Nn7^AaQ{NUZt2DUwJw1<3BWej+Pa zT#33_=VS~ho&7t*bQf(P1y@ZRL_n#PTto6Z1q2Zvrt)G00d0r61O&!C`EuLpbMY7M zImuhz4QPpfJqS1d?9^ zG>;w>UQ^nB2F--|iHi?~Jq<-VmfGO|UfKA87ym-ymc>m-ri}U;NLde)V1d+F#(w%c zO$*)_-&3nVN|nxvsG?aVi^b$7s-e%~T-D!bN*Oh?f>n&=;}m(iJddOMwvUQW=#f~T z)wOc0gT&0vErEbZr2zL#fH_b2cwsWuC#$pQFgX&Lr+kP}EEZz6!E#E~rEw`%<2{9k z+e{X!mI5jKJel~oMyLtFrC$7Xq!;q zWS|LE5ei2GRk$2AZOxYZnByfz=2dpqw3StzwATwbq^Uc+mrBK zgQ@@E)$~-|r`WZ88lo_Mg1=Q*_H98-{ppfQ`%6T~4^h~m)?{r;akh8tQ|LZ~p}kC7 zB5j7e8(uUS_P1T79du4VEQ*6`OtVt&p4}&pj>iCg$rAb)!c{OlXIiuBId!!n zKH)O1L=TQfun&$ZD8U30WUe@`oHtou)EVVB7A5c~sThi&)L<&fQ~{&2#acn5xF<^8 zCW=K_Lng>90OC1CFyc9ML6fBZfMM!Vkhlelk08V%RKzrEA3=%1L?Ody=>vvmi|fK{ zLPKNKgC=Cn(IDhtvXH5?Q~@Ki#UGRA>4Cl510+XR|T{LFp|( zsVy3r+#$GsA0QLSeOxPk4yW2Xs_*B|$jMih0T%Z_ZiLB^ISWdb@Dx z=!Vr_$i8B@)r84Lgfl5nbrs2lUoFBB$k)^eU{A4x4w%54R}H=SL2N$rM+o@Xh+)tr zpFhvvVm?Z|Oy6s@X*sy|W*{Dkw78t5QfU<#fzmW|1)zIHf2^2Z*faRNQGwoef)K*Y zhbVq@_c5>BW_rjVm_FC0>%+(O(yI_U$8Tk(fm)RUNo^KpjiGn<3(qPcYObmt2Nyrv zUdb~ahf~{{;MPwKiW?TAH})<>u{uJXD^}=XL`Rv|1zMygN^=V;rbj@_?SWw3*wpmffN;d^z2PGWt z2^P4(r;h}9adM7uJvceeS-pJi|@nXe3dAPzqDm(;2Efob=bfx@U zrJ&EyFx+tXA?C&P^dmXx3Be2pBgt;+0*|2cD4~Z5JC@{h4+T-yCL0$q8u3%i@X_AY zmczChZ_L`CBFik>KaFYOjp~KUab9wrb-phxXK-9bMKFf@)tb#(zV}`0?a+n!;kga6t z;<&ks#x4LNQj2^@uBLl%q1Ve^8&r+e3i~>}I7%&f6%VVs#55gL7d-M|IZ|Wn2rT;Y zJGjn{u45!->LXF}()KM{rz%PiPG?mBjxQNg%Z$2GFwU#^`cZ@$ghPRSHIA<-eM$lf z=&u6%CIY@arx8?P`V=QG$$gMkod6JN*gdBe4`YH(?kV9q*t?&h3p#I7ups`JlzV;Au3n| zQ6k}Q`TFtmr)d0_5oj3jxth;;w-~A`g6oaV z)?aH+9gSC4o=jOo7iBC!M-s;2XxQxAT)`3M@g>YX%p(R)wBs9{P=9+<^NMeGT(XFL zxY!Y!P&H#cNm?b-0iNsHGO|QJM(FqNSBrcN znl3gskP>FpNSVa%EeShhpS_?%Jex$&S-@EXC#fH5U46?@E?kd@1uUqFWETnO{2=tB z87)7d$a{b#LINwLzB=6n)r(}tSAC7fY}2EFro-~;t~k&0Zd3qCy}Tri2{>o z5gO9R`LpTVS$n8FAvuH(-1H>jB*E02hOOPXcmm3K^w{D#?fBq&Ao-o`&-XumeE+5# zvv#uS|LI#}lV(}kcL}H`*LzN$53VWU-K*58IL#~=%QU{`fU34Sv#qDm@lp)8r4lMKuN3gEr^Px4?lnspa96t2L(`DmL)|?2IMwj3elm5BO;Xn=T!1$7eRzU zLRQtFfoVcj!gppm#BaW9@M>cy@gN!yHLwP3^Z+$rc!5m`V&UpNbHW#I0Afamk7uyh z;M!dgpxKOG-&?yW9XC%zSPCjFs1#7h3=yj`t0EH|2_kJPkf=pZN1a=`GXs(?tqsKr zVPT~`qjF){E)PKM)UP<*#&yV;IR#8xgOKH_3s$Fr9&I025$L zA_m#COv*2f^Lkl&0c+K0R^9YgsEP>8MoDhU>wOa+*Y zFJ_iVTzIgdH$FBlXh?F0RG`x~Z_ZnN4&UnWxFU~*tr7G1u(b+G)Xk(n~gnik~l87KNLeC;HLNeLPsZ; zz@OLo2g~=x(AhpEl%C{c4iF4ftF;jHVAO_qK3#6Qdgo>>q)phA5sd?DyRr%s(@MaH z5}mNwJGHAoEAGd_8+j9glDt#ptNYREo6(-JCE4vdN1~El!i>!ttu?#RD*iBq2rL<= zoj~a(ewOG4qkl4OI`T^rG5hC z8c#B^xICYXd?hDv>-`gX%Lg&2;FuaclcR&SgQsZI7Q2*RP$-6!Skh_Fv3;ZGO;)9i zuif3}CjS%UkcnV)MS=`3W38tXFDE}QA8|p#Sa9FQ0^D~JNtccTcV4@T&>+lGE<5%=$*IYWm7c)%|1jlf&THR702ri;m)Q z=95q~`RSW)$UC&|DIiuWhd6_P$`6M>blJ;IC+$cxY3_Rxn?+9HoFFfX6GP0xDnX+}!(t(Y$~Q5r}Y9DK3S|8lGhttSP&E!PIRLP;G? z)LjaMAern~TOr&>K~GB4V}en6C2EEpbJ=E)@SEvKm~YY{1fA-4Rkg!wd^ThMA4y5q z&i|N{Xvj-pCH+@YQX~97Cnb?d|1Bv|rCDwdZDp}Y}RtBoS~uN zVte+9o(rRC(-ll&7RxX9c)p`ur2i5oT^_ObjTuKSVo*G7ADsPhu@oAqysyFv3w?qV z9xvwZvPCn>9m_WHPDG6LriHK2reAqlEu@dxM-LEI_Q<;-ggFx4zk5{wJ3g{m!2o5V zZJsrxu`DCnlqtO)G{2kTX93aCk`dCP6WMnv5SdDZ3?!!W&lq##Q5b|?p3Ajv2_Im`G#%Szt46N?ePCl`%g?3+Q_>gyV~Ulvt&ScrL!X z%=_)QxxmLa%YS}KK#=ZbrQ3$KEBM@CKUJQxiE$X;W|E5D_$5k1puzZc`i6ub>xjU* zzBk7r2R}W+UU!)CZJ#=F@!{8R9|Q(chXZ>mQ9(YJNnM6m@J>106a~cB%o6y9x6r8} zzmI`mUpVw|w+nW`uJ=Bh#>l^a!3_G^tObjV5vvK5gG8O8EsHJ=9B=&4rPv_m3!I%L zW~?U{bTFVMctn3|%;bPLtcksKyLH=?~08|%V>!6q?6uVvtP-0!HB zbA9JduUyXNEY!WpR=V&X>?SCMU{v?ll=bQm^oVIPG;;F!6m`dtuyWW4W4GzfZ8j zUi8Hkm;xFe)zPDg(-{W9C2}(GPh?5(9$85vcnyqCk+{9XjoP74vW*e-mA*(zzu1*5 z80TLgvKD>HwW%s1b%yx*oKF&x7IoJ;+@s(7t4QQ*{Tdk)qm?kb&z?a^$UpSXcSjEu zxr$Z;$>inMl=4}(-uPoW$LQSK{$C5?o|IxjAx{n305%5-vgGe;BzC>bkAUOAVrjmi zlUz76m)2+Jt)e?fHks#nE9{yp0BWA&;u}K&MOW21)Wi{F=B_Iq{YS{vm|97b)G^=7 z3rYuE2!iQ3^WkB*n84qHO5o$dLtjq5&--FVir=s>bBoWjnMKN&qTEj1U0lTO5!9Z} z*BY8wPw#sLt$iG>G#Ez@%pi=Aj7R)ChVvF9a=|2 zeqeN>Tc+)T!_aK(Pj8p-X%LNmePMCM@vxGEVERjJv)h0BCWeQhs+#3$ND!u4 zwgomr1+WX&EMALHEGM*DQNt#*swbi*O`AluLlynpKe-~lny}o8U?y#SZm|)8H*yHB znRS~rF*2%s(`0RQW?W2DqwpPXKBcO z2n70ZHQlhv!d)agv%M;lz;>08#TNUqX$*ERfbIm|shfU4G8W9uPm4f+1^3E7=+JWxx2Wg3Bl08f6vvLIUITT&p{F6$+9A40Pu3*!pl3kNzU+Fw%vOE}()C_4`BVy5g9%nc zBu+?FBXPbz$_;Gb9Po8U<0x(KGs2*@KRliA1ojFqE*%3>(cYvekn=ohXyIbonslSl!_eKb3P&$imzdtw1H3s%5sop z2^D7)VZku}7)LCf;J>1Aj@!)l_@z7Mfm(~?^HM44b#3vq<(RMuK)kT|jq`A$od{~4 za0122ST&z&!-=yexZQ{G@LN{lbiMddHkX(y@WaIfWaA`J`V=H^udYw4Yy!v0SxLj4yNakVjaOgf&9^~h95 z5r_T;K@$Ifm*Q8P=Fwvl6W@{@OlG>9X~d3uB2#%aGbTZf+eYf88$Ts&W5e7VsQhud z%*8rcZA$zJBN9fHMkH{xgeYpn%TOh>1ZN%2v)Tlka=8oZJCx{p8LCc?E-?iuCHEHG zz0I~-sRqGcr+PYrHl_dNR6qBD^#1@w&i*$jlB)loPy}b<%qubK!5Ph654;U{o)7SQ zKhLxNAI|eB`tRrYH!M&!cvz)JBO=O`00+wtM03L^pjS<>o*CZEYm4&rJk({W28Il5 zU(Zk>cR8|t8!@y03oAh!7Vf(|#364Y;nQJ_c6o*^u(u*0I3c*#{V_*!KG*g8GOzU8 zV$nAi1Ry!N>yUr6b)+wq3DuoN3oG({f z2QRh`e)i7H(Le-ni8}0M-_!0StF>DaunQ8aE zLz9~-y@#wl!P%c4>lYhFOH^lltiau{7!}^qi@Dx@=5cXy9SIyGJ^>}@)PwD~4-9Oi2k_%)i2GI1@rfss?^+z~8#I zU^b12G3dla5ZN@1S|MN$?>Z&Piowr_X#1og&)px=T9F z<-&H|Dqt{Xe@Y2SP7Ng9?m)r)Tu`*k^Fp=JJ@=gx$+9fO%?>q*`{`-}DP+!|Xaf-Z z;e56&bD|&x+*6HBQ+EC}u=obXY^*V{a8TG$-z9{xeuf{DD^ub>@X6sn@QLl$zwk-^ zCL2$2o@W8?tG@i7HStQby&RD)ZN?#g>GG}~yC8bAR=I~(J$tJsu9zQX)+6J6AKb{6 zAw_UsF!zQoGPi*}Q*)b@JMQz#KPfAwpiCe!@!5Cpy86&SVBbapr*aYDE)lp}625-y_hrh z6v;pFNxLV&r=LR-5f!dMM?cFA4?Y5V&BJS45PWD8w+GTY-91lK?9t9)@(5? z6F_cn$YG{b51!mtK3(db3LzKBFBon^p<5h}AISEgY*qZGM^EXb6J&*hro}0sKcCWF zg&@iyX#wMT_-d4~;&wP1-^bUUt(%f$85i0uSA;;3R{?EotG128I{g&>z7*FEmxK7+ z=-@#?b`jE zj^Dx`QUre-`t6pj?`!XOz%}y+^3b>Js{JV}cG~lwD?@l#a+r$Ef^z zI{bRRl3xjXOFh_hhs;JG%CX?p1goRFDD)w8ioA)1R*0;zramOf9|q3H*Q!d1G}_vB z5!K(R-diExRQYNRYxN@nHlMsviv)*eM@-@;PjcQGZL}DKGYreq7=z~F4dH3{8r=vK zSc9Q50H@|kX03nth3oP<)@jC#f@&P zr_W8B;nN$>WlP>n!jv=)nyzF(aZv`2p?o8=rTatvyZOfGpzNxd;%o%Aq@o`CGiBEm!X zA8Fgf)P-&K(Zlbf2*8_`lgCh(%K6nC3W#fH*BhZ_^U53Mni<*UV?g@U)U3vfqVCu3 znu+@fE)J;+L!Vo<_B1xNC>(y3F%&>nKSg;gY+gH6J;H7&Y*K!C8Vvyi15@)7`z8s# zLhxbK3+d=372o-OBc8+n7gq}Zm<&`5enZ7T+&Y=nJ}33gO$SG@6^|oSu8xkRy*&1B zI?V7VJ4|WqxcIaBiSw3b_%jOx<)UXx*(Uk10&bY!xeH@`d7qtp=9<4!iax*j+*jFf zEmMoI?3q}`9c$QrU9~s{pL4`!OO0N#X zk2SuQ65+{6Y35CMQoSUqZO%L-*v8CQ+3O`k>sM-85VFYt-vCKjIOTd96(d5ot`Hvy z6Ue&yMAueIuGrk7ARmds;?FQz>~*t((aC>GrQsQ+Mbki{EjldFQD9x=(q*4>WMfhr z{`mk`8x_<@S+E$BpBZ@Gh~e7TA#~xL45-uWrjdo9GVvf|k;6FjRiQx|A$keJ zl(@PnN-)`P-$bU~WPVCLF3sh&*_x(O)@){r39jtAML3Cht=mZ^57R;P+mkGcyr=VW ztt2H_C_|0Vhh0~Mwz#?Lkhwa(hk%X)>IFzW3P1-eC5T56L;xnBT1ON4my$UNeNsRN zz|(ToLuK!l|9~$*Pb>t`=>n0f4#6Z?Eq%f+T)jT$hR2v}>B*_PZWQ|rDrg5n7O>s` z7>0<=prPT{y{TEH02_r!A@>_K0#}!s{>BekiZrzfnMI? zXX8Ot;u>W^1Bk?c?paW1cqEOgilT^#E`gOR`ja5ObhXi8aiz-OS&2U`xj z8|)ZR=L?1UZ9PE~klc`DFozkAN}Fkh|H+&h7*Vrzf@p zhvxkRjijLt098i<1Fr)95%AF9;UwWY6m}3v$XHrxzz86If7Ccj6cmVdi>-~7DdGWR zHz9yA7YGAQ2&V2j;Ia4Ct?zThD6!xXwnIcI%caL8oh?I|A>+QHlTtX;GgYVqPQv7HSz@VEQ%IvVY<dC!Q6H+ zTfDY&~;%uu3 z-c|GS(ffkKs|_XAF-OV^-JoIW-08{G10 zI&bqfmc%6spGuqPHVr_T{ID_6y>kW8tVY$8$XJGDs`VI_C-Z~(I!fN9+DJyZTd=R_ zXSo;xexN?_?8FI#;geQP;nJ-%g36s);6=?Ub zRf-?DGq8XESvEe;O}Y9ZuGJ!ExZ~{kOrE)AbJ8KGVTd55)d?HL$e2WhRFy=~RGjm3lVf~V=f(rJ zwNZC=^uvD@+>eqIN4{+IHQCTsG2?wiiMjsR*8)o)ZXk;CeRp<>b(bysToGl-xu(!2 zb8a?N#J6-o)XQ)L{3sDzMe0g(BvwwG(?ME3~?tMVmS`FeShm>I$n6C(^y|y|n-qdOcp@ha)ttRTJ^lNFDqsUgp z^;^!yLyv5~g~<|H(3IzQLid*qR-ju#>@O~m@bap>M85N2c!XeIJk671VCdpJC&)y9 zK6n4o9mfhuV!_S!^8(4yC#ZNX_}BMw@wxn3MKi8Ixh_{~;eivz@{i(TEHENN1-`s? zYP)#iI7P1t$RB`m4;9WOS}*!`4SWtJAm55V#(i4Mi5TeZReUGir9(>=71F3PVlUmTgwszhdM0m9n#M12oGW-Ec;mFtBzD7F)xM2qD|*DteDAcu z%%xf^h19PKy|bQxeUWLVh@d)N8(=RUhdpEPQaqvL$$w;#Yw5_NK_;ku$$$pw(-->lsSnvRC~c^ zH+r3pz7?5^c`(TJuTaJx48J?hYkgS!9C@W*MZ6Y;_;czoz}rauLHp~1B4U>F5*(?J zy;Na9pSk@(LppNF3(nx>OawnRZUP8bojmMLuY(o1%9|7KOYW!`+(&PV$SlVV}-TFIm$c`Om@dyft+O z`OvJ);ED`hy{fSo+7F8a_Q!Y9zrC=4zGn$+{EAX9-LszhWu z3|605s3uB$-SOdrDNrzTb8SlLki0>OAZczng^V0s+X&$VF6wST^qP$pa-$=w$>3M> zOAjxJvVfxpxQQDF-+Y>Q@1Mjv$2fuTJ+U^%`q#u-$mp-c`V6x*IliBa@**M{$&7vV zkl6g15MH0Vf0B>D(J&5fhwJ5z82!%NVw2*64LJ{^FNkornnC38eM$G}4#n)>41aCE zuJWmqGt7hC4D5j(|JfZlK*WgHV=~!>@~0uxU+gR z;(~waGd)(+k-3RWWQq4UR>~;GMb7z;A4DSpMoXo}9i#K2{)D48y`&#SE6XOT{EO8h zQpK_tEtFIvw4hJvR1e{?eM!z4wKC^(mapeu$WLWwLIxAUi|6FmbvX&p^@+S@YF1y+ zNXHdxTwaF|u}@>n%`O=Dop0!$43t)Tr9HfM#1o5jhT$|vLWgaP5}=~=@clnM`FwBw08)vg*a z_9Qpo`glXUAK5LTAwua7~y?*$^WRmU03FQTL>b&wG~u!XD>MYD}GPE zT8GZfXHo})pf;w7NLq7f*QXS(1oruEZ5FQ>Uwd}%G_5vwIkw@T^Y36}qU{znA4IO+ z&Yao8ehvN7zvZ5q-ltoQ*)Wu{ANX*fci-|sbBSPq<8lJ(hA1&Z*HJ1&^mNMvT0S&M zHJv?g%OsUTYjC7Sc1nc%_AdVyHIg1ABp`$XCq#t(mUo*y&|%mh+qRGod;Blit2lk- z&P6u1tD~WwOVd*ZC{8n2*J6i_u}8p}Ff6$jqhsEnL%+|jLCeC;B@aOhy|x0iEgn~@ z3a0mNkeNjX$Jk1j`pV8g{UiHF`B!HRX!>6* zul`FKE@lUhDcH)d?`W4Iy8p8X5bZjQ^K$+h+O>0JUDb&)gP|i0Tx@`n%54^aVST7& z8;G%usJmceYj+(#qjDd|;?b1)Ld#~^^6j0v!}r?KZ?lj5Mfk}$r*FF{bi zQ!J{KE!PWf#xsorn}nR4T(tDj^3Xuz=%ftV0Sv@dUsI+)u1}TCe#I)$2c^HP>K7E! zatlkf(h5Knl}%C<>7N%TF8-32()-)J+9P{+ujv1BuU^RhxL1XYf4f((3GeRJK;a+vsxCFr6-HB* zFapMeX`})8(<*&A@OKW9TMJEDdbZkViA}r5GQ=w&cN=PVb{>$Z3Onbrx}a7h+sEfB zI6PUM;Hf-mkLM;Ap%jdPY_(BoGJ=+*xSd(jVDTwv36ne{BERE>t%mhy^N&gwA)f_r zRIu4ZKiN`y!78ODzFSh+)NqVr6G!s@@m^=lT<31ub$EvZ+lf48I{+@pcg zlcTbY;q(HHy{}zo_+AGhNS6#*7($qQL_zf;6}NpYX;@6W*pRrrgGn)H4;3-69_01Npx0P;40xS^FMim#Z!4xpA&IC$Z4BHD2swOp*6L| z7WuGcyJc&eWhTM2sI;aBo)_2}*ot|=%ClINy#sjxd9k=;=~nYYscbE}BBy(=dk@YP zpN!K+gc`R6w?#*vV*g5O@$CmfpzJ!Ne{{c1^F?T|hGf`h8?7V!e&J+A5!$_{pH9`S z!h#AW-oeB)KV1dri2^i+%!asoJ1;zYll!@o!*#W*T)*_~LRV@PLXC8AYlp>lza)jdk?)oV1%Z0Eo@{v)-6f$5-rvU zgp5#3@M{{VB$H(shEj-#R=`*2+#O?~0a<=+!HDaS01Q`%X(I@x+yP+onLhw*ytB5{ zsv#U2%I!_GLAi%q@asfU$3? z*&tA~(m;fg*?@K<1rP!H3IU9==|LS20q`K$Rbbfk?$2xieLypdQ&twCfh}$}E5woq2sxB&^x~Hh%um)cVx+Qw@k1Dp)Kgf% zHBe7Fc-NB-9IV=vay_60YXeXMhyeq#Ai1fm5bE2YO5lZ9&9$X-+JFczVL(J1s6lNI zR<{vQ`0g>fuq^-NDC6QcV0n>!@cQAOMv1C_?5pC2xN%Kw%czTmB=4j(9LYL2%-^Fo zX?g!uy-)wC-i5ssM+8Su&KO3_$%NRkx4Wqzz@$gaEK`^S-p6jjKtCvnFeZHND*=Ci zyccGt)kK742kxj0g4}FKkiA78hl+w$YAF({*uq7v_5oPBqfmnvl!Tj%{4aAiAFcl{ zHp%Dz#U^32nm1Hqi~MSa5*jV>?6F=k$P>vf^-L97VAG#d&~k0Q05nNL-U$=p|A8>6 z|I;L~MFg58m98e~OfdmRfk*pgwh>2UkezH&8&>DZaO8_=o+zRiqU`Fn+M;T{>vs{> z2Z@Fkv4(99qky^&Sj}v2=6W`{`lb(M57s?pOkXD<|IF=(^)(WCzGNsa7fMvpxTd#G zJG?y3UNd$=EOE}Z{l1qw-xYb??JD>7D)e1l65waOonOu9`HMt#J^f9hK>YrlL@oNc z=lgnD(092K6}+UBI~)7~QO>$XGB4Uzc_RPtPRQaA5OZExzNavO?vomA{k{a`M2`3M z&CMKBc{*Al`pvQ|YjbyB3a3N;lzV1_oT`aR%uR2u;v}@v zf|(Hd&AXDetNj2K)B}`jGcp-jbl$GJPmG@M(#4;?W;b9zp&I z>eEwj*9r$zu_vd85q^4bLIK6F&JZ|wSN~4<<5m}jeia$nJZPu=ogZN&G;MfPZxOPu z?jsOHK~pGs{no6e_$B8qyHDBz??X&GNorVU?byu0V&&d~dDkPxux{mQCUB#Jdr|K7 z*BlSC9))Sg`y5Z1s_6fp@`)4niCm3qdgM|x<{N4qxDg<1dKJ*~! z>c*ezuk|mzP6mYf>zQ!6-7hV^&GDVhv}|CvUHsHlG|S0zo)mX^`RMIUAIBLYWbSRz zB&Xi=GAiFj<-7bzMR(x_+|(%~vifCGy({p}I1vr6X8*5R9+ds)n8ie8H2#0oPgqfa zwfsruoWNRpyGXo$f0go~1@XV4D5PlrVs>z*X5Pw~!ZM6Tq($wrNo?jP@m0fyH-$ea zDyxED%o%5j=AS4k_8%xp>Ne;OILXrtoaC7{e=ZxpNyg1yT&6|I7>ylpKAaj%MK0xP zi_Wy$_%{UDTDjmj04p@JBvq_gYt-z6u42&q?23ej7M=x#)e9FB320`e=$Kg2&MY z(`ehfA?7#M$OEmOvBIrVuT*AvGHYI#8}070Q>EYMTiMb0ToWLo+r|p!F@$1mJ;YT|sb~xVJ4g;(Q57|)uTF&}i z-aug6P&OQA8Y5EhD_+M1M!4+(<)#FLT#P~>!jLpa15Hv1DCZ0$lahP_l~sVE`(3D4 zMg&5MxOhgjq`lljd{rwIkgs$n<196fi%NU;Y4EzRG9@R{WNo^!V=IA)j+-bGXTvOQ zhaU(3VficVDq+J<<)zJKL5-CkuT~Vj61%d~4eV)Q}ip@%ym6 z+BYSV@&UevzY_xXLc1kIX} zIoOs!!0%<*^R>;{G0^Yja@=+5MQeHDZ~t{=Tmo{>NH9Rn+QA=(QG5lfbKA|=*_+ma z?Vd@kE?xC(UXkmt_`GrtZlyopZck6g-2YURu_M$^ZiECXOC3S4%M4aA3Qh{9MTiqU4u#4yR3_;S=ILrpD^qI@DK?RNlXctgeK>`w(U}c6BTQ+ayQ4JJAG^3J ztXXRMwE98Q6QVBv+(uq)gWfw4aYre*BWg!!j0LQp4CSA#&$!q#I636}U;0nVH3n#0 zsnCXa++&q5as9tGKS0>hVq^4q1{?`fZPhlg^k-O`q37}4nV#w|ccIveH(leIv@Gk+ z@l3~8;7H1)gY-)Va3m#oZoE_KHI}^HgBw??-*H}K{{~F}3!j#14ZYO+po~qXX{jBJ zTq$Y;lR`eNymc+Vv(b7xbBPWb2ys*_1m%ITBJIL|#ELhqPgt-KP_k82h)KVdBJwpt z$oS$^yPcw_6CY7%%oEeSE0Q?rmi~+jFPYAB^XRlwaD%Vea4(xhXml*bZ5C_r?nhwr zP#l@2f~V3>kfnu1P|kyLdX;mwEtcX^p5N7bAkKrAgnO5VYnjK%={)2+@NAiH9dh|q zxhg=9={;+9EY?9ugC_P@$d{2?;l&8|-!g!tc&HOsL74dspSybSH4dnu2>Ucu3HrE^ zG4-3PD~b5riSN_{r(eRR?CgEqOpWH>JFRIuw*Yoh@d;F6qj@K<;Ru*;#X#Wn3#oYL zmsixhw5Ulkdd%igQt^KvJQGi2-PJuzU^lo82IP3*zf(gyF;XwwMm?ZB6`Pq<&C)U1 zP>S95$3o^y?&YFZfm1RoiUd>BBK_GhSi#7r3IPL7K5j_APe1d#v#Mz=z z;alEXvktCi?m_GZ*9XqVpz`iX0-sg%yph##oR$)y1ofUIT^T%=lC$aO9i_SHShaOw z$H0DATls{K*u;yp^s!Wp@9kId=QJe_YNpuHsy{$4z9{(*&|_%)3+O#6aR7nd==>j` zCz+QqSzfHR&r&(Cs5zksCyNVxv8#zp9)hhl%L>%# z8%Dw;)UnXhys(vI&T9VA`648a$p545tb^)W&@GRfZ*-~cMtCF?ykYz z-GT)7;O=v{_rC7i)BRq}Ox65BQG0WW+DM(f*SFUCeK+3#vdz|(+8vj<tIgX(CaAJem6k5C8N2i*-2~i)4x(h_<2QlSIC;+Mm$bV5q zAbqR4fA2bX|Pm?OlqKui6JMuO*!u??3b;p6fHe z-Pssnc~IewVKspgf)aA@YIG!V-;vCrGBPtd7=q59P#J9+ZSEF{D=-wsogT6RVc}r4 z)n3kxm6~jtZJI&dej%Udu#bM_LMdHu3&1w;Cf;v0CoV&}))s?j>avV}to-p=@WR$3 zz-LS>C(kDuP(3Yb{>ju~Oo(aVj*CC1P5w<%!WNu@7IOwRq{-6%bcmZe*_p*p2KV z*DIVpI_(3!9q5GDRYKZj#x{n>8`^N8q5PULmWfbP3@0j7o2$ZD#MWzlv*9zoT=cKh7D-v+YW z?vGXD2Dsc>u8j36G#UaBHQF4o3MdUGWgr@I*`9?KAPivI$(7}KZ2C=6KH^Q$FTm{@ zLU69Nacz;VOn`2VX)76b*S3s{{PkO~t!!wx4_R;YuQGw*H%i-lrezHsV{TSbf`i5& z2Qb-U z$St4L$Rbh0{BZ}6bk7r&Www8}Y|;x}(FPUSx2F`>9_uam83ctFJPFQ2!gocs?Qb-F zBnP!A8N*DzSm5+(EyxblVNGZPD{jW$&mi5LS{K*z4vpR`K19p&8dVYpqRIb`Fd`F;&(|v_Xk)B9zTaQH|K$QQkz%&m1FA zX#fHC!VwMI9{vOFAPSqG%TB#zEA};>ps{LxWbPxeC_P1gQ^dX_aZ*~jF@g2J`#p^= zy!d9>cc*T*SF77PO385bd3QC)Cn4V|2-Cd#AwgdaD|7cmo^PggJWoE0Ju;}9ej5zA zKXCk(*nfE4JfGn2ewgt?mk8Qjnj{gI|Cvh>+e~0&c;B=!1i56+3$%+9`%BuL`Fnx} zd5?JhPJYkVcYVR9p~X!gLSukfRLeOmF#bahN z%q{W_fO(id{MV$So70+r+rP9E?ChMbz*6r$3iqTorD?NL5YH?x_q3Egza4qi--CV? z(U-JBv(UJ4egR0tw~YTbt2nN*u%)|J+61tPAg$QU=Q*QR`N07%O~W8df}l30KSjr0l@d^{+Y*v zr?e05@KrpMj}aRI{E;um;PQq;I{p!jteBdOoua>p+31BggLyDQVj@?~3GbcXnPr%W z9~@+gE8d?6XQ^@+*glsna#ib2)Kt*ytDe<|B_#EW!GVdG>N40>@Gvi^6537vOK$*< zHxY(Qi)&D2dF>`}`Bpaaf`klAV`#bjTOsOU6L*f7*Z9#pg7jlD??g-$tMfNd6~$P$98$&uQ$90(49P7J2< ztzP(KWMir|1L&$4YsZf<#pjE$hTvdnGHFbDX9rbl6#Q}devu%F?LL7y3ojSjL z1d)CrzeJ@+?``*}AHe>kHn4~BwemhTw$cBQ_iPNAj%C<*r1LlNFKKZWtRRmu= zD2vh!T79VR&2j#`%QfnWL9TD1_C3$R8Ls(`Ezym$%*sd61#;hUUVyLScS#beT4}gR ziwp08+-4m$h8LKRlYrg*&g)%_eL9@5sH$DU9ijK*RebFF#sSf$&%@pn42si?6V9T2 z7~1?*2tiUjKmzN&+*258vDHIauUY<(6ZempN7#6{VOe&-?@Is=`FVUjik42f#_Gk?5$W8f&N;Sz=UYp@A?Sk&Ithh(yCT)KXCoBYS9eo zZEd=x0|EgBQxk)OlG*V6tZyuo>)ZXE1_W>}sSpHAO##Rcy?yzPh!Od8J%ph7)!Db^ zAQaF;#PAR&_bDM-^=TIc7Y^qQ=iu$!&mSV)=fJ*YX6lL*O|)%+4|T`|$^#SOl7|RI zLD~aUUxARwh@`#%i$DX8jj^eSM!}bp$kQ#Tt1^uHK%7d;8&D6KI|K=d_C0|^p^+T3 z;E2ct$3uk2>uz#^n8Im5`oTg|3qe9P6@Uyd+BKeu_nnuyu-j6$n2;5tw!hxk)e~KF z!EhY!?oohhGj~raymIa4Z^2_m!9UPbS@yYXl%4x}tB(6ksv1xWx;la*5fHVzF$=o- zUJyiGjMB>j1*+>Hf1IR6Cu;WxfvVmd0NUas=#>V_lJ%qxg@>xnses@5B0>m4q$>#= z3W;P3xIzNK_7LHAR9{!1ODAx^5wEYSaRCqF<-BZxBeXtkVy>e^;HE*nZpu41Aom3! zD3{m>+)61#^F;sh0<;6jm+4&FLeWYIan}R3Xxq(bd*`P1K-D%CZV@|5I_UiOLB*FeAJo(_i6@GO>X ze|w&Rjwf)cz;H|uMsRWqznlA7`eW0CvT(o`j7(s>OI!GIly870?u$(Q84$g^cQV~yUFZJ z)3h#GV)1X-B_6FObnQ0n`z6mq)Mkd#mXT^F=cuy-?SX`fTdKz;1{SuL2MZcKrZ^!U zjjXai7&;i%HFFbFPQQvBNQX%+twJU7AA>7sNz|z+xWnY237U6;0~H1(07)H4HbEzp z#n+g8o!dQfWR2bhN(W(w2blKmkWc^$A(W~*P_7zMdFEGe=}*4J>FJZkwdQA38G5EB zrde2%)jcXX=7Om(QpKQF;QBN`+C3zD2rDp8g=an1Oc*jH438T6E)O2QsRal>Ieruu zPbuQl_~ZANEK*>YHVH%!iS@z5OvMVX{Pu@c3&Pubt%QMw&7V`|5(jeL<BE>0NV%1cYo#Y83bYvCXuRPLW`*y9#r@a_i+NEhKW|;EGP0S&nq%-RU9sKDhE-* zT6`VTvrxJ$I01vSNlcUaD#69(sSB0z8X#y4W;bByD9Sn|%`{lP&WhHt#qN$-Ms3GC zgXFI%q27I2;E#nTPhG;nmpO(LbmJ9(ZcwH4sS?Q;u!<%Khz3l97=x+@hDm-FgGR(l zJR~WVLhF2TS_5~$fmYe5-K<1jW-Jv#25T&xk=|etjAf9QIEBdxyj@!=4A&aqpy@0I z#(Kbb)204QrGV(dsG&5+38j?^Sv68jQ%LtbaKCEee|-PsAJ7UjuBu-J;<#YY8toIv z(AvEtvn;D!p;QkX^03eKok90HLtjQST^8~2BK-o~QDCZr0qkI&L!&*MlR!vIic#xO z+AsoRlNP8GbJGJ@LQ}ac_6jJ5naEgh)HeZ`>R{9&#zDGH2ZSHO^M%M0u9PVp3YhE! zCTADMKyU05xrQg_227C3ch(aYND7t;IAJor0X$)G zszW_UP1{Zap;?IpsGf@v)^y$1xUrB)10!b%CYDxazmAjr9&NIXrJh9|&UAf(k!HES z8SK_TO?ku(pPOW{at}$Q3INBF(HM?sr~P5iGJ(p_%?rFA<_W8xMOgrL-OnqjJ&yW_ z3xvl^0JE*&(`xyN-OSIdwidVonyf(b*L#=GJ?M8%6uCaOKz*TUbWZqcBAW(y;38DH zK9>X57qm_C?g_v(a{#W{=Hr@e=;kV(C=8kLG=k!Y|X?^K})d(k@OJgC{!9g5L%%OORgNcv8GRs z;j70#g__fGfYYKM5cz#{sakw47Tc_|pKDaJpY2AbUSas}Uk(TwjvWz`Ue*pSS`P&7 z70dbWXX3J-4LIl;Z8tLd$ntSM*GwM6h@hwU%UT4#6K`^Xm|Q!;Mq5(E%_ol=-#-51oY4u$olKFLrn*Q(>n{v zuDz-Pdx&OYN$f#0-WAo3V4syb#@)$O-{|KVl0GR27Br)hFf^k>RskKOQl>D4#_W~< z&9a*{!a-rkBoO%wM!?852cg1d$P?7XE*|lw;?uQDV$ z>NPrxF^fi$Ow^G;0GE27R+9?m+n+9Vt#GFFZXlQ_Zn)hE`dQTX+aTiMlt8UsN(+*$ z!Ex9@m6~Y1YZQZ0QJ!O^v+#O9kNf<_GEa} zAhV7ZkZf5i>#qY0`&Iz$VD*D`5VMZj(efAVfQ;&&v;$eTO3X%*b#4lRf#=`c+^*O? z5eQ*P*s07)o9{~vO@-3 zrpx&tQ{l!9bzuj|y3e;Mu@3|V?@T4@wv~lM4942*=->PYGn#wV&pyX%rTM^xtcz~a znAD0z^M5m=D?Qx*W=7L|D!<%%eZ+&2up8T$jTAV}?GmLXlg28!Cf=#>c`yik78k#p zF@HbYeQed{q zwQykgOOMONYL3;bKhmU_^q8YkzgpW*|LQ@W{e8M%>tpBS>UmWlaG37psGk-RK(XJW z_-=Ob?-@$`| zy>=cLJn_?dsj(4!hg?#%=iY4{cZN?HUagbhT38HwX6b0Ce-(a^>UIoC<*p?QC4z? z=qBHGX&R0L;tmqW1OJ+1#8K6K*7W&vj6t(QEt;CLDi!u!-uBNahToa$!j#k&9$pr& z_-nx2ftfzPxXJy1dG74vECJjF@nktXelxA%B#V`SB1avy8CGXg`FEzl9!^^fNuO_* z2S!rQCb34X31lLoq?hK#sa%Y=B##~qb&Cbwkpt++L2e?>S6`&xGm;Lo^Hky!pNjP? zJyAaop_UQ~7i6$%S}IZG8)#D7Kg?a`hx0|(T|P_nvpsQ2+gH;{jHFf2))S{G6-Tf| zVO(E_p6%UczzK>FRlNZr+<=yFRcABQ^xL9ziB{?deZH;YtTq4jJi8r%ER9l`N?qVh zn7N5@F*wesPK5eN3h$W^U4>HVca-WWks;?Y11F9cdZz(XQQ1}#TC3j8L<3s$cZDxg zuRp1uSl4&eTe*U|b=N_6AMYIxzl)v%6MW+hKD~EQ(7U*%$rHZSajr1Jv^BI}z=r)i zTID8J9;8t&GBG)$Yl^TTRZ4i~%KFaU+;877Nzv*)ax!mEE~R@wX?)PwnJ|5vq*J&X zdHm2qZtJ9U9eFnJz{Y!i4S%v|9R2Jd5-ztEm)!-J!KCkhx~8EkBr-lN(X(XDSF2oF z{;{-@PT;BPdP)%`AaLJFcb_SX>(M={5jV>7BCEp{TkO7tv&VTo==b-@ONaZr=$5V* zn#zwL1+ltQ@d?6|DaH4jnwqWOznU?!sSJC#TtJf1FC`LbyhlQ&bn(ShNt*{!`xB6v zjQ$Kj_LJPCiMaKQMh(n?D?H8>`*<-Iy}PGbNlazIY&%jwH6!dT`OuwyC45Ghw*#MQ z-BjOr;&JR?h(@DwsjMD)aFi~83s>hFUb2gr+Ier*Kp`vZv~0K z0Vy=8*E$K(wWMl$wxBx;qU+M}>y_$2BP^>|5f-43)2(GdT>gAD;YUYG@{?FwVk^3w zHP|eoM;{K@5DH5egR%#U*%CN{cmOKR-JBS3>Q~~HO13GVXY|k$Z6Se6bgHrfIvjIH%|a2FB+{j03003~4ZSvo zuz!;XXwfi1!UP%ye0)yE?!PZ52pk$?pQ?WoZiA%ED~t#o7}R`LTHzI$_=GR-Hj*4OQHM=6!Q%N79W#v|tue13Hs>En5wufZVA~xlGwqA@i z8F*&6ilP}U?~P8f81kaQ_55W&EtAIK?hPskl8o9OU-pvqypP(wR$E&H1zzkhz)WN9 z#dVnBu^3{DD>5gQD20f-VC!++bv=d~W0Gl|;)IUh{^4yM_ zdm}zuO~J#vjRrt_#j6~-@d#Qwlxh~nSEPTIpgNqt+c7=Oc$~hdV+@|$=HkCD0f1$t zVJ;RMsse#)9wzVx;;Hp3l7Vs7YjJwTah zJC>v!6R$w`Y(uyTv81`bVtmio%K2KA2QXX;6os$Q@KX_o8P_?40R#R!L|5O!&lp$#Tcx9TAABM&$NM}<-=okTA6e2@G|T6b7|x4F|f7( zLF>UQ)6Bc1Ri!Vi|@jZ^tUMrreZoQXPey!0cPmWiOE^JNe*j6r%v~pbC()&K{O1cISC$qsR?H~qu!az)^ zZ*YK->Bt;Pd}Ey|D2tnvNt_1^2ph0P9L3sM2d6^()wP|45_7w1g`4pYZSdWraT`cF zKw2_15A{B5V%(SlI~hGy-0cbTUCCn^6sB<)X>L?AVPRnhJ|C&0R|6>#P@f zEMWj_fs`Q^w(!-tf<@Vdnu+C39zK=UZbEX8RT96IHYQTS#Lq^I-E_0Dpk8n(Zi=cd zDiC8h*r=gpl9q>`6|H<$l?}Mc(`i{$06T3FEko)aKl5w7}K{O zR7hX=$hXyGCHx^pqQdSv!B}aORq46>BZf`;3Q>a4lKIVmOUx%n^@HE0G!e0JYH86b zpQu`5c#BLM zImEmqx&aDc9HTk{cf+_{^i}$xRLTn_Bjm~b6;0)+!m1lWZ9FToCNV<89l*xIozZo@ zsrPPQ+aZBK6kz|A|ylRG*HDzJw)azE`bYEC%)RetQ#4``s<4Da|*OM>HGnsjr z3nEN#V>P#YBw9j7_^DY@6Z;BHywXw);E;Edc>B<9y$iTZ_9ogRG>^Uq69&D%CAB&; zSMMh;-*371dKqX0?+Q^s6(xNP=^1qxz z5=j&U!{4N9?iKG@tKC2cR6eB&NAB8~FWAg&MoA`eYTKGxmE6B3B?qL_l~uEl(v`WR>vpiK5Hw9{)a%8NA70kI=NE zjkl+o9uYCB1J#q)Dfrua&PH=|G-9+~>kx&jhMdEf6nv#A-;qfG32`o<)0e^v%;YR3 zRIVF4QAdIO*q9s*<(Apl(YDO!jPpzJ22BH6=Gdy-tPlT??mY%%XA|6N)9H@4-mCfQ z-S2G3CdXL;_pKZJ)!OGKuVtUFgm{F@;tVmbSnx>VDB+lQ0b^jN8>dhj}BmaUo-o8DV&+5vY};mh^68qIZxS#GL*`bktuSd60s=UduVMs z!cKpdYh@uE9nBLCObz+gs!@Z39L(UgP1jE7uoVZ3^7L|-hjrp%#zE4`3Zt4jX#snL@c@u~ty0)9qq|6&dZL-tB(SF@zdtD-Ox?S>U_Ez| zz#Z=CN}d96<`_?Lzt2*`0p(IX^9z0ggdvpH9=z-8JcW8(Mk0mOH)*yIe{`^DPRoFZf-DQL0x&s478u9Vk;k~ zg!~}Y8JtfRU5`v{$e}kqRtTTXjRN!wJE9TrObPMv z@J~M#&*sI>{pKKpeq*>9q{w3)R~fm=mdqNw*wF8i;-zlfu!+Qq#gWgP|8XI_#i}_w zTSCtLQC+oc|1k$j;Mi*ZvOAWijEvroCs257(&PY?NIgC$s$h;RSV-(b56(DKP}ozX505meSSx#_+U$K;xQsd14O*V03~{AjSt_{(CN zIYsy)b2q)jZrYfY^L6>+*F~pG%Y|+l!l&8s*ZZzV)n*M^f@3M&!(dLGr!;aa&!h6D z)@w&~)r~vX=1vD96F zjs^%dzRax|X{!+Q1T{(gxE_;t@=70eMUD{tF%&Rnt$1{isOX=rXS-_VT-kJkA>Dxi zjJb&u%%tP1EmrXcqC@0PL*||+&}8J^=7r11r|;f<0|Um$*I+DD4OIlJf>`nkt#Lx7 z8m$*}nV_cQw_DQ<#Io+A8|SKHDoH1qE8bkLv#?nP+SM6z%=`~ zcbgqbJFUBjK6o)Gr!$(@+pyq4GB3K9BjdAhDZQ)|iAMaOp49KL2;`{J17yQjLowAc z@f{;5T60NCFzcT3Nh5W-xPXUBg_ks|gJddyS_FC;VcFa|DDvO-w;*PVcW7L`a8f8!Dg4AgTm~=X@aM&JJDT43Yo54u!Z{y5ZcdVjG--`V@%y?#bJvidsUW9r{Zr`~ z{r-p2gI%BZk$cT)-%W_lcrx9RzXu4uu*Dw@C9aZh=^9AcVsEl5mqE>10_>cn%`<1| zquCokg|u-kgX#jHlWwj!2jN_ZQ;E;^O<5B?tyl&1iB34qZ{^8yo_zkLsDX|c+EB$a z1Q!jx(8>q($#VIHo938z`^lBQt~TYaICRjKb?0D@o}E|b4J;K)H?487<3chVpJgJy zg|elK3CU$wXW&$#NpsP+$K`jOlO?T;*~3=atw6JMad7V@L;6>88Yo18Y6H8qG1g2T z_1Y#D%S5pWsECYDWOF;lP+>&n@{5uWE^~sHv5QT@&7#%j12oG*oRkVak12#fRIak% zNnjBWP820NmaGkAf<`2n;$}m!%Axy zTIGT)Q4T7+rL+~lh3aE#twypjg-W$R)P}-1Wyq6_6@7%7;N@2F!}+m z63P`!^h&^%1cX#RGM4sV+6zF;qS95m)B5G9yCb(L(GOQ#rNHa>tCWDPk@QNtadv3; zrVQE(UznT&xZafBST*?4Ac&|@SYbt2gE*iiRC3b6$kY5!K+w>K+XO`)4bAMqCNzm~ zIZSWyI!W>JcEGvOa!TD6cuV7S&azKF5p-Kdq8A}A=rVolhfL#Qq{l<48xMM<& z1#t%Zf!HL_;pT~QAX4+P)0zWtb|n{xK7AczR&;KnE@bq*Ios&Ff-swiyXEH$d@_n^!!ZH0sOp{M zuzp1@Zop~vm36_!c<~dO@M|qFXP81Ja@kH7c!@b}@Ea%s31>(nZpI=7a@vFG`T^x< z)ElvEQ8RzNpI-w#GBKy;E?&$X^mF)iJHxV)?Z>zn^l=hT4?SXG5a4-da)Ax?(iT9- zmRB;ceTgckuBQcIy*|fc;$fS48*TD0VfIS;Q7?DM!C*Dufj8Z9`9aX>7QYT>H(tIW z_I&Y5{q;Vbfr|kK?1ZRF)Znx(oKFdbsKlRwaO;2d6$5@W1P*o-Qi0$1N+`gac@I>l z2Y4kUwO#OeTK9SS>dsw3P^Cu@SaBBt21-G&0-$151!>#YD?oP^;-7cG@s~x;u_KFe zS3JZ{_TYZ8OvwZ+40{Z^`GQD0>dE;5fiKeHplM)ZplRfEgMcSNbg=(ovAZWetQCxI z#ACp5ibWt-Fqr@nN-gvdOjQMiFjj+qDowAiWR})rKO`|hu@0cmOXZjlPC%w(s<; z$&&&MbIhgc=S+iG9TCNeeq3+um@zr_xGc|}Q!EcT@LOsqr8Vw>>Z7<@x_4N}fGU@K zn0R=7Wa95OK!{x=)7QIbd^U+v66pyLV%JL9qRSRj;t5yfe2~#>7m_9$F=YecV+L$z zF(R~xqc>co97Q|j;6zwJJoVhFwNO>WKt%n@4n9^U@!%oTUzrvIh8T($-(sOlJ))9` znn?61PKHWN6{GbZ%2uP~Uz9CBNedtb6i+i!`!zY1l2m2(p!jfZo2rd@&7Ij@re>DX&F%nlEpd3g+U<$z;r2tT zJKO5XT}Sn|ksRg^^Y|Mq*-(BU-L{x#^!D<|Yk$xJ=%7TVo zqoLQr4IBS-l*);qhvCn#yVG30_k~3ND@gT8x5XjE1D2+#wf5)e-nB6I!(x?0iJz2@ z;&L%FXFd+eH4YfH4slKN3=D`DBbUhh{G9!}7m1E$gv&!`VJ<5}leK)b6s`2M4W+0H zMh9nA@u?BIDgq!ZE;1q%n-NmOiZfj8$G9i4v9;|&rqUK?%e1vR}?p&gmqj+h(@jn_fo{nB)t5CRYXvr z{rOmTJEv^pkPnpsETwoKi6`W1HWxRf{tuQ?%7f4lz9Dh`2TKVAz*6#Hy8nW|x3P+A zcyDp=LI0n%fA|o*x^1a6;M^XO%oHGi0yc4H0e@nG$hy(Wu;BW+x!=^p5G>ao|0E?% zI0CW>!OEUN&#nws=S^7ih4*lfG<`zU!~dn;O)s}5N!aj0XpIp;%Vz#V`le>(TAChw zXFi9^bYw5cZ{}Qs4(%U_da;6(wPqQm)YA^I@sl5wj4w~f&5=Qfy;Yrmq^_H`Y5F<^ z7j(TnjX&5~eYXtIzID&jaP+WVlI;ECqJUih)vT_Bh#@yDb=+!N+<;vGd--UYr+_BS zh)<8-Mt^nA-?c9q3Ab{%7&-snwJ%gAK>JoH{-u4T75=04h50#MWzi)Xrr~u|u#j2R zTu9E=LdCW$i4;Bh8*Gl2xK1oWBC=fbnBY10;)(9kbb#g~N&lP{fZ4V~P3P4=x?za0 zs^ZLZlrlY|5!)8nfMd_@Qe=Ceitje?%YdsMIBU+?CDr z8as(m>f1e7nB)3R@OUOxbui@@8COd@Kotk$5HCG}sjb!r&s<2_Y%EWZ1C0zZOWsk-}m?r9#4EIA`d(n4-g zc6XJ=vzSmQoqz!%D!#Z!^lYJQ6K&MFgZ-{W`hzuc$UM<>K-*_OFfm{Gxc zmHI!TYn)m<`^rCcapM%Tz`n}8<^g4Hr!ImrxVz>Teh`>1C zZ>m{UGbXx@O&y2Vbvf<1qXqj4+u4)fqtb24wzTb#f@I9Zx#8KG#BCrg*#*HYV&6B1 z32>t7PZp1 zpb7X9X>&PZ+H%w0c&*??>t(Oc)?U5N|@oMR!W%J=O4iV;G;uX6=T4&8SQ)W z?^z@}-x<@oO6q)61#DF!A>$i7Rk55Vz)#}z;=CDanKq{pEv61S3W?q0#C4t5=DLo4 zuuGV7ZjzlM{)lM)srx9VxL_EQwe7RO8%IU~BzJ|!VlYCVx03&D9QM5IRE@_mt0v7?R9X6C`gDxe%2!FB4G`$8LKSPI5wO(I5)be%Ee4A=TBg_vTtm6k33>iy-qo3SK7D+Q+K;dNFVn+2bdKSj(ss^(k9TL)N|HA%-G9_g3MG&~DIpSL zUw5oHc7Bq<{gDA#6tou5YsA4IQ0$46mG)2LAJgbaIdrTURFQo{pZgpzlf(e6M(5G& znlha9wWxa8OQUNDurVQ3{la&cDXjckSQ1g6QL!@LFFGMHQtUmzli{O*&QlKf=I@g9 zsBuY6vl5FGE_>`E9?I~`^eDixFYP$f|C*(f+R^X)9)o=RrO|b$Dc)98kEi|or0~81 z?PMF>V2l5HBCH*~cY)*NtID&eE~~c_(D~L_?BS8;#2u@#UgbZ#U&wB< zo_agt1dPY8dXIRT4DYRbMTZI;xHp(qs-64^usaCWhQWB+B}$eO!TolgH|F)#+lPY^pB`dvBdPeBr&^> z(GD`75~h7v3rON5kbdV9-+KWzFGD>h05&i062^J=dro{I0D~@XIgJb>bXsG=U_J({ z4q)g`xUIu<+*nYQYW#)uL!D>iM!_^LYBU-8cYso)aXPWn9gcB2*x#NPeEO3~L7lsb z!8@Pp^Gw!*G8_g-{xKw{oHepuC4eqG^*zG05B)xe&6=fQ{pSBV4w zoJaT|1ODic4#5S4#JxZi>Bv5!F!z1@e&LC+cHQbWO8l z=A~#pf7(h;r;yt7@=9#?){u%+A>&+zk*18+k9Ew65a&BvG2UWoLsHTMfMQ;Wpi>iI z;W_C$ION;s(@)39nBiwmNoPq)c?_Y<(TrhF=2aFP*qNn;pHS12;pjDrYl@ z$7;WW%q2>_qK4#JEP9TVS`1ad<^)e3xFyFS?vVl#QEU7a~T5h3RFvDU4ThY+Ff6 zn-%22`3(^&ZcNe!>oktTM8YORuPWk2iDpISo`co*0dmnZY@F6K9hI?Y18f|3)bih; zwV4BSq}AA$xZ}&AYX-=d$fs|cTXA?0t*TC}9Idw#b?!^$Z5%TreRhK{UyO$n5qh5~ z0lUuQZ<*hp#lVCtOit3Ivwq^Imt|!)ez|;E7iXkY1MSHv@yO~BLOwfV?rHv2RKkEK zF(Z>#R4}}Y2w4CnfgF?f0<5HBR7fGpKa|A+6((^wlX|tV4A{JMX!J|Rf=J{PN|CGc zL;yAQGcocZ;G067a6^K57kKy*0t+yAH)j#j0p9bo$F5xnw-^if74PoO~SC=^6Kj#W_XB zCAwJZ+iVI|5J!AFvQ4R#gI_vF+@YjN0d{Dc8}m%j*0%7Lav9cm3RckkL|( z&7)QY{Q2G!6ch?~6`y}zqsAIbbFRFyBhw~SYq$a4?@SS(o(R^jho7=+`%I`eBh}=5 zdy66331A4lwsOK!B}sFCtFs2ndv` z<#$}bjq>0q^ZZkar=X)DcVNyjzw*$x?{Zg(T(sPDf(qJ)w~8 zBN?a{MR)C`iZ|9dvI~u%D=NDP4W(cZD=L7eyOjpO(;cnb&j!RrUN3TODS7#93cesD z({B0fglz7j@^1Fv9PX0quv2dXDDVfCwp@pC!?16l1T3ZQR)p~RM%o=A-_YIgm9j;e zV@Uxp6T{i?loWY5`4%tG4^F+cWim&^MtZWxo#jNE=EJ1ip7Gwh-^^aTtAX zFoH@CUvbOn?);Oj?tBhk@$%9xzQkWMo^|N0hA5laVWG2#_D_3+d)8VNfcZ?Rp!D|4 z8m-Etavaf3ZGlw-44ZKG-uYA?|mlSho?g;14+=iY^W<9p)rqGzc|-?qCxIGZ zq7ZefI=A$YQ|(ikE>-z=7d=5njdnfNTCDT*@!^fObJXAX|GR%ZX_n!!fA|0{a!sB*ReKQYnhFhZe z#V0o&BY9}fw)UGG)O}6X&n+A3J}XUp&&4}8h*9#ooL)oUes@|E-svqvei$aOM%6DT zdhM>re;*md7)zu|Q}n;FlA_ z`qtMtM9hxzhd8Gqfg2D!NfLKp6DJ80O(^wZq$*fI=%UPAcVuz$V{71U6caA8h$h8N zt@K-yiXW;*<*QEv70F*mSy zkKoU%U!u%cE%AsF_LTIZrV49&4`q;qIQEu@_2gJLaK>~Ptt9`)(+0aOl;e>ZQI7gn%GVzoY=NGv29Fj+cqZ2?Rob;8|Uor+`3=g>P{-CPC6Z}|9XCF zJ&m?0jNT_Gc02E}Fe$pR(?`u1gUg#D?MPp$!#R(H!oYAQuZ@~OhO){4771l#(TsKcX=09z-rTjPAVjA4zH0-SXA)Xn zDQJFtS=|-;A6c za4bVbvp+=5dEDG2Zw>6X8Roh3@f~W9$8t2 zlgT(q&NfOrh0qRDL(6g?{N)`u9ac!Hy_wpE{@2_*D*JD9b7(C^m^nKoVs-;=%ZFl| zoL>Jr#$D<-r%t9|C;c_aup`Jhg`n^IXY-?#v667fQDn&i_50o2C`WHt5k zmrNF_mKvtTVtPoxs2g_S03qvkB<-SLo8!mY_1jDKK4Op@c&0+~g?GGQ7shfyS^S9V zQe5sP&xik_in4hfVCS6k%}H2iIREkR5B^bzmmw%_?D40v59?M5zIdwN0%>#7pw>9< zn-gA}Ha~{tqE?D~s$NFpu%$d4yKxWV>(6rGrH@rlpLatXe5FltAvBZbWP12+UlYXm zaxgpeKaLIzV@>oep!_!0-Ud9wqEm^l+rMF6<;86~a9)oplCwE_Ozh7~Q3##qtEpa6 z={mw1mr1G~#P5YT;P~MRg;*J=?9&C9LF2i6Adtd;{ly&z3Gy`VKxoJpdDJAJh5)I{$X zfRel4kJv@tH=!9pi#^v4dG!;0_0!^P_463`;`5@Qxx3y6Z=1Iea+06|GSRBMC|`Dq z%!#`^oC?fWDXQdxI47p`htIy_OyzvOAANQS$Z1YEZ+BUe`LvK)pCF{#eisPd{186B zwgxyV>oI!ve!1ggD*nM3U-WeMi(JB-F1IARLqr`0zqa~1>b0I$9J76ux5jHOESPC7 zKa3)TI&n@O^EB!&%K~o=R3rq+p23T4x-a~sL1Vb(MZyBN;V!H%?|QN6BMiUl-`Mft z!^4u3Hn?1e2incQ;UI;Qzbm3rv?o6-gwW@?aTL?g&&B8(ZyfhS4i7npRCGD;H5QJi zi*ppSgakIIXbPwVAFnmE_E6a&K|w14^aQjLn-rhd`vx*v{&a54ZgdGdD1n8b`??{w zYwOft^KvKl7yNn%CXhK)56&F%?biUy@ENjAzPhJ4C&!;LuM%$~m)Y6#D?)RCUsZ~? z5iZUR2_GJ*r_%tB z?b>r?wD1ljX(j1y-{m?AJZ!QC-VxuSjVKkTuz5I15TR@MmVc|#LJgUJO5&1_N-3>sXbTte7*|aME9(Pw8)=chv)yvr?mHpt~g0T2Vl-hOt5=nwPA-F3L$HfUJ}k z)j(QXZ~Ae3`0UxhQ}X8S6jhd^daVx~%WKg}zV~+4_QYRn7oTP&a^GX^Iy>WOdR3sZ zMrm5LfR`3em~XS6Ai4Y6Q*vPWnBw~E~Sokt|ycv41kA-iW15Tu%nn7NayomFO$0$MH=>FAD zKuc&_|5an-=UWQHIXB@(w>MIX{u6^i{=VPR=qG>0r~cgD1O~;P4We)$)y&S9QtSr0&)cMzX-MA>O@j*;755ZCSK1!cu-^k(;z4Tp8qeAps0e$sJ95zSu z$>$5t+gg`xO*#rX+Cb|}haQ~*eE0j?%}K;>mTV*UV@mi4nKcFgmp(@O6ziFWCt>ZP z;E86$u$99v#e8)vV_}csy+_P`!2S5Z_X*hWnr(d4m_C9{v(=>a9c*1q3$};O?PRh*l@a+eFQC z;q2=ThIQ=hS`miH9J6_}RLJ%H^6Ap6MzMCiHlgEsQz#?M^D7B7;T?g>?1YBM>>R=4 ztqdy0W}t({5_ge$EwP&{$Zr-TrPnI??mrAI&7qNl z8udiHJ1YlY(p@4cln)?yN;ff{tUywh<#pd*Ffa}4EfAA(C;yi{Bqw5yOjk4iHzGK?xhkI1D6 zK^w>_y*_`g_UdSd9WF`}Jxcw3NxfTnX(zGO_dJfn#b_&CQXD|aE}A6BD9EFzQ}C4c z1v&G?D`#ZZ!O|O_dV!9G=uTOXt4OO1DoO`x^irRKPjzs~kyDdN&2--?lqYTnQ&maH zkd>X*PeMqnR-)x{5);f)A16`Q|5$Sd&P=4x$EJng${cdr=fE@fWylIOr>#N1`-=oE z5BVcuX-Z3dRV?vN$nnQ(8*30AYO(~M9wpxv|3-r1wf}?%I9YbC>TfPxbSU5S@Ldr8 zNrFxsJ*5wrkmMcgN4$+xx+DZZ^Z0YmY{s!9Moh-s^q==ff8Mobj3+KM8afe-GP^B*2#a z&Ayt(-pw;n5;QpTdOo{fs!cRa43!NTL#(CH2Z`>z~b+>$T9Da{r5LEm!2T81cygEWQ-x2Q0qi zc?m5fU@~w@ffSkmEWZ5D?v>TaKiw;N9R`$T$ReFdPBg%@ix)8TW>9*<4SkM(RaHiI z`9v~^hn;`VMt}a+W^_WopJ;ukq>he9Ji*&AE*3{_y+&{JJWH|J_eO+4-%6M_Wd~D@ zb&Vibl zivTM`CMVHMH?g>nY$PS@99mEi!xJuESKx(5={2>mC#N^`e26wcauO5BHK;^{(r}5- zDoXFvO!78tIAUmRW8D6DR&bo2ttIDz>A)s=43ZJ4|J}6uF$^%RP+@0QCO7cne`DZ2 z!{i_-#k6QTm#8>3|LfH2?crFqsvs?_!zQ*!I{7fR&^qZ5RxA1s^11exbbUKKlT`~c zi~0xh+4*^2#4Wtn%~Z`e*&FCrx!w%>5<$Z)!Yvluc- zG-)v68Y8NV7%4WF#0mof$Q}?afih21vHewCJWz6#lQ@9BHMxy+UKIf!#Y*q9IK!`` z^Q07T3Ua7Md(gT$Z5(%TUv!7Mk|ET%X8AN^*tmNWL!Jzo0>(210Y5~}l|3@VfbHKo zjnn{#e1`gN-?~So@=!XvY)2Oxj`4;!oNiTz-%1#A?j{| zk%Dc2nWs@7J3@JFiT3wuL1da*8E(_oLjm3@wmi3$?PxG3Ag4G(7#-FOENjX#@iC@C zYP%AgpmcG`jvOIK=;1p%`4V_4WZ31FwSn3-gc_w^{a*V3oSREHx`3 zW9AY$?Wgd*3)DD*(aT-449xiFP5%q*)f5}rCuJ%BY2Ha;sIT1bhN_tb)x(8ESJ5(gKcvr*zQ|RuT%H)=lWS`J!}%ur#ZgyZ@;5lKZ~cM z-A{sSP71`&Pp0hh=T8p=kr6+r7X+fujNso>!?2<+ez%mLgCLFY0q;l67HAD0%*9>5 zVYZyZM8USPmvJMT@LloLO;U6?_H-%f81IU?6DZ!Yi0#Puey5Si z+{BNQD9}9k*!9~&RUt{~bDXa6de1Y>_kqM>tYlIp3HKG9g@Mnp-RA7dw~CR?;q%+& z?>R`*dM0-7JA`;w4N^qfC@P?^@d?jfyFN_QOzhizPEvf{Vs0HZR3(cQ1DmD?MQH#hK_>sMk5>XmQ++4ShVQ@P@6}@jmp$|FM!=iK)1(tD@(UMy!<*sC2#}Tj zB8=VIOs+c4xH4&2BZDqY^15@xXV!g~{M@xz^NmRFgG+7_{4mE!73!hDH<1zlHzo3c z!Tf+1=VyLGh=DUhF9ZC8`r8)0S*1?aFG%%t0#zmgMN4nSqTT@1e%+00AZZbbja5*J zU+5zvKQ9+@C_Sd7;vpy`FWnpmyuXT4m_Ja6S}BBJa(AJQn596|0=%ieg3gA21)UKG z$nLp+pm8f|({^U`%vXMP!$9J+lmNcUHxs#!BhxM!J})ZCfp^Xoh2L%F+;(%XltD?^ z7MAvpm2!$v?B=*uQ|zobkoD%6_pqJhzr})nV*HQ}@G}Oi_sq9T@Rj(KFA{98q3si; zL@xto<^4XreH|c_e1?F-n$?YsOK-90@(>CoCkGzjXB}wh4TO1-wgF}jeLvvTWHp_J_yq0_3H9tYh&XxLss~*OyG0NWHuHOQ&Fn> z^hx^IS2r)Ofj))Lq<9{?<}5wTaZb{)Sc{u)UB8i(qnlQ6yxp1}va}U7cg7S*jvlxa z;bY5?uL9<=8}mYUiS#h{gZx36>01|ElyRL_<%=29A$P`sVpx7Eu-%}huC z;)&1uLe@c>^l!Z?^8O{qh&?LB0-y@O*|!b62TWBMf~wOHNJ;Ctz_Q?}(%JUy&4)dz zV^jTU(xbE*wP49rj%cwZEMs^LjANa%-}1MK-xe`eaCq}Bz2bb(pwMPjj>ar@Bf(1p z3iPPe7ck@(HXlse*x#}_&Nx~rN|LS6N5m8B1vv_`S+2FAwR5e@j#0HFq+s^Vwl@4e zbtEnwJi09j1@7y(NEYY}pV}KMU(_DuD6dgjToBKLBY@im4pi&H-LG zwTUT*e77>#^v=Y!O{)cyG#2J}5D1Jk23zA=2aL2(acVu%jru8gX>e^(LrpNKmwZ1 z@N+NN3;|EaCEq5S8hijV8a$t>>~#&iV88x%R_$jKo;D!8?b4g`dww}wHu#5~aYd5G zm^hiBRdWb9s~lJuD+0wg|5b?~->(XA3fF~ox$nRi3RE!^H_L(;Wwe3N77$R>gd3pL zx!8=Q{#JkGE!6~H>jHYGNLQgDwnm)xgi!UJdi4W?Ukq>n#zDCudCx<5&kz zPKDd9YZl+T-k>6n@n0j9CI|f_K=aW_io2#R;IQf5z`3TWaYKd_DT(X?@|wmhqmxf6 zbZjiOVqp~0?2RpTL94za%Usk2u_5o9B;<;sUT_BMXoK?*zdHs&k@T9Ur(3ID(L<#t zq>ctsO1$&u;Atg{%uDDfyIby2MyjF)&l4CaxlqJgN;~-XvnMlc{-@K4Z+QgsxbRH* z=c?7rEqr&oh;vw5xs{R|=`|wDdQ_=|E^Qlr^bnwznc)a3vNXIj+a7 z1B*el(O4?g1?!{i7gCel6J5``Z(r4=x!E^ZHU0zRDx$I&!(8!}QhsY+d0E38LjM0b zxmg+pNN%E{{Uf>Ad-Q)wZqC^KmD~(@u_igH5l>h&n^avmT?n78p*MZ>9Dq}PkZU?) zb=YWMFk;StK+YidX8R2sKVSG8)3z0R~EW_ETF3HQ*o<>+J~@g~vhYf5Iw zrU`^rTsw~r1Jid%2c?$(TNOq)iP_<*$grORd|eTup8GRd(%eVp^`Oz6Y%)yNRf^4GW5FO^?YjJet@ zr3E~+qCXz;swAu#ayh5FTsl_b?g2BYS$|kr72$U5vkKSBn)I$A$kjM2Jc}Ak?wKyW zhNJE_WyO!}v8##K=N<1M;WQkhPbEw;CBQ@q*?dgAG<5S9qZ^I-W!K^tSN)Y?3VN;! zg59pDQ9$!jsh_vwK6gp~PMpr4OsAa6RPkS#&icI$|D(;Ao(VjZnJ=6L@i1fJofB5F z`TAxCXL1)-e~qeCyv!tG{bgobkyPU^>EONPu$pYwhTpqh=bA271hNtmf`UF^O0Jfp zH<~Z{KVaUrpIfdv1RsrA1#zWl^_LOotv~kI_oc*@t}?Q&zL0>(0M7kfLIxW5*Gnf; z##H^sl}jkk#XR|rxCTQ=Nc86Mj4Li4iphxhMYzr+^Sr`X<6l&c!qbEE*XB*2TQ2ghKKOvm;FJOhA!;4`*k%zUQl9pRE)x#p? z2e=B?e>?0mM9g%Bx{@I4qBu+jA;JV!c6Z8?`&Vz&(*44q+x_%hzQ+dRHJWoZFZ30%SZ7vi<|;`o)K9O-RKn;g+SeO7}nUDjdcf zX%|lV%5DA2PiRC!3{PWS#4IFJ!Uo76J-W``r61BkPdE0G0wfj2MF+-1EvnHP|2+E3 zWs*r#&0vV8Nu-LtvuX^s(o7mnS2pn#bNg>77<3W-E{FEr&9-j7l@U&abX?C5XoYXROIRe*d zyB#ot+dg-9gy?-NW-A}kt7WiJ`TYg9(FB6gwfBKBuLPks4lL1l7+&HaCcG#qQpk7+ z(s)iN$V52eUB^SQ;J3cd$!7+_G2(Eo!|vG6y#zL)98Ji)LSF8#(i%TAl9Fv&9+hZ+ z^RXiH!b4gGuKb$2%-cA{{=iRg*PaUd>1cYTGbhj~{!o5GlLCKpyPtJ|Yq!ao0hB|A>tsc#W08e~rsKEB%4)=bl5m zQOv919`=(y85EaTcU9bM4<1Q;PgFd8LcrSfvWn=LN*-A_qZmOH+>?IaV_f(e$Yb)S zV0Hj6sK;de*l7J31u09eY^?>_@}WcN{U9{vG8~Hq&iynBHy35DFBU(L# zHeACh5Z&OO)BwcuEiB@5-6e3BE(}Ch2a)Y+G6Mr39&^nT?0Ro`r3}*kNqg&2Mo;~% zUO2anGB&pjXkifd7OR{dJ9t;mYa@6TC^hO630^oy6m;xx7p=kgcb3=cZ);~%rSrD$ z?gKQZ9-q?0^rx!C2n>Z55p4|PBm@GdZYTY8&A<5-&-}HAf#}LykhPTYkp~&&P1sO` z!K8D*2`PP?5h#7EdUNkrV%dGnq;sB5hCo^Qb8pgw@zwT>iJNn8gmQ1RFrudJr705D zz>b3j8B}i?reUyH!HsEG+kO0{fmA^tESj)*6*Rc-^+z!kKd}fE{Wd`7yU}6i{X|w9 z=pL3*;1Zq4XSkK+=RWW#DL}?r=@U^#_UGcI5;$fT?MH?D1weDa_*=dCU(o#^=*vJs zQs()3$gF#N$T$k+0%Z76=siGmky{G+VYcIwB)8-1V=s2%6M<8}=vzVPrLgR!@DN)H zFM;W`U?AvQiEN>DZ`15YHG0SbWKQdW=(WPZ=(%84u<1|Y!k~A7|Mr7g=5t|BR6 zWrvKF1}j9CEQ0t_=!jnTQpij?QDBoOq4dpXh7|*D*Umf`$P|36&3o*X9*tfVFWM;` zg3}rtmeV?p$6kHAGGo5jmg}r<4USc!0EU?9p_dvC`#bW!0~?h1BqTQ2G@(C)P!Jeg zAFT-}8x->`JtW66fv5>8B01!WDCj-@aT{>DLDK8Tu8yjxj64|>=Nl{{XZxjx$>bzw zg*D|p?lGC-V@b(5Kx>jtl4{GuTeK;GN)m&_Ly;;4fyHyetO&-ZUiahBZZIKn2~4~Y zUk~)bo;#us_OgN_N`kU>duyak&iH{PfrXJGjz&O+nP7E76hemW&!LP4H{+PS$(egF zzJU}l2;ry95P%dwiq}kmVET~VVljKpiPkbj>KjVAR^WB;^(MTcMQ>X5G#)&CI-&k< z3vCf(3qA!47!5sWAZcCM8)? z4au2{s3;hmbRhCDnd(7c@;opr$nrb`^L{qc8A)Fv(J?Qmu`affQi1apKmw)#sCh%9 zAz=f~Y_Xt44on`~#YVt1F=2zC1z>v9P#;T2)DS2sM36Ca7z|PbF5RweXHRC{W7#OU z-OvWfX-kL6c@fe;WxsmVXDLSk7BEM=-OyvnCb|9RraKMa-|-VTkD3s68U$Ga%&>E@ ze*LCT;z*p8%T22n%uQ>9v@oN?v^WfDu+&L!1;ADC*xf~OYhs^6$~+4K=ao0n#Zs03 zfQv0w$d)4ZZMEqTepDzMB?Br|qzX}ki%|Z(QU#^?Po)Y4#rt;c5Y<7sW)?PVv^PYv z)k`aYWkQEVaT+A={lhZ3vP;XUVFkh_z)3w^18Al=6Gd$`t^Icc07jf^R$Ojjc>X3p zaTeE#R06i1I~BKIj}@T&x{IR0zL90(p=}q*i-0y>t~>|}vD|$$L^@^iE+8zxqkeCo zqo=mf@;BkFG*)?vZo$kSw45?O0rrC_^Db^7%1~`bs7-_>VPHJhW@j6bf~Duz_eXK_U|kzN1q;WAG$)CpBam8AO4D_Iw} z&|^fGIi(rAKcg78zlhQ5(1IJX;l3YjR$Zg0_!i8ySC@!4B!T1!LHjimA_?Vfd^43P zYL9W`e=r|d;Y&CG1za2n1^CX-0L3I`SG@gl)<5^X8%;kis0?8ws($(YjQa#zTbe$m z-l8|XQM2_5G2nv=LohVYJTwo8a(y*YHmhRQ)RnI?Dt~Ik>^{MrvZkgRt>3B~qZK*T zr+S+LM7f^e9QnHRP0jHv8^NNhe0)m%F2LHFC03jNrf|=kn*sGCfGpQHB;PDM8SGdg z4^jTgq1SRcXQPOPzqqT5lg(_4E&SCx13fBAKYLTedV28ga5MF{+2F)M*dWhR+^UAi zE_zkICQq)F*7h?KoD7U>-c=Gtr(scNkjc{hz&a&{xyZQE6kA2FxhTuw6Yh6?OKX=O zpxxE~RzWgp^f|)s{jU`y_XxO0;B^EAz`K%PZ~A=gweAR-i4>SmJ-5!i6)=%BkrBwO zzr1>`0_ZBcq5sZU$8T`_#aNS~;^C90In2m3on-xys}yVDf0wJsi&UiNfv{8sR=#R= zjZVEtd&sTE6XIY>i(h=s;|1~vuy*@MK%}xiDTi5wMNU!vcf^{h;I@f_+;`exSaYP5 z0-UH5NM&(cf5JyYq806aXt{Isr8ty3!I|AFt%sj-%U`xWYEqvh2G-$R=08!^{3Q{9 zSXMULKj5mb0s6@QqlaYsfAo+{{9pEvm~{I!1u53WsAm&L7%!pE(p^h&Svn>$qb80L z)pbR18;GH={yGM#Yv9}blg4VgK0ert{EFuzH3I51bCdT<1GhQcPxKyH8J&b4j*Jb;JETfc=AYpGFaEP4!l0Xp~`!7>J>MXYV-&)4zbF2 zWo_-(I>O z9NrQKlSkSR=bz$+?KDX~S;ngQp|^4ivI0^DRBWARa<*8JXF`12UgioFjt07fBEILy zXWijjXL`fpxaSjNQm*kUcKMtJ^zClf%}(+r>{>#M#h5+iq=_=BHaV8gyZiql^_mnp z_}oijl&0QUH3u)}w4ZeAyylwjMd?C`>*r4<0 zj`1`Mp%jfGsO7;AExQoSx1bj?^Y$lX>za@(aw{L^?zp&1spvzPiG0!Hj4j5>|q(^l@l<{fep2iZe3Iq7G92RnC z=Ig(8K!=ro=?oWDGvK@~P7~#_V_pzMqEG=dB9uRq%aqN68L-?7SBWC61h=DBDjvac zXLWpGLmC)|n(sKU(+cUP$Q2=|g8;j%XTH3%q4n(XVh?+=IhV&PjRAbrd2@hWxN=Ni zcM(8ugNb>>o?^1-Fu`v>0loj~B+EES2g32)I6Y)z2=j;<)`_dgE7t-30iB+!no7`v zubKL5|Adc+*&v!qb%Zb)MJ9C172uj-O?(}e`!qHg;XAQPpf|7r0VjC_izr!p32dB; z1smCd-WeW=85uCn3X$$QEI7ZIQ5wKxkJKV2Y6}_}@N&|_r+Ok^*3>csfa1U0gmHw~ zBfgq!&-sttf8F|Y2sC(N@4-#=1CbU0E>qy7x!ltuup5Q6Q@LE|*BbV8I99=s$&U^a zM~2)nb8)%>E`0_%-fxvZti`?F*^VEc_`zP`)vxNp9=)#1Q|NY8bJ^6v5Irx1GQ|m zq6DFRJ@_H8Bj|Dq|9-|3c!nY&+w;#eg=E%yD7jAH*&5)@24xI?*|zC7)pdW)UmyXT zC-{W&0BI-Rcq~UM4``bh2UzT)(9+elm-x=tL0exVJV8(!LB61(QCgh@^e=j-bBQg~ zt1J}5tsJ`|DJ8N3S?LQA7THRjAV`6B*H{~F7XW~Ge(imDZ`9}G$6F=FeYym)PLO2P z0I*~*+Om5fnX!82I#M^>`ii58_*n>`}!$uAR~m1C-(Gti_zl?)4tAeSw&)sl3mj7Y{twx3eN)&f$3pIQ}6%HBsx z=sn&?^COX%2$z;2-Bh+K<+#qek%2`&hi1JKC>0l}F%=hy-Eu1hwVG4v0*&m_RL8=A z=)rZNTT~x`QpW1XT2=i8N-!+RC(IGpiq+h@hf}3aDQreBvjH=CoK4AkO9wBtejqz- zOZNnm;((S8G{J58Hpt!E^j^VCtCEsV~J}GJ`ydINarc zQ)xEO+yr;iG^APuiFPLzWRzNitWMY1=$;CdWprD!9HwbS!hIH{t`-8wz0IlcApvkD zN#@^G<+QgCt@lDOf^tsk&K!^LId}M{A4TO8;=)KsIW5Yz->gQ&==truH^P@e)Wasn zdx752*3zg)Eh_-csce5M^(%TU{pb=Vt=f7vRZ|i=m$8~8$Iua>M@Z37TM}wJqC%Su|_&IVkr7jou7nJYNtwDJdtt2@20$IskHF!>(UvU#;7+TKI{6Ra=)!w}D6i+l4t@ei#Ja7M?B&y3g>H7+y_ z*nFZ8USF5m#_KEp71zJ71>pKvx3PDrZiBo5p2yua;Vs4c#gUOoM#a3bm1luvh1y+z zd{0QE!@SY`LGu5W?k^V2-;~@YGHW^ddud|yoXcyc;`LPXh7Rs?)Y!k}^>DLsaq+wC zU!yOUeb)HTyMH3UBb*0ejOf2Cb-UjXN0Xv6oI|FteLCRWl73zPXQ5qM$;?uDXt(?) z)BiEvj|_VB|BmX*{AX0(64B}Z2U4Hr^q-{u#5Hq35k`x-H2j~y-aY<58||J5ZpcRe zO88$D>x5haO6^)3Vq?yWhRtV^HcM%D4M< zCQE){Ls|MBTPm)f&gFi)ih2Zrw=N~+?{!Tg z2~rd^^p-K{;tB$+QtWGBt+a(QEC0av$3Ol!qT{V}9$HnLe=oihDvYFZ`7ZRdZ0IJ! zOO29dz#66Xhv1*d&@SaiO>Rb(Q=Pc^i{P(4E7_z15d7ZQV+7o$%1$`eGS?Y{oyYI; zJ^+M2;2L+xpS2&bfXRSd12Ef@wOjh8`=(5>9`m06}JU+xs53 zaW1Cb?gn77p3gpR=4C-wXUzF!#T@sO#o3g8cMO6Hsht02+%P{d%Ol4+VTMO;@^J7D$3)kcC{_U#O3vmX|fe0LY;2Ef%)C7 zq#2)$Q73U8NR9$Fm4M+z#>5GfvqDbzACVoY%no#0ixTBW;Z-fcahB1X8gq@m^RFvs zXebuq>^-9KGHP6BzyGyWkKT=#1-?&giz9_4ncC7?*+){XfvpeYRuaBUsz4*;J&Pqx zha={^CXx!wGQLK*aYWtaKnIt8n1NVhU{IXRHDIc7^Is_J!w&QGpnSw1Gy)H!6Gf zGOuB$%VFROl$irA8ng3!!}`z}FXHNO%9fKtZRCj4M0%UGsD7TM7!s)gKw^9Rye5a% zG}!BXlv)J@&hmGZ!AGIH=pTBl{NL%Z4->g`TpShEp_q|5U$MLLI(R8Remeg6-@_g* z?60Ia&hZj}(uppGcZ6iGTZ(-A7X{a$;()8$R{~V#@JDKRXxnk%JZ!sVkf-mE;j*^z z1f=EG@e~45i8fMdCLty9Sv+o3158__g`h)LkhJ)<_>^{_8&f>Uzl7Ju~e3h?DfQZ3mGkL;^8TxV|dBmU( z2oOmBy_7WLXE>SBB^@_klJR|wtYm=0BuIe6Y4&jR&C~gpS>zXTRx_O@fT`8lr=t4u zimu|jQycT~%PxJOY+9)9i%OybalR>dr9sshbL^+|NI|^cTo*p=utoMq(19ilD0mOC z{WvO+oUmebCy1aim)RfoCF%M-t_Lu&hl(8j5#HnOEnxMjLal$iq1w?CQ3(uEvczX7 zRt;RkRuOs#Msr(F6kq&Kq#4&60ZZzL|AiFbyi$?YjYULWj?)utq*q=Vjci?# zedz&&20`S+s~W+IL8)*G$S4zm14SLTUq@Lh`t0H*#X;G+@Plry+SgUC;M+Ffm>CGX zKRQ(PKeyrT+g#6f#9hve#=pHkwz^vT6|^;O)#*&-SU2O_sy5>{o-h75D${+J@Rpj+ za1+P}Fz4VOeAtAP$}R}cPxJm)4j9xe&zQY5mNQM%YCbEu{TWgX(cB#xx&5Gc+59lm zJ8FPb3;YzTl1(Ih&E}j$KMg^DcS(e~K1$sF<7M}jU#iQal<%@c?KQ`*HHtF#%afqn zl-ldww-PQPpJ5c`^f(p!H{hl=EE^Y+G_;m?)x4ZGrZva;;O6Z|l|K(h%e()WU_yX0 zRwliHDG+4PqPPLzxuD+9R3&Sd0OJl)xO?ylX4wK+sc}n=vi`^BDr&6>$fHT zrEBcx3 zv2sR{B>b2Ty~b%_?3kzlIFrOWZx9%DVEgvyQ2UBcKwOpJHSJ1BtE@gfWST!ZYGkgX zi`6PWb2{DZV%FI4#qXN=!TZ{V<10FAOmwOo@g-c5KhrrsRvh0R3q1gfDB6F7fng%f zlifbn=Rg8of!VcJEJ%~*urJ03^%^o_PQXI=o72aFeg>qLta4*g2;Aa`rGl@B2=mJZU|9{P&zrsnMdo>Vpc)b1gx#%|H>gmoEh{C@*)-z%-H$e zMYWOvHsny!;!6RP7-dvA!~qc7IqmT`i?vTE&(iPVQh65hesU!AMxih~z7TEktTjC5 z_7Gprp@-MLS6T-Lt)6jr{c_lb@IR>Y^MZ-JAo{5bKbSKBGETe-BC(UCx05NMYzFp# zIzw++)`J#d3|{_Vs)Wp^G!)bE%XU}UI&d@+KQQ+;pX}%NMD!N&1!e5zRx#zt9o>hE z&yaic2(MBMoLZs8a&f#!(!qKV!Yz@b2rwVX!(Ify%Bpm1{6SY&JiK)i!|(7H=n_Ld zn@%l}9PG{g4k-Oh59I7tDN;^fWR%7+rCHGI7@;~(Ve9nkdM&SiQHq{?y%QdSV+jko z%=qp=(AjQ*dlCs@JiXL~e`0`uyRk-cu@><0P+AkZI0zS+_ju7GtwY*v<`Is^Diyu= zK)IOUT1g?NaARNTXM3{Aztn~IP+vulnkY~TTZo-AIi-v*c+2W)dLM)zt4;Fda2$s8+Oa{*?TOt#M-%0w~$z42aYgY2Ad&IO9G_kUtMWzD! zSWmcOx3O;BNe#0kd-Myi$Th9LQt5crP!T4AIsuR30?Tq&!^z#Vxyt~VqJQvvp!hHF_DN=eQ zDC^n#L$;mUai_f5|8Q`#9{-p&iQkL3XY$}w1<@OrqJ$8N$Nv(`c?WeZ)p*|}I0DYU zZEFvT-Zd>P9{ zcLb5KiwjMpYwhYDPVUF;wV&6D58&ca7CMQHWKTlAEhlKZUhUKQ@X9nRBm@dK&8JEK zl=~xSRleuI@CpRw3@lTLx&JOFxBZ9^KA6U_4$`0T<^a0*{)$HGO#C{KTTM6F8H?N- zB2vIBOTbG!(6B1g*}ThE<_d(DOL2y41s>EJ{Tm!p?~UX~cvj4ZO-N0^43lb9EaF%Z z=yulm#wLjTCpccaye6>{vNuGkW|%#rx@OVmPS!{o=k`kiHl-<3uu!74>LC~=C`q}Z z+|w6Y-_*U3@^tIFPT zWFyRCbo+2<^T^YXwR0syS)Ns>WDe3pcNYk;= zKA@OjgjKod@0&S(jwyfkA&NYVXt7j{2UPzU{jD2pGj=A`wr=Zz7j+8OaM;Zar^ikWLxj9#r);2)#1{k%i+lHWHf>1N6om^!H$6 z+4H7_UG1y466b=4(XK9t=F9iw^!q>N{BSzApSq(=v-CV?i! zQd$Qejd>&a1vl~g5`k@=R!+0&uIh^}gLutcHDU~{R#xzP?gvH5#-r6N3*v26>!PI1 zh}KF?u=n#s$toDWR}oa}nm?J;KCSe;cw2Dv@@J-+qA*dxnl;@jDIPnBvSy4(b}E|F zFoFl;8+Fu&-_JvRZ^~CuER71;G-aLtc13L0UtsFbgMx2c;DG}h-85l?js2_B76D(@ zo&v7p2M*VoqzloAI>~~mQ0ZeaP;8W1GY7au@2Z6h{&k#K1;L;kuoA65QH+ADPN|lM zFxc(0HpT>-f-g5~8QB(G`vxV*&$r8u>sL<>l8N@^#sbKN#)1&N_IK4Kywla2pwm@{ z{^||iN(e9%4Tey{k&vjEtys4!PH!tz-~X$ zHDGn2qaWCg(x$@mthuY#nS~GJ10R~a<#y)Baxrk@rWMxqq!nAi-N?l}AL1fpf!!ijVxH52k&$!t=;3M9kN-*zwYEUc0_nOwaEMxciE(ENPqe`?ePY`=NWA=2M`S8!yPyJ#}wV z5vphPCBQm4dQUbh<|$T}L~ZG80ayJlb{^%~>;msH4p;_F^u}k*r%Da<#zZD(%*8_Z z5#y8?2_oGy&hHi%?iFw83tt`1I0GflIkP)I!MqhHa~9oXft$JtE-ihArMI*6?`*MF zJ);a_mo&$s7j40+)|T6%utyecWrKK8n;qmSoW@G0f-UUMAOaT!z+#pKe)GqdEDFhj zHo@m#uDA+c3y+L|-kZC+JJcSOd9L0Y((RX@^m<`eV`jGs!vBW+nr(GvnE89e4%G?@Fw#KWlEXC{c}SCZH11LeZi0ur8xH$pi@LzcutJ{)O*pu{GhJv> zu-SC8%!NsrZ^BQxKBOVx7kltI)2JD2c`EUuemg}CDDzQSCBs@wfC%3J({g~{h1tiz zLhrjrUR0{>V#G`*$s>y-M$Ka-$4&&D|5=~go@e_>a-4@uP9B`E^vM?0_8pJj<^}6m zdbZ;-vlol>CrzduN?kP?yj9KFGy8A=4N&s<#|52WQ)rJP7pfmJ4DAmKn9N`e*We(0 zsWhZ{718#>A`lJAXtdJB6fvoLQ7nNs;V4;MD>=rr84*NP{RY_N*jbRJLTzbKo@U80 zuFQ(A_pR7XVF!eVuO#eY$_u4IafR;cK>J?Dx^cM(V-Ng{RPXD)dfKru#wYw z8?z(Ji-Gsd`f=YvH^@WuPUUPm=o8G4l8KX;!px|v4G}#TuuM9Qg66g}l)`2Q4}&9- z%n%_rIKJ%hcs5US&SF6h<<|J{&35A-SL3loH`qbGE){g)Yhw^FhO9P&(%5?ZPCp=X zohIedUnd>AGtanPZ{rATa!10BK!D# zO2i9`>=d9moCgN@8=Ce6q5B8#@y6UC3|!DrU&wA#`tMW=12o8xGleoiLxdfx#4DS@$Ch=k5 z`$o9HJuao$OE&12Y@!$m;>B>$bGCG&z#`#P5lU!@jtqD7Ncf3SmGV{6|d*=L^u3KWz_gvz%>c zXimhh^YQ;(Q$j4q*eC+>uYXi!JvJ{_?Egd8Spc`yE!o=4%*<@Z%*@OfGsKRWnVFd> zW@d<)DQ1kB?U*TMl0i@Zo%^O{=FO{9rK6In_SvN)ZLPif>u$z?{Yth0OVb5ROrpfY zg0R7Ho$H5MOb4D58dGLoVOMYIYXeIu0YglgE}Fcg zOA25Hlj5PXBr4AGZUPE(^#q?o5dS%M95S1AirJCM6k}TrgQ(VYfeg{rzblH3Hp-Tw z&8GJZ6f05i%K7~&SQ5rzW2=3vRjvS&OG8M$KELKG??VDpqT_wwii_&PTGT0evL?3F z(3EAZp4;qLtD)cypxSS{s{FF|g)`@Elok0uobx-f*KI z67$!6Ub^X#_U{t}iTiLk4L%uPC>koAzdk&K8Nxb!YOi!Wu;?l0MXA_!BFN z?=j4q{HmDEac!Xhmi(4SR``Hghc>g#`_Yj--QEoOEMC#=b6A_bbSS#|%RHby1kYk! z1AaWd7A+E;9lsMJqRb$?s)-kmc@RlnY}MES8Qy$y$6k4_@y7u6+XaB@@Www2Qkx&{ zp5B&*8Y-LU%nZCr{lrGDR{X`_{1(4YJ4@FaLLTgmm|D=FK=2&c*#ad2erHn&V`UNe z3AH_Q$QQQXerGTMCv0Hjx9Y2f_(OX9S~TmNYNa#DaE-yR-pnS;bTb2f*=0V8-i4DF zDs(Vbg4OF*T`@TnH(jH&k|A1hAMf9a(k-ti`1dr0DSE!zrl)NB+V&Cj=+I(h78%XK zi_5hNO^z{odwV!>{sU%zkCaQ?TknrQVkwDqJ~&RGCd!C4F^gOyF8!?I4hdOCLrv|B55v;@u0f^s z9P6_DWuK?4s|qA9HzaMJa}|M}WJAV3#7j4$_?GF0rr?{tW@p|ob z?wf9Np>CUfz_!Qr>OK8}y2thA$`oP!%X;WBX@*24Vv^TA!B)t5$k0!x_duDt_VRpW zUt3QPH1mtbUv)Ob+(K>_jlnCXZ_Pw)>>5?>YcYszD4WducDr3y4Eof57fr1s`Z!t> z41{9uG0m~?mPuYH$CK{enPqKSIx7RlqH@D{?C5=x-D~w8gRB8<$02U8M1r)ufmLZ_&}G#^4dVz} z$U_-k43Y5D%5v-k%vtYiP%@%Lc`yvW4(E2P-h@ClEWdKXM|un;*?z-}s2Oxg&3oU0 z7d+L1fQUv=UPNgz_|-e)C+3gxG#tur4p;P88EQF9@@RW#8o_i!etNdjsw`4xi@b5P zjr8@RvNd4?kg(zW&y$?L*2JwVYPQ6!?DH&}YQt35mC^nFEO)Ck!Cb2V`yBDaAxFdy zE>TOeQ#-VLzSSn6!W*S%bE#~sl$3L9mB;mNvuJh}AZcF>G^TX!}AJDag9 zzP7zQ+lxMqbkJ&uJ- zy2fv5?4oFmTbX&WVVM$S&2yB_dWx&o+5UF_vcDI6xzGqFLwK!}juVPJl^0!PX=f)#Q3;DNc2pQ5s zcVAshgE^+n5EaEz?L8{X1zqcj>$hSQ(x;^d1?j~5yv^iALh5kpLqqm!)L>#~GzYzR z4E!XJc4vMBqKGGGC6HNQ{}qn<(ItoXG&nMpxprqN$5gK@sj*|GzjAEr6@Q<3aXe7o z=Ut=-An2>b^l~mPsLtRDd7LEpdeOa;9B4ohP3ErS^hE#d3b|)zTF<3cpeH;jnI8d6 zS?%%82TA#4SG>V2UNA)aHa(|OE2@mfDUU;PP`W%Pqhh^6vZ#IG`FP=32w4Yd&VUTm zVCfuj;{RHz8j(%}M6>rkl6r!1WC=Y9p$%+oEnG0T{omMGI`M=ynLb|RBuy2}0Q+X@ zPWypJJ~|lMES5esmNeHU%MxHBPlDU5>CSJ@w++9y{a<}+CT}geXm)n}^w0POcxWasj4eBr09pcWlqOE;Q^2M~1 zFIDNb=$-OX^~&O2h+C;P`^eL~6#FMm^hc-S0dv73GI_~LmonJ~elJX%^y>=#SyF(JQ@-=lh0riTI4 zlZQR<9L(^_cScB#*w1QAXba*AX(<+KX2}SP5$>Z>|LWkB#m*phLKKJ*x$RQLHJ*Rt z8cm)x*0mjcaRaqs=^qXn+@(w;d>9xL74wr6TtA9n;iyL9CCCb0f59W3 z%SSE9U0iVe=_o{sym!CSZ|#5AynB@*g2DhBR+0zU59fXng1}|cgaXpUeu)3a zSZ&(zZNsJNrbLW_M-^0hzR`H}80@^rd+48(14_YRq(*eNnAKMh4xN}JR3R2{rP-RJH=tSgTh zh>rG>Si(ILMai*vC0pyr&{RF*%=fJMu0ZCM{Vq{~TI-zVM1*MAJH&z_mzfs|W&UAC z=o;5kKYs%bYVJog7&%x@RL%;I3gy24Z^;Xx88uK9U%T~&Z$aY|Z;-nq32uE2cIi9b zDR~*k&uk8dxBDZ;dH2c_5K%7W{nFoi*#|m$mLx2r;X2SUZ)gfVI=4cZQ6}?(rUrMQ zX;wgqdgc))Aj^!UWklsk)J|oJ&d`E-8_sB{BxWjwc{pq?=+?5~-f|A?ZNbodgXDVF zZ!@D0-pd6n?qL8Vb_cRm6rBW90?kfJL~{3SP27;QzEFj^oQZqUg3R@x#XzyKdQ4Nr zG^he_8XO9uIBe~+elJ=Vaa73zIpnnFtRb>VE(TYKxL|ax%1hW+%&z)FTiymNHg*$= zugn5s?!FVbdk^875>ic^h~h=#idy~N;z`1uSb0t8oY^LS0D=c2RGI8Fm=OWbY*Y1X zG^Q9r&7VGFOJm%D3i9tiTU2(>g08VQMJqH8>F9-2yM&2-KB>{xN~wCOn*!k?LI=t5 zNQj9;#ERw!05=U7#c#kM9d5H8CkqNAZ8%BgpVg|vBhom>8*PNHAsyd!LA@7$$V}iw z%SM?m;8Xul+a~dDts@UrO7+dh$_ue)@@#jc>GY(0Q)_LKysMAHWM%3QT4F%N{*+ha3S@yMgA%hVwU)qX*}W$2SdT$cu>OHccsRYDo}(^ zKaZiEmkU8VLO;i?SiLvBYKN6>t%xdeu#gU*&4qL)!-RzbIiq}6ou{@=tVX@j<3g!P zac;n7-{Wi$pn?1ZB$u8lV&GBJa?F>v&ta&lW;d-lCaGf0A#kpNy5zc>zT>yGYl*=e zZ&~N!w?=r@z(($giPy9staPhh9Xu@IM-=1HUD{Ex(EN*4-MU!q6RCAHTg@*}%|QD@ zPoUE6vUZ0Jn?$I{!t)n%wNG~igQrqD)rn-gp~fgJ&fT>Coad8s=vz@MBK@;Eg`rXHq`6qX{DqA#>mt2BJvvhI9MJHOPhSpH!Dy-uG$?xGBNRROm?orVbSd)cNp zqf1CGY1B){dh)7TU1sL1TZ56&{#b-V{;ZYlcF)QT=mD!&oFfdD z8Y`mubDk=}I)EGW2g3qi-4oWSZvLm{{J8>%hKCQz)AZRTgV%ugm^D!Z2SiJoj4>37 z#$y@B6=8#Bq0*m7YM~PRwr&TZeB&Gmh67XH-IBfW^HNK&xdOGdvkN>I5u6l~t>T2} zZr)Lpek2!cmJQ74p{|;N@Pg6{FE>B=S46FQs33g9EDM$i3}#eBY|SUr80}T@1K|tu z_-N|{S<$iAS}}VW4Cqy9gV2R@1u5z*EbkW=2qKp^Ze-BMl_NzMf>+`L(+op*M@3TR z?cXV(cSc2uE8+uNZWFQVByUNI zJqXq7f>~=t&^Vzuw<9z&95>BL)$x~<9VHn;H`kO)rE?=~3RDc8&m0(7%L!o_9Z7z} zdkWuJsEa4*CJF8SC4+b@);4XCpSow2*CGQGXbY}X8uEU5i!`ul?T!SK-G!q2)iw0) z=!qEY!}Gel%cwb2RZaM|kta%B(!33y7PfXJL8|9zyRAV=@S?9L+=ila;Y2Om{?F+u zW_Yi^YzC04X;_5Th zOtNtDH9qK^q@Q*AZD?Pk^P?~>O6!?)Np4!t0#cm#6t)+#2<1J`UhJ!NX3!2SY61Ty z6vGp{*2}S6$IK-L9Wh$G-*csAx7J>M8$#NXg|{LZcpHZR^f}Y-E>!@I{rsMqJ$5Co zV$^&KA@sQ;790;;m?dSD)WXQxOZ)d>0^_YSdY=z&&I;>~*YkHB^%^4x9)_74m}_9Z&@57qHT)`gxlj-zIpN!u_@ z8)VvqBQ_W#lgD#Gt2R`v$+cJ}gcHAo?5S!XI^xZ>M0a@va;2Le+}nerG>gX2qAD|G zekxP_L2*#Er$o1>5*N0of@n#O;>IZQ{wthVjx5zu6vd6zlqy8YMRY2NdDz4oIyC!Vn1`ExF%M?YRYFaO#u&waPW2K*5oZb=GrLIC zJjF$7~!;z6< z%21tL8&@=>ZybNoM9adCQrfnbXQiTwz7u*8k1sIeV;RRfc#OVD>adXr`U#T=$@}0QC`m(SU)zZT+F8V7*;X-ZhnU z!H!brAen5xpp9_0lS0vbZDjRmfK$2b8gJ;bTF#RY)Nqn6vzMs;jLppRh2ugARf%IV z`Szyu58%Ug_W{Wrx#QA?6#SL?*T8>!oBT9}sDOKQCQV5*%h-@L}PC-@$lbB5{( zv13G`2p$W9zCeA^&8k-Mj+dI!V~4ew*d85s7`hQ#XLrr{J6Ig{clo$XZC60h1qCtM z>dPsSYMOPSy8Z_I{=O2NRI#5irg%D&y$8Qlq2}0Q`l8qUWL4vnHsetccUii+uJrP*F5RN*vF^UyH+4CUZRX~ z@aHxs-^YJ*?Aa=BkVMUnFm%vBu*A_WET39KiC+c}_?~c44?)+3@97NJ6EDrZ=K=-8 zfA9}bEtpPxYuy7Q{NU*0`Jud6D<=~qNi_}Z`{i9-vR+cyV6rv81(NwKw3yo4$r{Z< z(}H;;t0_JG-L$^IoQBMSVIrcVj8+H8!X2?gE(ok6b{Ho*mdBIbZWm0@hD47Q*)zt0 zF(qBO^-3j@TV#70*nGPOAr823ozmj2G{CeEW7~J%C_^($Xx4al(O)m53DR>M2Z6jk z!ggao?tJXgKr&=28CVg=q%DvY#1{fLZ0F8EBCn}In3F26G~!E7qgN*ypZS#tzd_}`&3n`q zYpvqUavV+~&w!4>dMft}*^K_6szYaRga7_lgQRjgijVZZRQ8cb{Wp4+K?HmO_`zI0 z_!HwszWJM2m%1cVYmF+|HCQHlz1DItrw4QpmC$^2u!#yi>6)*I8z=PY3T-IG_qs;F3I^g+he<0`h25@*mO#tY4fc~xQ z+3wm`5-pTS*CfJz3A&+*Q+@`T$`y+Btb?0#VRi2dc$#h$xbkqKU$Bra!ha34n6kri z)8NwjBF-9Km#*f1>$|D=jU=lGL*q_VU=py1nPK z0^=*+FrGN}_^u5*TVXt&Ct0xTNY`Cxk?=G%>E%*)EUpotoeZ+;Yh}6O?L!4hPuN<7 zhTXRS4VXy05=G#|PwQ&c;#WOA4%RTeN=kjkxJG%|2*pXJFO?w7?r5_M#+S%tN$pPB<|?Qr|M8VwKX;8c&=y0`gA9&tuq#4@h-9q;2)a|kxXfLIS;=&e^)HZbumbOpFOS#k@+^r0k#koAiJ zzMoS3)Mp?KAM8yWH;-~0xmWRvRHnVb3_H)CSxta3|M7$0z>736$^OCUm$QgH8S4dD zouM3mPLhlAYMgyqlh31<3>}#BecFCXHJK)N%;7Q7BK(OZs}KpL+4sB~mZ5M1H6X0V ze8dBg^#VxzoVf8=P$%eF3JjE=7<+mQta-jRxZX|gL)Dx*Uh9=w(@XfgZeti)h zhf{d8F$w=9eU$l#`xGH~9IN}>9mTBVoh)|NT3cL36A^2dT?9t;LI@cb37c^NB~J^( z+GK+!Uq(01Nn8&{V(;Ab2+vVyD2r6Kum%K93x_WioLuw>IlzcjZTYlLU4I>O7CVX2 znfWlB73Cji8ua%rb1@rC>V{scm=Sr{sQo;HdMwp78cp?L_es`eo95(PP_S9&s-(+` zXDE7nq*{R=b~m~m|HiEGT@0r`M3!=f*}tm993wU!J4iwHo>Z;5?X~>rc1}4n_2}ng8KY(?Dxz9k2yC#dd-BkDX9U!qUke=I-6C!Eg z$I}Pbt3rJEt*G);-E)E8`8jY;6H3~?L<`N4`{3Qj%ZKsp)Foet5UmgSftKwzr819C5pIl%|~50*w) zgAt-j_`hJ|Ns2W?P&d#J__aagnSVdz{JOj+(Xu#r^C%Ff@!UnNA++x1s+1~(U=dKB znQQe8mPDX-x zO(5>h1_B^3CR!1_MhIE+47mS7XA69W4b=uMJ)Op&4;`aSh96m#&|j3pdLIT*7bfCs zs``ab$RUg{U*rQhdtW*Rln$v=E?8yOpjOIEPHKcO(_IPZZ4L2Q7lJX)*Xrx7sQ*O$ zzS+G7^yMTuyaOgCY(Dna2{MiaiU-4q@w+S`x~YJIRwq0THgyUb>=18AAv5&@tSMd) zR}`5!%F398Q~d5v8Pr&R#27AgHGcU{dV#l2d{|7R!~uwUEv+INq~uJUSE3ZD6fAg; zmrXJ=_m)#34Ca41_9hxU#0*3QG#qMvg+z&=PjEgi!D@hLOzdOy+V53)a0!*~QM|RY zko#8b^B1{kv@GOILdn%}`6SF=&2CtxQX6&sOf?Pauo$0*`t0mW=JQWqcgiOft{VGo zfDW}6xy-P8qZ2s~9|i>*a|PYY^K?W$?z8lhy^X%5JyR7ZMIowgncGuokypDX?F`wM(X$+`HU#lXC)lxK1pZt;oMuQKAtFoXD zR&}Q0eq#^;uLHQ|_i#?X^7$Uo5&j9Hcnvz%30l08_2#l+-j8vi=^V;E=CsCkp?UJTd>6u8ZE<03GO{48ho8Y_~TCPbJU$=o)_wu5NqXz zeRLek>H}QvxYz1Qe%J8@?4EUR7S@^EoW8=gc|)(TvzV28#EU(>DFH>D`863PrX8P{ zZrd~3h8H+C0z|{o8nJ6Fgxpl=f@j z*s$H_?rFy(@L%%{4<&3u4Hng8!LbRl<&X1*I#Mo~mZ2L+e;mRR=laAHHoPhuq*9}A zU?tPTuH9^uIqkCd!?gP2tISgO(~IUylohU(Rmh&ijb!r}EzxF?9kjsl?>_3Jgq1F3 zTk~-&hjRUFLo=Mw&2=4}gVR+af8QeT=2_wHwOM&&(YnYgSo)#t=7)#$Lo?_UYJiuR z+yVg>mFGt~L57d`qY)h#w2}SQZ$05MBgxNN9}JT3&n zF7SUTmN+=B+^)e$&q+TN+Gh{<0y2L$1SU?ib)q~SaVbI6-2g{ROg%mvy_OvBf$euz zS8lDwceJNAagSlm8tnV*KK_`pqa||&`rqg)SN^Ds*bZ*go1DYHY$Z>36kkF#MNd`I zw+qo*K=>;I8TzLrN@=&}H8Lsae8e{Q-r zJ?gmUl5|Oi`QC0jgUkIBo3FM2g^z2`zgDvk!NkgkeV{KzcHl1^n!vih#>e*bM>s&| zseDi4OM>)Xg`(LzV^KM5wd3Y0LJo_aC4cTU9>k0wnp}X=!@;}`E$EBPdb#aR6hwI{ zfK#VInn9De+&eQKCWI&hi;T~TB7pk2#BmDbg8qfp!cGQpE(J3!AqnY`29pE$iH||R zvkdRXtq?kal0B|ZF$s|WM7DE_w!3z7Vu!*#9nF0ggXed5IP9kl4cG%Txjb-DOtb`uANX3lfqdw8Eey3^i@ z;cyADAn&i8OF*CrI3@V>cUqCW^Ns!7W67N6XfYJ`&{#4+^!+^#1BNH!@An4t&VEV+ z1YFlA@9ENs`!$QsizB_0t!{-%6 z#;dWapgq;&6-3p{iVycx0uy$Hdc%-<0^L7{4?iM#c6&cW_OS3qjSFmcJ>&a@mDIv5 zO++-KAUIOSm_Bgb3O>5Kfx!ItV}EX;>wCw)??00s=UfHfE>m7D?S9Xd&k4@~UoH)2 ze*rb=5j}upQRNwLwP>QC(SCR3-6<9Q@+-%zQ)3L7 zYaR$LdoMJA4G82N9}674`rN$|WV`^5c$+UF)Soa4|5d7grxpK$QCuo~HFD8BcXVTbk7h*OtxT8-Sf!#w z;Osp!AURzw~DygK+?~2&fr7X2GsgYtI zQN%yK`pfrdBCUv?sgP|{$<_JWfGV;Aze@24LzMb`k`gC!JqMz0{-ch6t@s9W=r~t+ z`te#{%v`PfR_9fSY!8O3=KawPhc{nERt8;K_h)_1CpcD6K1o+}qxk8N2Xj zTafwXP(*W1DKpBk<@FbpR`OQ~7i!;FzVTgiqXe>_6|5AHci}$15OEtzrOEhGPo(3P zLg%+KtYofQ!9%xG4b(ibnX>9$gEe|>C@?Aji{YOc9C!z8T0XDdY~r1orEsZ%-$xV- zNd(~UvS^WJn#R`SQ))u2qRK;Jo><=j^si^h+yoxmmW;7hGy0l9&uQs7MM&* z5K2ORm0NvbpXZWcIzj+X3eY*}33e&%#Dvo(=lp!7i8iE*;UF9w$fFPD2ahOPu4G)+ zt?1I*)-{T3!e|KLykVEd4z3+2qtHypUjCy3|FoQiiEu*uz2esg=1*)j@wMFjv(Y6e zJ4QGf3zfJU&#!7ZLncRDMCoRBhB}nzq)V%%>wGNhtm1rY6-bwe`p! z8L|jobke?=61(=9c*y6qwHs8Y8&iH`EX7Mriqf(^E#rAhT9r}2WW=;bWY^u)n?#f6C^O9Y8 zl2pG$(i>9`Dboit{&-*tcth*0vW^t(hIaBRpp;)PvXjoflZs{*w#>`_qLY)H_}POTO!PUjaP zoR#gVoXUravE$()X+9q+V{H}vw4#Y5j}WJ?Rf@%@IfFeM>CaV58_;0qyrb=PysUkJ z*~-KV;o5%C%m370>|6LV=Ta8zTRHZEvRNQ__z`4ByGCfV6A?0v9bpI6Ya*cj912)Y z|1_0{r(!w@AsD!-9wv|en-`GY3SpJUJh@tVU8Cn#I|;=z$u8S20PNG%;PP5c8WC)x zpkG?(<%3@`F)p};PSJsAw9(;A>1YP%IB=FM+Hs^d5O6bv+Y{f)Q!u2}auyL{Rb%~W z{i;tTzv0Np+MNw{X1mPeB;p+Do85G(njlQJcBwvxs@4=buZnEU`IS>qlO&9qAbbV$ z7Y~N^Dp$iTdpU|sm2qtZklqWy%+YvGhIvO6fN%0iG31eNhvW=vf=DOt8=qdda6OGAg*u(E1D&7vG+Db#Y7OL-^5bv;ToY{a zWLBlC!!BCCg9D6<_D3Pur{G{Uj&1EmKL37;s9hBvHve2OAe(Au%kIy^BTrT5G2-L zAdCI8*hq3(?rFp@S}NK^GkWwm{M*H!WR44{5_`2gJBI}fdx-COS{qO~u0^0=#WC#GpH<{LYOJDj5q+TMV!{tNMt|!eo3!X{~(7%@f=l;hoi2 z^c}4Pj_O0?G*Q14oCdGQU9G|nCtx&_v;NMpyOr&7EpFob5ju6?m9qyW3kz^Qchwh_ zNVNavq(couJr;cR9EMj;H!ctx#22$%axN0oQdmgyHB1%LbF1;5oalw$Z`gRUGVn^D zWU0CmFm|E+MWS) zciGN+)Zhjttp5c0c_*~WBV|+8l&RC%YLFj{MI+{@gM-HCUoV2* zpRGqr6>q*%@>M}8)t~;K;6_|}JBy}kOBJml4^XK(@RWESY zRbcQKUD|%>6fLOwes}c4`RTJ@U(FXdr=7nkeFB6+=j0CmzG@Cf^BX;-z+lcFQzkTo zqb&W#uaH|lkCqHkw19Mde_ z7lLi;rT-*o{_cLz|C<`W3?(Wb*{M@~^%+kl%>554e4tQ(_xv9$TxPN8vKFch<0u^v3FIT--cl2NR7=3C_YpuF{LyO8pO2^vcde z|0OTgs%HFvH~i`|ANvuAg^8G&!vhYoS{BG^fMa7H2me?t>mi>Fbyu#KzuM&|Np3ks z?H|Brl$V0B)q^u`tXKrsnE5gt;wb;+xCqYIRTn2#2@%eSKf<#yYyrSm_#9Yr)$gS) zZnX+v0R69n#)BF~z$1$S>yO>QoqS+xp5+vv|CH`DF_`$pC}8(}!8BL%sjD=salL_n z>T!bvF*m@)en3dmU(1`| z%X*Xk@x~0MM$ZR%VvVqP&34Q#PS9dR)en7RvutqU9g>jg#^=`A-vd7lW;Ea2?qy~0hsX~=vocQ3tzZxRlu>-Y zXoR4*l5Yh&^=>vSW*7ew97n$An>9Vixa$9lXc8>ck6iYvD1>lda!1U?o#Co93I)+d zaBMEr$Ha37l+HFo=&M@wR>6R0no<+BE84gL2K6RCZd8{Ve_`kZd=v*bv6nwYLSlln zj4#-V9@ORon*}zNx^}^8b^itdMtBfipPyWfp##sCEVHfnQiL_A+b}feT>B!OzIs{lA=gGOW&7%1);7j|e z0u*C3S}ybbUPas(cz@odxITm7$@xiZDqyk79yCbj$8i#we`IY`kRdXkZfD20YTd3? zes%7DzE9=xv~rOjaBJ_%1YhAoRkz5^pE3B_ap!jIZEorTp*G>^ZVoTa923R|-hffa z(Es#>jUN6-oYSgF%ES1JL_Y0YnZHkc+yj38n@ucuA&0fN*&kaA?wKz+`EG$Ii;BZu0Lu-f9M#1{Sknkn|Ik(KbWo z;Jv@>B?r&?<3)Ud+$f>vAq5H&61Ex5a|~*f#jJ93x-lS{=&Yb?DMs$9I_{^#jrt$7 zz9w`rNkE|hVq#Pr8M6I-`044XH^F;+y`cw$`82ko<5S6K_>~CQ+uecWRW*GG8%7T& ziWqrrV9BD!!4r4GTBgDQ>t9HC3=W@8&J0-Cy$cOixbb{74~T>xA-S4@ZqZ><{t${0 zeB4Eb!Y&6wJALsjnfXi18GZT(-2QNF9%uouP4Ts;LaVr9oXzXSeGP~9-waRQ^wt?Z^i(XCj)f_9~D#3fb7`@K;L-xaFp))+c z<>e*AtGGld4i5FQ%ZIro?PH#t+a==J(TzaBgLbGPp*mWz=c8lEViHsEw7gdU#LD^W zY$yV`y5AuK4G5HhbtJ9gWh84mLZ4J__%yzk2ULAb{9yG zK7gJJ!PRqj%3twVqd)vD)*$s$QqE-6P9(SaskY9dA%1(T= zR}gJq#;J~>u4&{p4I1LNxv_F zC2XFY@K&!D*?2f-rtn(MYYIzHY*zH)Db!CwGYH07HD#0T5(cJAL&f?+p=|g*MR9hWd5lCw zxhOu^`#OXe`WnTk$%N<$tQ_2^ub5IN{LSos=0hp@Y5}|=fxFYR2E$XEKSFirNR#sz zrA!Aq_4(b2LIz3*pU3Fi8Ju!NRU(tgG54nsu9+z4qm|(_foib$B$cArwm%}t)DkD+ zO=0fq6Os=~vn1OoFK4Fz|=2rgE z#k4sS<6-q7hVvoy&liD%&Z5Vh7x8aUw3PhIzC~b}hu&bR{DeYga_JGxQVp`BW$KI# zYBX8Xbn;B5qxwOjX^p#(I=K5nIH?^3un%;Y4vK?6kXt#be z$F$>RyktXc5(x6sip(C#@$eXBmcneW|evwF;pd(}O2E9q=O++X^t zyKUl0^azDvmsIUpRLK%%)T$IE08V1nbHeLx?@5X(DVuZwUw) zd6Q-3!Ie%CT{wR(?riW6Sp2d>?n$5cWtWslQ=XxS3Y0QFyu;KS@)3ADRO9#-sAUaA zmHt?`zkKaKICy#=s}qEN3S1i7Z2UNwI^aLMU(*NmQRW55W$7_=1*3p>j0eityvqpv z;CXkqMPv_W_!^;v-_G2Ma^O0JG7vD7l!ShCx;f(Z5zWFhM3+FsLWwuwpm-J1jE*ZT z=Eq#^3`aDA4=U|}`1)t*6k6op0ZHdd2f=s15*!XSMKQ_%M<-)@Aw6u2#y@1Qa1jna z*pDt;i#in^Zznh+FXVEbU(@PV&r+K-%&nlCclt%GhV7Qw5NxO)kDdOfvU#Umm?BQR zm#_N75$2pHO|e7_Ki}vcS!8qW1hxe(!$pEhIS-My=aw2eb#>&qha!qopi>rSqn4vx zCuYpoueq<&w(Hwj+tW33CYU*hOU)hhvDBM39P8a74pRr^f;a{>IWd@N(3na-B)`S0 zJM~aW+VwQ3N*h}^!O)HW(1hb^C=N+oZr;pP73J6x$%7}C=Z=xf&{OPZ5e0W0%Zrb(tFuAmbB4^IA@{mU| zle{%oRb|-xJ>CHez%a$czU$GHQ~pKGh?jx=6vtZD`8|wSKl7Wn=`@UoM4XGv418mf z?IIzq@K1V{9yRz(JzDD~UikX-o&4!~Do{l)7rF)6Bb*n;ny2}1->+qE?T}9#@+bmM zUbSS=sM!*jn>x462Ga*-hglZo0DbxXnRnn6P_5Zm8l#SFfZUgTZHk zNPb`d@a+BmP3Oc?#4q6Ec#P-7F%Fa(*_XZrO*xif3TT&QqUjhY7|MV+s=DU(=gT;l_4=#%FO@KfDWS~%-HtWtv6Z~*}PRl23}nN zJ^T4NwPVOV9F?v&A5&7Sy~Rczj9N8LM^^lm0tkinjgy~=wREl&hks(RJcC){kBt9? zHdy}WD(|^RJar+{-@G1?ETP_V2V$wuQj>A`ptd|`Qdc^alo214Gr#iMaTn3b$Li65{pExw@7)lDKGSxYQ zI4t5a!taZMREPKn(w_?|!ZL#`-fa0IS7q0WLBT=8dg-nas^H zr6UagFTSFlVOe<14Lkk*AkcOfutId}=&$YbBP(1m)ihI~N!Xa|=KMpyuo_|wQo}eu znp#JVc-Nq^Rf09WqZ=LPIF-H(7qehpodIDq0}3!=*JvOgB2XMoydZjN7OhL3KPoxZ zDh}J6n_jg@viHLn3#(&fiQ_9#kmJCo$rkbRAcwc0XMe%CbI?e2^w~K5FjXQoAx@tB zcMWzC@ZebNnbFy|%5 zvfBl@15px|ei1!=g2-45NqIcnqnL%?<7Qp~-=wi3W3@3zbEy*2s8CiiMnnhC(W?+E zrl_5lL@^RQMKL@%{aQWVD@N6lj&2JU7Mzk|fr8hht+xgCf~|i63%5}| zTLj+v3Qtw8dVLu!My52VcsdBbHzp(7xL0kA&t?ivnB4m=|1FmST(NY)*e927{mm2< zvc1%$BkMA!7nU>g;S!e8S;!A>Wl+><9-YlvBi+5)@AvW=7Lj51+8Z`rEc7M*|gInpl6%dF@%sW&DA(?uXLaMjgiNePL!Xp>|M&NjPkp~G*>;+#05hH>ho~@%J zH^!q4Sp6gqT5yO2OCZTdPNKyZyxecFo%crp3JP_zy(hM@0ZHvW03sV#>%f=&aIm}o zIgwj#aj>ymWN@Nu6S%@tx7zAo12YpQzr=KP#bYELmj5zW1}M}hxv%xluIqO9JZY{y z#aLVU7Pqf~FLZMV=|p}IqW8jh)@vBoiAyS@yYJ_y z^yHGZ6?wC5>esG~YA62g!M>rt1~6oMX%5?peX!r&t3l!9PV0p=ztIXOZvW45>b3qo zjth2cFT-Ig*TNKr3u&>ZCtEuIWY{;ttLJVOV-jim)&=rPhx6*e*}`7fJ;HewD>vCycrOMzU%iq* ztwT^9~|!9arMw+oHoa@Sui4Up@A3iGV@hWEO! zo=^9QB7J-Ufp7QSbJrs8?}49>ua_sD*E>I?%;4%-ja3V-zk&ASLsOZt5#PWw+h-SK zCg?3Qh#0BA4690!VN$Rv}&*zF)yW&y_zKJPC- zuICEcpZgt;s`!8xfDSIm{{zoJFuz(eU_)lWJ8Gd1p>*xKF`yd@txfQS*aW)HFES0H zFpwxTFtJLCZLIh`!cn;T$KYuz0`=;w30!P|vJ@E6pn0D~}ho3*apZxgdyYu}6Wv}fEGV~Or8-55(*Iz{n zFul`e>*Ink1)lFrG)qTWxHJ{PViV}C#-u8m6j$2VK{xaeMw_Yxr-*@c$SJR)XNzCP&vUWgM|IXn1<0u*rAPLC6f2)**Pz z4nd}~iyVOJ42B5N1P#$7_=U;5e4RMibp@m4H#&V6_4Sq#6lynS{mhTJszf!=o>PYT z!g=7_tJS1U@^FfY_3(wRs1<8x#XO)vdf#L8ArH~r7@-erfZo^mJbIAhvpR|DZpWvd zYY$_5HsRgfjZZxXcXoU>VOo>%x%(HJv`?*P<@g_m9CaMT88$1f|E*g8KRP~so{j&F zj)ragZyQf({4d$Z?P`A;^jk0JC#2~oB}_ZH#GexPHh%Z0<9Erf&PVSO_XQ@U_DAgT zH_6kms_zWU*9NdB>`TNjBBoGE>U=E#Ie-Kp8(m5@ER-?81lZW)Kxt4>O&6RC6^A`w z;|pZp02BJ2z=F9@gF;VE5r9)0iJ!vC^biPZhEwWu*($Zf0_gNNWO5Iflrdy-`vy=Z z39;=B-d-r1AJ8D0lQ~cQ#cD2wz4sdrOUKebAvYJ>9!yuF(nmC!WP3I; zoN}C5X*@|R+Zj-Gs(N%I>JD7(75zUO@fwLA!Bdt0ecaF9|2ZDF`@gpHl=y#9AGe7g ztq-^vAJ9g;I^{#iT_V|I7k$NOXtZwPBX$#`US2)FBS158Z8V=SB;A05MS>vMKfOsN zv)bqYJOh*@GKeLu6C2I=zS<2I)}ivBp@S-x8$`3x3k`>%Q9E%VUz{4f$bwpNm0pq( z!PH^G+KZ)M2B+_d(MMkzqjT$Kn_=|sEt{=q{|BZTbln;rK*jz4$K&Ii{r~)^-`fA% zcuMU5L?5>vK~f0j$|L~$w>03hH0XSwX{Z39;~{$bUtxjf^p(ui8uXoC zg927y9?-{^~C%TNF=BKHQpncEBN^nxghk47|TS}fqR#wF5%?SD=`kmoO}Q{buX$L zGdR>Y`Vb^>#iL!my^X(peQNvP$(36^B6DGP=QPj23lf-P_ zNKcSn$4W2Y+?r;(X0UA4PEXd~8tS!1-zTZV-ckNRisjEfzvp>bDOK%|p+3Kx5u@rP zl&gwp#DszoQ;){d+0}v9;jUJ&&(I|fR-y6%EX|-Yea3{L8kXDSBn*I0Y~*>h2vLl< z13J?4;j_fA3J%?c-;%LRYM4fwu?z|#b@y(t9DRBA%4>)mN`x0fZJYZ1Bln}ZutroP zEWKh-Ll)P1FEdQACoF!-fXnEdA}`b~{YEqfYN+io zO^|H!yv5riPca(?c2wAmd z`)MqUndF}L)baqG-GT828Is0Zq|CZc@4zr4lzSO=Xbm%0v@=gq`Fia3=Z-20?#K+x z4VC^wo&us?{|S2!XRI)v2!4XA1(In*=q8p|-*u_*csLbccQTNYMs%%#lq`@QN82*i zA6GWd|Iq0fbzB<>9JQtOf9P~IDg2F2<&K+J2(bq^ybvOoNMswzIo^|5_li2SK`Z1p zIyJLxPDq_-oP{m5At0z-*h(BbC@*oMMRHX?M!9Z)40IBxl^A=zX(D8;FT6SF9X@3H zeeCYQ+Lc&-+Myan}b3z#;7Os#s! zR&7?uXGzv%1YASBUbYqB#>MVIE6pEVxN^qD5AR>CCV&eUmS{xKAC=zy30^l_N#C5lRZG!iz#wAGe19w1)s}@(_Rzpua*(4#hQ^R!q zwC5MQ)BF4Cs^LbMz&BuU06OA7;Z?<}P$KQ&hhz@thQ&|Fq3mX(Bg2s>cVuuVVpba; zMGdJrL{#x@juKVlh6YN6EFLRb`c^~wXa>;P`%nMtQx3N@xx_~)ZFUCvU9@3a(})z7 zu!yX=Bs{@yTy$zIAhV1^P%?$M(WPNm&9FQ26<{!T=@yfB3;8(UoJ^r0<+qEV5T{0Y96{!Z;1L_`$Y|7AQu<#v7@E_3qQ`=QbwuAMm_>zEdu-xm`^NTZ=6jQctpViJRm z09UsUC%MOFQ|Zs9>&Iby3 z#OjgX0uT(IHhbXlXAcBjU79=aUWlkCl;l6C?K|i@Yzq_dlUv(ZKVKk_#R5zlVh35m zHp^Sc5%8r1mar+qy0P0!iG9=1>zy&Q$;H@gqh^YazN<0Sv&>QxgY;i~x73@p5uYgh zGM=6|m31<`;mBLzQmR^qtQXx}r8VNUgqqNWCgwNyPUqi1zuOnY$~U6lmOqA2en}WX4GfEf;V0loT(J_###V-AR0ms zN*iQPhTUP!kkk#ktsM@eb{HH*FOr*ZT!t)c@`;TJf^2^mnf}Z1;@3kk2G77y{AYCB z@5?5owB1AAyPF*>4X^7Lrb;|Cf$F+yEtcNWqZYC?r54bOLGMtR6kV^c(JdT_W zbg?|=nCSz774g5}aW4M%d^BwL|7_){5&z5daT^G11A!Y21WNhZGRU4-kFUN;b(|(Jd^h#yt#ILy5X07fVt5^UwfQ>z24|=3aukmFzma8)lF#}rh%g!f=!9e<0 zy!|KZ?^GAH?{u3kFD3YxL}Ul)8uyEWq08Nu;Lum*N+~?*9K7sw938N_4!RcqnOy~BSQvdpEDW3xO z0}bx&py%Kk_jmO2!N%7V08qU1B%v4D7DQq-@oI5mQJghx0L?-w9QgwyM5YWPZNOKb z1ZqbnYZMBmqRYnFYU-`4~z?N zN$@jF6z!sIG_$Xn&HuJ0Fd(sidvDPTkb6Z;Z~gvbE%yI_#kzPLZ;f$`hlPuP+4ld= zL8tp7Z~x!#cDtR8{r@(e+V=nQ9&auJHWvXkF9I?+wyT{pP91i=GX%s)j}6q`x%XEC z<+HK5Blu?S2+Eu9Uly!}_9daY)L>yPs?@_>>QvdCfY8=?PO^!_pEzme;| z8M)r<_)O2A_bepunLH;roGg=X!``Q{u<9x;jTOC`K)MXC^jcQ8VvY6w6bLbs+?$D? z8%6<0bxk1nq{5Zm&pQ{eSWBhTv$D8PUNvC(8cp5yRYUTWXi57K6-H4j_^aB_V5Ahh zwIK@?8clS!K=B0|6LiD)Rm5;8&=^lppCC@YO2JhHO`6#)DKWLq zE>(DQMJBHr>T8dQv?<&5`foJJU_b)-s_~xLI-iX%D2>5w$YmJ1B9kUurR<=^LHM7> z2lfMbttbQuf0&qbkteBSB2Y{8Ifz&qwug)jBLduujuRcf(NY7oyo-&`_(qgownjJ( zBf@t@!eooexbbCYsT5uJ_e?}Yeqih!jwfd=g4eC<0OnQv^RTa8Y0(*~vvMX4SQG5k^yST!$Vt&h_Zl@PVEq z7H6rs5*9YIir#@f13Q|#UPfdf4Iq*wR|>3o4Y#{Zarqfp<%bTk9s__N=M|KF2xpe&Q@bR2VMX(h|rZExX#|S6MBGvLgj0i{w(Aq}t zu>rD2bDrR%6}R$jcfo;;#-6{>*C^zrAanB=fG=nOfor;6TAr`T?4qmU9ZzK^JS|F>F)76`PR@GTD28HpUia3d= zka?s99JLjQiL;EQ5!oq-N)f@r1m`2i$K(u!*ae?m4Y}|&w8Mk4# z=f30ca>!kh;oXM|OY+%KyF+>2EzKQE_1SuFqWjh%|II1?Hc$RL+~4aK>%Z-Hk2dn( zZ9H}5zm3$lk@~*DxUY@i_N@qRzPMHrybOZAqhgF@u#h(@CrF*Ass4H)9SjJEN>F5s zV@U&atw#gD>3=#nQNYFti%Be9P{0~xGc)EmKSNJCd%XrYwU`D`3fneT0c{Vdyu5Z~ z2oUO$6Cm!}**0DFQyOJa0srwo8r#EId{(3)j78&1v*GpCXf~d98^u@K*B?8r@BVn+ z*8j89e%{!DJfM##u14R#E^%jNHt^)^t-FZPH;Ls?n?G59MuJf5_LvXGaka7+ubOXi z!LBiIP0wuBJ=N6JC{Cp+QLSG*%z3DCBBZ@nwF&uLRqv3z`k%&OyFJCH^iS5GUd4M( z?^8R>di)-B+MS1c1~xYqOFm2Je-NqY6lyKl&C~$r=zm8?M|(y6@9=1EqyOE;Ge!Ta z*yG#K0CU4`l)%TS1cLL+JyZND@O`8DJyO-LVz0}}-;~(u8!AUEm1sLi(tKob;rDSV z^cd+tx*$niG?JIkI0sa&pldnOnUjF=@EBQH?pTKqrDN6ku}H_$=FnAo!u2pWizX_A z3gTpaXmuB_8Z?YZa0UtL{@tBPw7!kJZ54so?t{Li32>useJG{9?FM*K2kc zv!?(sTqcA=XW)Z2Yxzra7?UyMlgoExd{R};w$8i?{d`dSRHu*G6Ehtawx=+=3{$Sh zLSlKD49ECSIIERo`^Zr}Y^k3rq{xO1skpkN3`#H5!PJmkQz-X49tZvCs-3j|_Bp;D zllI>}^M2U=+h?KvbFKdK3H}?7Tk5}9y`K&LrSAK9DqIW9#;81~(f{w@U{nA1 zcAh%=|3>rQX#U@Z=D*STzXhFt>Q(Q17Lp%nMD&gDh1$0tX%x|T_-j)8A}#9xvA7)i zrDcWeW-FJOZrb%3cp7%v?+qHoTV=nvo-WiEk%0ulpedu86H1eI`R2<5p9++4 z64F4LFs(F3N_=7i)2WiDOq5wnK1sB9kT1nLUxOdG(Jlev>1u0pAmk)bLRRAo+AXyf z^xre|=3HZ2cJH9$puutIL1rd>8PS+vzP$pVACE?VG|}F{^P|r5qs|WcJDN6TaS+9_ z)P~QUjh7}hlQ#7Q-ss`n-+kN15DjpabZbp#@j)HM?%^#R#d~`a?~fDljH7rGjhT?Y zr1F;moXSUV7-ye4HAGfx{O~_38s6`NHSJt&*v$sVD{*}P;o4_~ID zY7@n}bsN*`T9q64=jDJCvc#Eye|~kfrap)pt!8rq>zu&V)S4;B@PVAdy<0kk_x2Dz z2tMcud+_oxoWlh*nu?b9^-OJ)nGJp~tj#+8h6|gLY?po8aJz$lT`@0Ynd(hMIN$U>tKEAdXp|qOXKx zh3@BJne%X}gJ$mI$B$?Kpu^GoblfNWl*O^+IJkNfOHPUSRgiEQl&e|YEU?2NqQ`?U zk5Rh(HCn^UjJWU@938&ZFQyZJ4yj8L(Lhd}&h2-z3wJIoopDreM9#9N) zHS)e^@?sJPBhF$f=2Y@q7J*|X0ejsbGmy3xs+K#PhOT28UouFePshaHXw}?Q*3-M3 zQ-*vj@fwZsC!l2+p1(rfqsN00=O=Gpza~SD!v$mu)d*qE@uWhsEeNa6>LU$}QD{Jc zx`_mZDToj(CdgL24ym}(nZi>}MB9@?1o)|joL&>5yA$bPKm*9oAQ>9aPlyVU5`f%fUNvwa={0G5 zSt=L#Jyyg4pQyO{QEyOflsb_pB1#cadu>pN#y+OiLnAG#w9W3-z|NSEP#`QNiJ`g( zjzg3%A!t9EAPne+#0{>zJk)Yg6|~cF#Ug+L6w0zapeiz(oEqQ2vuym2QPt~&|IE$* zz5k*V|Fd`4*~I_c#xpDa$L#TKg#UPrvV=05ke^2o@?%Vi_c7|nz_tncdCWmSW|Lv* zr^Wmjd-q#w?yghy-s#F^V|inq9NN%SOA#h2p9z#ES*3hQVp})L+0iNrNLdt{k%TW{ zVK!n;M71U8b4GWYHoI`2XkwfHr*Tc>2=WCOGkmV#{N4l7iZ^nt_be&@)k*v2o;mX0 z!G8BeLH^r+(Rs0v|8C=%A^+W8+P6*O??*2N-qXnMO{%v?F9Fuh@FrPuh5D0iw|PyJ zuy6-$cbndg(ine&M7pZ$CMtdFeQ7p5m&^JxVOb9AS9&YKMA))*1e>a3aNla8M#92I z6G0wp_s4eo`A)-2FjLGh^Gr*17BDs9ac=12XVX?7%gG%?siM(MSiv1gVeHMil>9DU zBD39dCFYhE8}{%rA_ECy`6-WQ><^kd=NSv8+SX2?C(`kXDct-kPE?g4&~*1hIv5Zx zX7%*9sf|x@Fe2e{ZQqgckDSb$!t}-$5$@N?J(tUC=%ZY5caCQ-G3?bwqF?%1LjJE1 z@m9(I+&w(pKPcvZK04aie{bcPBL7$H@x~0ik^h&L|Febq#UO))`l-c^|6+Z$HYHfVt2ZDT2>g6nQ3UYkkgs@_gP)UpXXmAGtScDsGf5pIyC(im7#9rp-N? zHTQz6v(=Td51MXLJ4n}R$)LKlU|p&)F0(N%wR4NFO8xa$o?L$U(#X2jKWFsr%a_KN zkKGPbe%VFq0%{G=Xn*d5Mctt8&Hcfg6Zboo!DvlK?nd?X7|t9_WYI%6d-iKObuh@i zJ9Z_gHs@~Mxx1Lef%eg>ee6!lM+ueB5~?~(Gj3wD;{^VR0`eM=fW?8r@2Q0VS^rNG zNb%KagvzUb>f>|zn zZnEiA1OQjzAz1Tq7;+-Sr5qeom}MMBNEKd z$)6B%dTx>7b}^Wn;VbecbSe`k)WPhsx1~k(+eCglHC|X*Ke)~Ql&wR5Qnj!PO7~+N z;~@zz-Ox7D$quttQU4*GhKF?-z0&>fTKqrv_YYrmit#_4y^a6ptvqw@e>c~@n`_@S zT>H8U+3eLiE_}0}znv@J%}wv4zv-=U!TSRaPa&(uGSc+iE1})u7YPe<3CXf7L7YSk zhlt87%?E%nJ%ru^B-g@pH8t1A6ZE?&;Fwd%nid$HjYxHxMjI<>K`c4KFO2t#KAw|6_j(|55o(54VBev>GDZXA})6Tfg zG4a*7dwNWK2k1g>Z12qYt0XRAnJyy|59Mg31JguD9rPUScQR+>?|onYX=-p4H~~&@ zK;>k$6P!6kKel^XupwWNIHd6q4x{+MF4&mBzqL7Gsf({H3ud<}hcNL?*Fq1kffHJ% zS=-^44Eb{@^@hD4ZKJAOiylD5)Sp>uxUQR7VNQ}EjFgO_5Htr+t(0#?!+jppt1a~_ z;rVXu!3BxsT8G~8Vo|!CEIHWssQWD(zLR+3qsRJ>-k8R8oQ`kz2;z8>$NJeP%$+Xb z=Utq2xQhKxJ5^&E+k)fU{?V_fI{wX{xBW%W+e469Pgxv;Df|Olj>oN2ECoxN1*i&- z#cW}9p)MY)=9WJn{-G9^Ar*mYM8XwSxWA)EcZL1o;`I;bpy`SqF*pv~jnTp;zsQlk1FqT59J19!u?&c5?#~+}vt0dc zJS0Lb@dX|yiUQ`a(o6|=*;y5=4V>0m&(nmBwYP(PI@w37>w zw9}i5cMcLWg6ZFOmGv|a8R1US6de!-BQIS)m#&|+;O1lWHc#a*gI{<^_yfny3}X=H zoL+-7yRM=Dt^u=AQjIS1$jDOJVuP0PD_991St>8t;1aspAYwHlo|7??)N&00HiaEK$4YR202U+GSb*~$EA-_9=Tp;BCHD|0x-RC^)N{2g$nr%BQ`#JD5-*mCYPT;GUL*Uk#YAVw=AAwlYl(e&4Ctep*knpA7pjP(nL2S8jKX#$Zolm z3^T@`lsHo)cfA=b5TLsp<4=FtGx4hNpTcwZUl3_~<@zq4)x`M(eKzjApHY5^79f;$ zcOzRCuU3^>9o_I7CbMS4%|fn;HhsT5APVy~E;iK^F^%p}o65U|5_M!1vezw%td=2H zr1o$;*RnLwR(@z~M^satZ}(O$F0&SEyIrZ&*dGJ8eMg0$@lf^fCR^yc!Ll(GVu51Y z3ORHTi-#hMqS{!`zl3VGYMqGKP4!SUkx|Q)RJ!PVJErFE+Gp{HGxNng*n1#Ap7QSO4R%vsZ}! z>>eKOZQ?&~<0%{oFSeJ&xUXcnLL8inc)QRTQ61_wFIdcrZ9`wav~rP8cN@IcDnwxk z5)JI>$i?h?OJxqnJN;E#H8KANRaR-E>x_ykk32IrZu;kSBjhT2STs&td< zvd6zY)6lp-=WJQN-9jrsK1sr39KAg=E8xATxdMI{E9^zYaQFj`a2#X{kbgIC70Nv< z4ZsDYgE)r*V`WhMU)2d!eRBxmej3n_qvKc0kE6syB{V=s@TQXUZXuK~E_0EW)vJ^J z^CBTZTeW(R$Hb0i)`k3Q7RYjv5Y%|jLUP8qY}mH3c`eWK@(y_teDx*E!?D7`X~9zs|2 zky`_Wb;qbN=Ts=v{PLyYH@#~KZnbAY`TqkT_5}?|fag^G$eua!|K9#lDgVpf-bVhv zmB-5Wh?;U@zK^1qIA7GbSV~eWOt~Ph&5^Y#)@xab>!OaRdiN5> zqu|!-e^%lDZ;bjnPY#&N|2y4c{jV2$oBCh3@~nsdJ50C(IlvlG)+h#ib@uJnYZ*3P zY`iKvcm1u4tygxqKKAaq&)EDjjM{axG{esIuq5NoCbI$q&#%aejNEm$Vd&q$vmpP+ z0i?@V>>6+m|L-1@^1tqP_c#3iR-UE#zd?u-gAm5EaSq=%UoXf0rw;x;%RG7Krho#) zn?@Md+-bnZ35!WAb0qgGUO3uqU;P@es;9aV%`jqp9JT2f56M{?MHeLCM4QNq@2Y^A z)_kg^{1LL91?j)}Y_0Tv|DfdmvESX)f4-e(Rr+7$^RQUv%tWI7^MIce6hq>uD?rzs8YmX#cM1C{%1-xTLNPh6qL^gI@nt*H{t8dwu5y+bu6c%ZqT<1(8<*_xL5b<(}o_zq*xQ^fS-?-#sYl|N95sjr?~T z&(iW==3bN+;KWoLz|U03Eh@=aXopVi_qS-*5DZdBx>Q7@Qo=N}&`FtKA$3;c*pmZR z5FVdqeH7yo7L(DQE-gepEyN+%@hw%(mbo(8q4e|g-aO7{B~=I*$pkX5U-!16LkrrU ztPg``1KBrvlZwAj5e-UWXvM~65~>GdxnVV|-k82{?)4;Qcc7rumj7%IbZ`FKT#vcW z=YnMiNm%%ya-6~sxuJ@UW{$Sut`G59kpCxya{~F+7LWku*?$hZM@9aBw0F4S|F`k1 zYX3PS{M;afclQr~d=_zfZr%=r-jU|oj%2o(NRbtOm0`mF@ZV6drnsg6$|WLsQ_ziWw?1^SG&JhAyNAx` zsT40WpLzbDFS;)Z{C|J%VE=*h|FsHM>zQiRv*G{K`2P?3IBdj#+ZF>@M9#@T0b!ZT zjIGX6{x;7 zcUv_orvjavy*2wQ+W)`;HS8wiC>i0dF|$5FC+bf$AXuiHAVK4RpsSZcsXKdH2uT@T z=nVTO14;OgG^S!i!edA%nNJ2|7U6it<;gm5NDT`0hn6@-2@6jaxQ%F|*(p}n;-|7E zjCeWY5@eZ`;*=>>^EARjD8XWaphm&+JxM%7U%vdm#R%^m9<9_< zX+`ojjYqLg^X`yb%+ncgjAgN251F`r@`GSL^e|jwc?rMO%T{Z|gnU(l)>tvLKv|p1 zH*GJ@y4&J9D9s?tT)dPlknc=@^bCF0>29WOp&!pWI?I`Q?vA^DGHTu3%cj7I5~rob zs$XJLj=)_n7UMQo*PZmes&nJZ-8@D#PCvEO?=5??se@}`kJF%)*swo%!Gm%h!(C-q zoXdp=r_Cn9n*qWUiXd5Jv(8UlKku7$FQM1<>=i75zdUoa=I2uuOY$jq1D^X~#p6;O zrbcG)+ciS3U;l@HnPsS{|91~c`hWMK+kYR(v(f(-*4bMf{1?$%E4xOHT&K4CAXIYQFRV$+l%F&F`_-ZwVwzX& z!$$GnDE=G8f1~(MdDg4{CnBkEADb8dw|`jl|L*MVz1ZmgxAELh|F1b-v|q<^pn31^ zb+=C>w)TTF7G9X6ta;m75>!2Ucd!a?+v(2HB|Uad62TeGXJigsHTPD+={1eWkc7v& zfH#;N&dI-0C@?OW+Nf*QjEDe71|Z20XAEj+K0!E&*v*;k=Z*W!@9@KjLcLi|!ZZ$X zEH!tHS=>?`p}(P!3g{?<$Q!W}T4E{vA%9**9dI$jNKU z-HU{?KS>}-=-y}{+x;1`oA?Iv@Z{`m)<_*!AxSKMgAq?7Ovmci5fkz~kvEKAW$US4 zzCAn5zc_pQI(xy>_(c3FhzWUng3bsZQz>luRjsSrGV!n%un%tW1;PT|kSNl1Qh6GY zWAyA?b$b#|oow&Iw&VN{3VVi=Zwi8X+*T9Zuj_`_V1tftXKXk1pb+4 zp8x;B(P2^k+dtamf4G(Be#(D$=Kue70{`yHQS@Gmh_@9u*l0`(57g4e+yFn%mGSYh zk@eI6av0gX`0q}!{?C5*MQ3yWe=E<1{+H=g5V z?7w*E`QO*TSl2Vb+0UxFTX zM1TyEc4aYvEwqv+u087n(JmH?}I=5dBZ`yO5>+)KszD<>~pGlMioluYNsyZC?cuC9yPxhw`3>SvRW+ zXIU?`I;aRced>3lO9gqe z{%`;2=%M@nZREe{^51VWk!~XaZY02s1h|m^Hxi(c01c1c$bcIeaP7~+Vv5i2YD$N5 z~uz*aYvvh=y0-ykVEL>mApSH z@g!j5F^lyK8Ub#b4Qf~R*Z^QoPmYn~DKY3^k5_DP8p#os3Keun0`9YGf`$fX!s5A- zOivG9-u~HvEm-rR2~3ucbs>i*KIj!6W(Tl>0J*b<6KdpEh#^V^xtn9RzH9CE96KML z?AX10apX>2x8l^T%H=Yyj=K^k8=-KmU<%PmYBFgLHm4vL*3B>*sy3p%0 z#)+MX4FX!GvxJ3(rV$kq{-OQr>UCp9z1$zgC3l7M^8@NoB`>qGD@nE}6cB(sWi~gE zx~X0_mT^u2bY7pa4&qiv#JTDhhM@6~6CrAj@W@SgD?O|5|GEXk=J|i`?HB96A08d- zZTSCfJokhDPY=0z=wiTK7PE5jXOT%$SJ7c1X5v zmayvG|J}0`Ye(fIiD-buG3ss=3-^ze-1~Dbq4O%hS_ckr4}xBv=A4D{UP!Z(XRnrK zdJT*CvL2o$EYu5F$V^$M#mr=nbBA3ht#|F7W~L;~GHus@aEWS6550IA=*81w`%`HY7GY}s>w7Z861;OWS~u!+o=aWrk5SHDJs(vR-bF+j z!8-3WnmsMlYMC!vMu47^?77fy#;U)3*u~t-proPB>mWw$67W(^){$w;pjb>v3 zh#{Nd(;0)rQvp^oKrEEJ*v4T<6_3G{i=|e@NDl8k+%0{ldV8g$0R^l2<7qtW^NJbe zQoh6TJ&l)G7>y+Xj-V!8cke~J)9$pp3vPGz>a`}9KVU)LDzZ~Go_A~wb#3*rAT6L% za}c5aNK50cf4xv=I{x>IPiT?RmY!1fN;?amlZfGv@VC_*zqC#I7NNyWvsde4l(XSl zgn`cPX%W$3;kBxkDIVz>)}<+h*|vftopTU^+?c0HTBqAF88bewf<(UOchF=tvhX$* z62}3V&Ej%|ftn`udET4>m*RnS$wa*gdf2`A^kxqB6(*hEw~Y0Vt%v7 z`wA1(ce_7Q5`})Hj^eaTX_tZe&Xo(9GnX1&FAcW2VtdWTn8uZ7UVqRE;fr}^eO7PF z<4z=I={Pr}Z+>pcNW21%)2eU4k8waF@(KbAlt#0jP(1}-z~x_mSw^HjQ-4(xX9dd@ znS3=+uE-<<#r!cHk_Zx8tj>g7Do9{MZT$YPFTO*AEW1j729@y60JCZUHa}5@C;Cb13*_k@TJQKsBb(H4R zOF~r@XMD)!*9!1qtImH8$8LqQtaJLmV`*GoTfK4$r!*-nEbLe{I@6JD#!J2mVgsW; zT!n$Jauod{50;S@-?5M!ql3NtZm-MnxPTsY3Lu5C5g@bmb+6`?ZCc2DyyoggwW}D} zL6)lWHUCO^{=~iN4;ehUk`NxEg|V=PLUYspBjrN=PUYwyx=DF%w^D0t>6&7-s&Fk` zIqa_LhSjbQ_E@vCef?+Q`~O5Ftp$C+=lOpfbV~kT-OkbG{{J?fwfTR|DcSYqONG~W zZHKXSIsvp2k=%=meB&Yx#&6Z~1Li{_t+ajo%1SeZV%Yyo`^0?I{)xKp?fRE``sJE% zPDA4HQ9;JngrBl;f;mBr?@_niJ#2ScokkTTU%upgbkWCWI%nv!Kel{XyzmYABuNah z_Vzo=Kr%@hx(cn30liY9zPDbzz-&G~O9g?Kw&h|$OVgY|Hk@J&^uLY|@I3mz-`y|J z|D%Kb4gJ5B=Pv2L_4@tB*}#2p5r)-RcL9SsuEHB<;k$j7q5q3!1)LZE`Qo7H|GRg1 zxXJ&2E6**`|2wL+`&HsWHsx$LJ&L`o!dHnmZHT1O$yCs2nlrozzd2jHM^P$nHECo z!)FXmZ_hMz?$3Fgv9kSAD?~nNPldNL3$Bpg)f)CLVmSN(M>r0$1`^upCzp9g}#sEHvo(44J;9b7zc*aPqJA^mYmxZ1SNxeLlC9jEA(VN8d zL;h7~7E1C&jrS}hXN*hd0~ebYb@$MIKjrE+$veVGF!byG4cNH`OZbkoN^U!=EW?Vc z@F5a27vkVxzj7T!aUt^Im8-^5){dl{BxG(ZQ*PzHd}%CZ5?faOE0lPg`OMA#QLO*C zckp6U|NnNL~uHxzqj(NoBqEucp*qMF#j$xfyxw! zyG7Pu8gI-B(+v179pLe@f_jpZcM%f7h~!0g8HsW&6~Y(y>@DRBMkvd*UG2@ij*Qjz zxgxrH&Uykm0$d0!!BycLEYU&HnbAETx!|vVQQbgj#A3!x2A9lrxwaB+k0AtDTxXHl z_V1dC)U$f4h~ZLjJ4i+>r|HeI~wE2Jj5)fTzcq^o16ao(jbkW_WL8bHc+RCqpdB2WE0m zzvF z6Y{T-X57rv<`$oqio8F2L9z_$#gyQ!)>lJu5>oj9FM5mJpbp9XHd!pJ|C@AUYt;Yu zI{QWafB(hai;ez&8_%8U|MU5@K{u=auj%&YwwQhGQd5gdI<=S1=#`t5TX^M+fcO|! zZkE`6zxmbXS?{wb{|~Vk^%>^j0wTaX{@>jz+5Zo^8~gvQJZt3tMa9AMHYl2J%oirX z$!m*KVoJ2=TBv%4xz*CdT;SS;gyeTg*l&XkW(!s+Lu}S->Uvd54i9#{Y6=S*x#1x` zOY?uRi^Gt`V%OASZN)56n**9GQ%z4Is3HWIjfQDufNcC8{*~LKSivM8Uyw3JQ>@4-q>lM*qpsn zBN6WU@UG!mf&QCccU?C6Z2$9W;oSJI?opBccMdxn`hOeGI_du%ka&xsw#ZP1gEmQF zjr==xiEEy=Zpi5@a#|n`-wr{2V9y%pf9dQMt%CFEf2TnIJ4bt)`v14`JYM=gVq>x) z{&!0J)fQ|h|Gj?JK>x2^is`cd|Efd(i~0ZeJDnGs{9m{7JYM>L^-^re|DBTmtCwO! z{qOm+2Ko;fJZEu$`SSl>k^UcS=>P3JkC*-fT5dSNopJ!!gAEV3$Ilw*f5O7q3cwQf zpZ&c}{-0ZU9xwe@Xt^Q(cS`=%7Hp{hy?)j}|8E$-iWm;3@_@PYf3GP2gGp#Z|8L=W zy!79q<%S8|EfaA2u;B#v@L81plTQiblJKI#)U2`~^XUJJ{ezPIf0O_7b{>!ZZ~F=F zt9&?j(6;@VUy-+!UzoEzz%)XQQ=pzmkgVS+4PQx~5_B^n@k|I_K`O;Yb^1P^hgG_u z<|a6624B6-N$%{do>jEi9YTMyK4b+vM)}{CPdhq|Vdqvl$D?hcQm*0&z_#H`vVcX$=)>umEmrR(_n+5W_H9+R#e#!xWe=jde1EMb z#T7563^mA6-tOhYFxE`}E7L;Hq5u1x7yCu||6p(9|9>mbhW^i?|F@s5x_G=7rMqip zC#z?w&X|$?*H_A8TPBQOE17MbUC1Tq_Om_b_*@O1Qq00UE0=Sf_7z#27lZ_oSN+Oe zPxkNHpx6f0kn{=WgnwXHBvyLmG1|Sxe3z&3u1ROGo3C_{uSv5jRl{P;@hoW8kdk__ z?z3|;HyQP;ju%fuUAMQHb;&l0`r~;PmH$SVha@H?AMaVu9Qp5PuT!l5vA_3XQ~&8! z9(A6dI>sf?@hcS4K%&NFr-5?pQggOewY;^o%{V8MO*j6gg1q@eg{1M&!Ls9kd3vef zR$`_0N|=x>8ViY|sHy)-lOe|;DSzGyNkk-R=_1XIV+1cn z8U%!dBy6HS88A*-@EUS{P!>BO&r*$J%Q)TIUR%%(9IG@SkWoF)xEF# z8@q}vC0NJa2M9qeuY&Ndt5aW^^LNR~kP68s`Ys}O3!-z(COD~2BI+PW`10c`CFa%UcuMJUq}8F9@zX30m; zN60+VM9-kxXMg0nLm!`MI`!<2T$k`Zv_~2~p+vw(rd#!Ve3lB5YnjhcI&EI7t@sZ# z4rx66steB|a!v;7W4l%}pxi>Jj21Ou5^4WW5=hwL%6g7#V~E8CU#NiOZSvwGpc*-M zue*IBu?6~!g%<`hHMzNaxGncgIK8G38ImxoS2bcnz9;gA@vHpHw`ZsM7iVu@XD>3| zs5R15Y4Fe9r9z&24D}hgw#UMv>8LEPnySd zi`zs3;_u_RW5Xa(iq?i$Y={eQ31?H2U^?u+gw{^M4jCq|hc zO0*r37;Q(4U8MG zNfZJyb`;rdO2#bG`i5+oUvJ0ukL+u^&-T$iqRPGbF zaLoF%HlM1$JPu7hQ6V*#)_vw6+9v;UpTN{|kZ|&^lyVZH#<~61>G^AcFeeBKkH*6` zIs=Ig8G?)Ch@gORPDH{$c~DJIpkz5?jJdR-Py53`D}dC?-P?CeU`m$$)+$ zA-bV*g#Kfvjg$t3SPU%{NGKs3MKmVut@i7S%L~ak*?NLb*?7!i^xNqL3Mm&`?ID%B z@Lvu7R=fXiz6<}gFGj;%^&k7ExQ=(Tj`}!I5)XJSZ#{2|n`G;GyN|E7p10*V*?Rsz zTTjq$m{XPt^!D`|vDHpE`;!E6t4%|KclCFi{kio7siU(C6j*Hi^85QY=NDTe99->g z1$1|-=)ds1Er$Ln6?CvoS~^X(A*ic#JYp64_GLMj*MNQH1&g;V>kj zA}1h^sB_ic+IsQ?eLT~Y1Q~e_bvl2b7TW9Vby}Slt?qYQPo6wMC#v;UOaCwW=nZ!g z;zSbu$F{C^wYxi{a+LN#vh)t#uH=O5jxpq&6EK}!@6=)4%MQWt#36};i3YgV zL?uIDLP4n@90(`*lrTY1kP6Ah#%;t~JY#tAy9BW<4%BZ+#3m#}{fQ^QZMD!j8MAAG zdLHbyQ1@;S5gez9Qpk0%RS&LXtG~^@aR61#%}rcSlE!F&uNg;dfc{K{M5)j+CIJ~V zq#W!*ux`G%s$|->+dsoA(13B&<5%RA#gelqBHYx~?=|85MKB_vQVPu9XPkYS^qP8B z{EEDhLD)lQsTiqWkaI(Yjx*wgu3ichuyMj-5=#NRg~sUopKq)ivZw?Nqu$lNPzny= z6~iDo!qN^S(AB)O0cjTz*CNrfvCNanJXPo4&Uih^hx4zBh14bEm{BS9p<-psgi@_eEbo z(L*do*ZT5M9VGx!sg@L|K@YUOo;t$jsJFGK1Wn+0@HCKO8Zj`)V#gL^IVv zujH%PLjy{p&`uo36QqlBgarpx#5l?<8R+y}Xw;_CIAjU~c*4mwtYyBvfQe^47#gQ* z2c+B*2!Cn;#|d#?XyH#XyL;Ky9b%~zG}KefoH77BIU*C#lido@_OB4lCOyZ)@pLz{II= z0n~$|)C;hb5%J4Z(I8vyOwdpIbCfv{Au~~+NqU_`5jK&KfDWiyK%p1Z9#0&xc<7yXjo@Pv z%QjN-m|Y16ot%*I>ik+m1qR?tBQLjLGduSK+Jj$#8&e?T^#$DY!`>Ch; z?D;nE9#DQ9a3(ZmGhDKb-VWxioGX?MfBwk0TB4ppY_khZGiM(K^m%ek)h07bQWFw@ zy};s5uAMv8{R#S~bNa4CR=-wc0cX8hh`kc#dgcB+1YQDjmFfeeoFO$5+I1TVPU~jm z?ELmD-vOp>D4YkFzD4e3r}che{bK08;8e@UW6VN2m>{#5XxAr%l3In+r+ZCgnfHXH z9Qg;pG&a4pQ6)kZDuxwsDqkL}j8^$_P+teL=HQaYEpG#fU!9`86m2<9 zB3OHWRJ|(a`ddxu*H07G`iT0S)xNL-7eNrnhqz4gp zJstOzc@r1b-yVaT5!lA`I#QwaX0uxEZ1s?pU}=nc#*$}*bI&D3R~gfNnKcGkJ4rcM z;2e>0Fj1fjV|)b~Rlu)~QxDc}&1YwCtvSz003>d#r+J(}Vl)g!X6qcjf zezJM#*(gM1d4*6%()@`Sy)prORa)9 zURSko=ey2#ooRFvgOdb0eS3i}0vro%XR#q^mbohGm8Yfu#rk?f!0naf&2V;-#sR&i zpbFC7EU^MuzO{>kWdOo%EW6QwSs08U7)7X;^Wp5-m0SsuHr%VcQ^Jf^^ndkusOFFA zV{JO9x&LE zzw3578nEwPe0MaX2RtUfTocY|NTyE2oI-u;r4B_*0wM(F6Kne`-$OkUZjfKke@5Fq zb?lCJcfAm3e{68O&J53muVAOVPut=;=DNM_lS)8e83d>P!y$TtOohud>KY|86Io~Y zUcfkMg|X-zTa88Il>Hqiw52ad)E8zA+^^6ga92z%YvG#GnR*uysebk_$h^&Ea8MNG zH5FPr&M$MefWo`-LE8nDnhu=L-;SGYPFns>1WF^;*GRb)13c^#wU9!l!Iff^mOH|g&e?AumPm=g z@-CSjbSk;}dp?!H=fs&wKl3yq-&+KHPorN25&t03SnoUl>C{Mfk=I5iN^;{wq>*f* z8-gOnuJlcD6oK(n%U|)tMB5;9)8HLV4>LHHBdsUL`Yv5T&ti3c@o<>wtL|39Wi6@V zRnwLM6gZL7;3}E6Q;DrO=XCcmLJh#4Q_2&sKU5gm|V5@^|6cMabNW7_)wpv7cBGZPd} z63(y|fAv*f6gig{BXZ@T3t3FGJtCsl&W>XwW2HZ%A(4n_1{7*}9i!ezL1>V>XYTbf z;1G+WiE1d^eUR78EJF{B@)MTkZtb!@w0RI5LP!V~2rP|2G=38#Se-UMwn5Xz8Gb)86R@#AO2T26|Wfl)v%SKsj)XykMr_t)jZcM&q(a+WyS>JI4=2VkC#q>_5@8@pAb$Ik0vx)*#)9LHk@dmwpaCyt zu<3xAr}v(PL%lLm*`Tzd%{=@m( zAAbGt_WgQXfam4^-P`LF{r~rlHub-6<#~d@J&*QNAe29)G$av?i2#q?e<*!WtAg+e zabCUJNp-8+Mn5usrQc<#I+`dX*Cb*IP$@}-)K{?D;-gyqkd70N4__OPV1?)UHbP5d z@a>yeq@19$b0n#Z2$)qhjUWU13H3f!CIE;GM+g8I)0iqSm0S`jF0Upb0!|Zc zE;Y^{_A^*F&!aJScdAK~zS(hxL+@iP5o*V~u#NtYp^J(!TO+qebwHOlk-ln`V57`Z zwX>-Vn0u?BfeTw$#VOy=7~F)F$e=$tJJ&Xp1RDt~0#6^bttCA5S8rz%4Svf{1^svE zzpgQ6)BmFvhn>S>{Kx+OhW_8m^8{5A&#kSuT2a$SwMb!+rm$6k7*!Dnh1NSwxHgX> zOI-(^YnM{t>3|3+n&_jEar8iH9HT?2fp&7VThU8DRs={>2B4=$P_`SgAa^?m%AwrN z(ZyX(0>(oc4=`DRO=#Lwc08-d#|nRu+Iv*-Zl}Gqbzyj75d)Uqd&6CUSA;}j8VQ8^ER`My zYnHZFdxx~Qwl3c@NsirZ1DEIqgOz-7Q_3l@!ERQU1H{gz>cO)LmU4T7`Oe=gNWyE|G?(CO9k=g2IE zAwF7O%uVhIEW*}Ppw){h#|>b( z>=Pj`6OIE(10r^HO!TF7aJ~%5fX2YK#7^Nf>&2RXmi2e@DVo1i;M}V-NF$RsQTvO> zVnawHoo!OS6odL;cdxV8 z-R&IgcK0hpg4T6wuhrSLj*oVA0qrc)sJOh)_cr=6i-ZN~_y94Eln74=&#l~nS-C@h z~ICF2{$sL%=yD%{d(OfsJ}kzjBM z0r7hk;q%$)G&!E&kkWWq%|&pML=)5+II*7N8zaT10=S7(dd32p-|jWcy0dHi;j6xB z1w7oXq?4CbyljHU(ZhiFzQgKs?RyTX78UM2kePgPzdU{J~Qs<)wN1fLL@qLH&wyE<9klr43UJ1zCrOwNPdKc7rd1&WS z=RHH6_jA;FzaDiyaMbzmcB%9IAkK#mjyNw5@vWcG^(<~R(svEg@8ytwuO8CxJETAO z){x#;W1y3^kOuHEsm?mL5YogC72 zY9ZbJONVrOl}OhqBON4|-{6^tXM1aqjPne_Y|D54mVReF+JOe?)$$S0nVoytZe4(L zo*@lyK1sr39JzpjR7VU<`CLb&6hbZ|BCRvE@1<`7EFipBr!0iOugIk6s_$V^Wy(G_ z@bJ|dm0`$1s@=v-wi+GyeqDWJY(RW=#|L&__`c|*uWvX+9q9aH_d;*cOSMI>b@-yf zXV>>2jkSs0#GpaAlnK1lZlN@GR_T}RPwh{+fTkwIv6wR>S*4!`|&Q=G_-j$44yVowk`@C zvX)_WS8Ox5Zi`hL^x+Qe@_sk++JyE|1y22<%1pQ^8Q}PR-VYy7~G1Ffg-hC z!FTjlzt<5!$LPA-hRW|YNb|3EUNQJFPCn|0oe{MEoo(#~HxK?(TdMtSiXUz!Md zd-EybL_iUdO>~)TFj!8tr^JHmP^i8jZ&(j9;0sbQ{yhSrqkgaOILi znD28Rl`z9P?kifzVgmQrr#=nUzJ4E1;kuUo+vR$O^Ynve=5JlCktvt7Aav}4OX4M5 z*ggre{#tTGv@1=^l#07+L_$|){lruifSTmwacKnza&sxzeJ0~h~0SM zWeeT3{~wm3F{Gms4Dr-1r`M&4Z?dH3nLrQ`~74o6a=rz&qtBTC2zqHf9 z=dI7Er5$8c#6No8!(-Rex~ z=yR`8_F`}J9At$&7N3zz6EQUz!e`WLOv`oA=;=w%PLB5(ood=^-7g@NE|=P}oJD?W z>eJJ6(e%>LX`fh|3GuVZzc&jkmwEF8vsuG*7Q)Zy#3kjN4l1PUv_D_H6!~BC0F+bh z+p6GdwBJWWhr(x?!^d)qb*1?Ca`{*v>$$*sQf|s4SRqIN0>Scd2206}JRCA3>L41M zRMpSjVKRd2^iC!>iG~mhk&g8NgcIY!6#d}e*|h{rijT}U8k|siQxm1Unv+(jDi6!6 zs+0nsk(7kcfORZqo&g37G1h*@s?R3*R1u8& z$xS|^w>nFE=|`Je)2j*LW$My&NX1{pTVVvgvDhmg@xE`RM>sEJ_7}i78Zk=bB>l(c(ptic!MZr^+L4 zKH3e*b*ti}+e$>c#m;ux$ObADe?mPM&(t$z1E6Tyfbp^OX}hsGAk55+fEHxAeOyGl zsYNic$r0DcMytwW__Wh-6r2@A@ZE|_H4&z+bP)JEMTOTq{`T`g9_DHN^_V}hvloD*J90;DL{SIb6XRJuX28Cj=kQK zG;>g`#l0(ra%hGrlscmYv4Y006iXNXQ6b0)Ymn4k7}3?sCkEOw4n~w*YuDT+gsb_6 zMl*~HICDZ`&XVhyX5$cHlwitT8Xt>-i4r70kB!kkPV%N#NF*9*wVi=z?}c~7M9;TR zTnZt8+=j~J>TgX6m64`=lEjj{)7#=U*JQJPV}g6KO$X`KMvJ<)UV<;MfBeq)RqKSa zG&b}5XUuM5^j3&eCqQ_D&ePcDDz#~wfAWh-Z9#&8pBNiPq>$CxoMn*VNiOlTZEcFd z3|)!5og+iZNfv9&mw}S=vEhq^K+uClV4ml?{ ztQ0X#{s=ww+nOU?&6i+55bb{TqB-=IX z)3WII1c%|J1x80X?`&29$C2PV(d!fDh6Z(#a@E6aR^0?S^T?R zD0gaK`A4u&zyzJxR>(Fp(Jxi^EY>XFY43Ob)-;EXS68=7n9a2bAsHkNP4+vNOM}Le zfOkO_iq^~WVwmmD(Y~IK!~=pQ9Q`aW+89R=nH<`k&N3f*H4?q506=p7VK7izUR{1s zeG&E#y(A}o#twDf$EnnRWGBSGy>s^la3SgD&Wy!bTaiH()~1OpmDh)#FWTrWy!Nw^ znS3Rt;Gs$OYrOwwwORU2ro0Y zJ@IZXkZ)DTZ?ka{kxz*6V5G>6m)S&z$Aght_bN%ERaYB9rTG&L$v9zB4FEZ794$zB zY;ECoi%q;g8w>zdSSl5(jWzeuB@V_&0eL0bkR#`$oYxRC1n8>fIKK+EG!F3oOikAl z!AMgT!ao7S|p1(cj_J`!gw09V~c6rksa`i%r_ST-smY$s}=ASE? zBlxah$A_OUih0d#+Hp8=5yPRm>djzjZ|%3yZ+YZ?Hxs$@yO}rlHQiaJ91Spy)b@>8 zNNjd>ZLl%S2X@@#j<9(Z{V=vymL8m*WcX-CR%cbqhqfUcF`Z9Y0~2PrKYe7i{7k4tG`pEVrgWFc zzGhdN)Ox&5Y;C>uZz+6Yr_lN1pG3kv(XK*PtDRL^u`0jZ(Yb9sawQ28ECL%Df`Dl) z+8d%N9ohiONFpFg(+L_j^`Dg;b5vEGJpX*>h{HA21jlKZ9wP^)SBsekSsLR^z}CiX zweUP8hMoOP$5h%y|A7S9%5si`ILoEdSG0!+jg11U9ira1C0`yErT*dQ6w zBY;HbnS#v+ZIpqa7M+SKNXwDR8$yR(p+7HW>~*d6HS#wQ%aqirMhkD3p;zmGErM# z!ahXP%f#f>Y1G9R^OrToM>9rL3Iv&iO_hX+OB^-8-13Tw9c}||RBM=uwt06&yM=oq zA1CyEVllwKzyoGtK(EkTA-B#vQy6v?G|QdDTt0$bCEm7%DGiC(9cmud5)yO8E63pz z6ZPIIgyv|x&DQ8{f%78905EHEvR19z0MDo|E=>+lEvV5780bRCY{9su(-M`u!r7QQLg6m+r^A&| zn?#g9%kDdf6Hya^O)I;IWWuM;;PT`N`ftM39B*QUOIuqPkg2+u^iBJU zK^+sV#TE5%pq|smb7|+XD2Du&a3e$Su3XOcXBer#-8zI(B`IROPhOPH_} zy;dvala~6a)e1>J9U5diC&oPoK67im?bgn?jS}?yc?CevpZg9KRrsX3eEz(0MV>#m z2vy!%y^q@91(#eF;f}Yqz6VuW?{~t9NXIsDjma@5e0LDPu&rM@)rhva@-9%p)37iQ zb^#q}Y}5pg=opAiF$H~c{Bd#xeM#t*umz*qnbP#NQ--d)O5%Y0#-eoW%r?7zEtILJ z-;}M9n8rO6M3|0^QQ>$CisX2>tp0S_?qU4odiU>cd})SPkbaL^33~QdLnI_<9RJlw z3Ll*l7)lpCaY4Ag@h}k; zS)CHK&x9K-zKzc8+7AdvA3Zbn`41i>&BA=k>$7xk`IwpF(w?d{)3^55gww$Uo&ART>hKbq)+uaPZd)O7T@^Ous7r3I z4QR=A;O(}>Hh{_Qd8rGxktgon$=<8j7%CStrNf4dIbLZvh0B#Jc*)kWvg$|moD1Na zZ!4prOowU$Ufrzx3@ii4DuNh*)q=vMnA|b2xbkU|*>DOV0>3?jyu>m!7cCYY)ORP>m_~{x&t9kbN4g~^ z2|<4f7Nb`3>eEJy0it^#`30^RuX$Fph3aSJD0vafK+PX-c- zS`lHcRhrtitCw8K%S4Q3Fs_^z23%s{D}sc(KR3H?Ndz0r=xeNY&Z*zm*}42+;=UZ# zRM%++Yd~KY7YF9YVgi;@*D*GMbu>VD43$Ea@-G?3Lw9)wMWl^76A%tn!p*hun1w{N zwNb|?8BL4(BOJP(%pj^Kp+ykrZ3_L=k`@FiR?PW$3qgOn_?#KxG{Qo>$76DghRGiM zqCtG8AUsAN8|MUvzjG?dFL6K`f50cs3t#u;9B0j+uJ>bf*!hWOu@siX*`P$XoYi{- zb5%XK^#Bba2T{*o()QL?nXVcue&A{_SX4UsZ?$PasUkAO!6b)+&jdRAt!YXx_?{dZ zk$ILi(3-G8T|N14tEDQzoW;alv4P(V=B6-F<{o?U-?|i>CRzF4%Ko;?8XC;@pvFA}DQBal>C!(qa}m zKW8Phc{u6+q%g%8;aee7%&pxg5*I?b{>@@?tn_Hvx*)0qSN>NM94j&lC6^1u z39VXEnRM5jaJ5i&r45$oXug&%H>hzV;pCdKQ~*adOyul0jhsqxwqeOts-_Mjo~3Fk zIGppBwqWXG0vA0l$vj+OxvLPb@P|wPTw%OydM}$fC$6RoYs9A1lR;VlMW!JTSZDvq zJCfP@pV)I%_+am4Vul0-qX`IcPzcLYZlU(IbzgF^KEe)f&HCU>{z;Np&}-cjRf}x& zG2jeYpb)`==0a%A_69h?eHu|oNmj%VD1l9msw5R`g#pV86jm55N*m?u0nwdJN-ldz zmCGIk%iHZTT)CxX8(rVdnWUT}O#&;Ci-A(#hYak`H&l$W;15p$*MyCwTDg}rxFS;I zLSU6p^igflO147^j&Qq&-|gvJjOji4u{lW^MY~5Yjt+OMLkk^_S`oP>5weDVHRn^k z^YG0RQ|>#=r9aPde?Xume6c?}+^)T~)k5!CNLto>+5{(^7Wfagj054Z(tZWWWuoQ; z91=9+&E@cRSII5_Jk(k)iHw_+JpfsMTP=Hg2V-RwzpQo*#(i^z*y7p=2m67A+A+X* zPUuU~kOY_;A|RY=9=K6}fzk%b!8y$C3=LgU9BqsfQHb*>x|u>nr?LxM9_K#h&HmPf z4FIowk7G>JrF)#L0?m#=j(-~E#OM?Gdt|G**h22Q>b^6>(AeKQPsC(8JvT}dM<%bz--UrBIBAwl+2C4L zu{dDb7#?iw{cH_?Ko2XHjw5j0s$5~$KFX*RDnsN$-pU-IxB?h^*H%5R2>Q)tC4|;G ze69dc2MM^!U*L5<#q3I=WeW-j%s)5+pNT8?pu9;wPmz20&9|=~j=(kxx{>1%+wSeP z+I#lPcD=pdZr69My=MKT-QKJ3^bWdk2OUCdx4Rv--#bbIk8Lv{JT15IdA-kH*j6W# zlx=^)7A1`I{Kg3xdV!C&c{$kjV zEbSKd?-F~NBhY$>D*%kttsQ|=q5i1kZGqyVRe%~9QZ8??gOmMNWZPT;o})N5#w8%ft3S>LjoH__8ety^d$hKx#{)HCA}-s2z%0 zy~Gw2+BQWjW+;(XomvE0pMZb0+6RJgzID`Uws#NzB^Q%isQluE`NBt&AT)|)10F6dN{gsv4 z5lHnI@n+t8327!$7Oj#~7x`QkFp|uu3HeBG!EiRs+)}fjt{~^F{n$bL=D2d=KSIx| zFEj?^nE1cDd(Cz_{%`Z3ZQ?(!;>x9<;mh2yisN6Y=)v|dOLA63@ox)a@GdZ}SUT;k zaN&!!1af1`7H{V$^-(^P$6C-KQG~`t*)DF?5~V&K!Gkh=`{hxiK)I}ko^VPjx1Ae_ zldqY5D6oZ^o`p-0a+iqcYeFrd^tQ-4DY6<6x*yHCHXG=rrg#d4Z-fl{DDJpKS+gtl zq+BIM(h5>D(yqnlU?iYIeW97vsYy_@t~~xyJQUaM#_cw8HJZpeRO5m_+uPo1=vt~o zxX5^;8f%4)rn15^~ z_*4`&dg?a1u8ZlSkibU0z9ok>iw;S`DfJpsOafLEMbV;!G3|gcC$_ME=OHP93744} z=(gmXq<&^QliJiNQ{0H(GSmyicldBYiWE2MRI0Cq17)JAD&jm)dTy;-#X^$5 znDBy$UN78kkuwY<7bjxzH`W>a=i~n#b`aZ6P`hl4|2O{4h&w|bBk_N$)!aYWN#g%@ z^I-45;Qv)z_Z0xDoep-rz-QGX@Lg<(@0CujDw$P5_4K@R_VvrBHy7{Ud^@k!!pCA0 z&7a4EF@9*rR9O6#_yM1a_#M6#mqR~(<~czhyB}=++{;N+KL4zWrDZE#c&GsIqb92q zx`}5i73QxNz&LSi=iUw*;a&QH;veA8_8RR*OBJG)pIu&cabZQ>Y!&nKZ8n;t^Yx&M zoOG7*oSLt3*(}dfccC)cXQceNHe0@Zqq zOX~Hi_L}sztR6{Xy!ieA+c|f!McfnO5Gu^{`dzr$tbul`RRit4y&7n3=}Cu8a2!_$ z{FmGdGyT0-rV0^N)w73MwzA1;{d%7mOb?UP4BdL7_$(N1DuanlF(r4@G~J1bqdF2K zb{xq34n+=uc83K*%i0T^j&PLm;n3?aWD(b9_u(S>%d5+3;9j}p#=Wf8^aLHq*sK3s zR)0<3ysXwDwU~Gz`gK`-_`cI*KemL|=VtoDM58OYiIbj@f)fHe+?W3)1?S))=6$Wz zZ03klssO=P(HaRsvH`gf{ZRjm`A8Ub?lhA^hyA~!JKn#m>H4Hz6O+yl{T}um^j1KN zOnH!<*Rw<_VW$%R{-~(#RYf-TQyrz+cablqO*e2Hd51!8a6yRUV=t^=6^HJ)ysh?j zc6as;_xE;R?zF{I2fJ5s+2zcUGl5#r8lVe2L?rOF9OW}EvDeVL>I+__v|QzL;kJ|i zh-niB2<5)JR|9*y^1o)|Fd=#Q#?C9+pxCDzB$Bh_@J5UkU4|FA5g>w#IYqW`lvTP zL3)KmJMzwvo|me9itRJPlBFC}kHC(W7%#%U_WL$f$~*o$leAb`+Rga4>mzy%opc{b zb~DvXo`>E3h3x&Uy!*+X5f@$?=P~~Py7jdV0MsL%baeBfHaamXP0L3m){Ya)bfqD@ zJ%v6zBiI$lN|Sz-w}yD|iHNC>&nK?fF;^4sT=1Mzjpq^O_wa2JQmLD7iR+)^KSh#z z&A)2Tg{N5R8*#7j6H)z7&>PY0JxYfBJ6^tI1NpMx)z90D8fV9ElnDggC)4 z4R58ss<_$0)m%)Fn|w{j6#A%mMGue4@3ng#u~SR(VixW8@W<8`Z^~vfvBD-MJq{u| z3{i|&@|AGJzlD}B+P9T>Oi@ol`&6$`3-0cSE)h*{EY;e4WmRjcswViVsH~(hhW0Ln zF7H~%^)ri4xbEfwV=>(If$~xxDB|hpfg*iGUQIYg!r5i)FcB|?dm(t;&))}_)jICD zE^*N_S+4gdTdrTW&2nv)YqMOBU#|H=4X^tha*e3iMi(#G@_`~c>!{v>iMzNJT+gg% zF|Uauj8~UcX!-a$UfpL{)tL{oYbGeqihmL}v03iTav%0+4^a!be&Aw%?p6QgvX=eO z!Wk@P-EXxg+^4t9!fzISv+z&0@RwzSUXu(5zx?O2`hB;)_oMM5TGqifC{syi2OFya z6o-2?aCpf7YwV2%7w7Wy1bl@)0-G*z>$^YqZf^la%p)#C+G&Qt9M2SU*vP^|D3<)@ z^U^!)r18hg2^9|pe*l9&4E`98Kj3wL+zEj?;9seF;o*Brz>XJSzxjkz3VDVCPkUMS zi4PsKu$zT_^upe5O}Mb{n1$Ue>}Fvfzpx9^kQoj6rdjHXmvHdv6==?LAdqa?$6dTX zLKeo$0&gL9^uhF`7x2P;Idm{&C*fjyANSoZq?t8D7_)vvZeQ?Mwwj6iDDU;DSJ3#Z zImd)i-ltUbnq*dd+$UBAzKA7jRJg1iq?WaWemu{vZ6`C*2MG5ELSXG?)4Q#v*1P@q zH~Wlk(p7R$9|?G*6%0DK?;f*@d~;te&&*B5{gbou53r5i3_bs@;MxBoO0ww<;cd?Q zL+s|(0rO_ z8EIe_-KdhaM*)&amS}ap1p8TtD>J!O|ah`*6@cF2OBs+gGj^TxSwtIm{+&&(dOKgz{8HFK8V)NP`Ja#av>-iS5nr@54~t;Nc;el60>VOO6a5Tb*XTZZ#)e zu(b}z8|ke?j)^|a@1GBFFVoqh6<$RxFE;Rttljk;82gICKx;X32pd3(?3^h~PE_sm zbkhmpf)xw{NdTB}{+I}E2>blF?6>e1r4&KOp_rkfBUxl?zekb-5B{Zf6mB@kTB#=j+EQ zrGB)ZH$v{RG8f1or<;oVAJKJG>WZG|7~q#!^+6qA=3^q6ZFuW!ygY37n(b;W{hoCB z6|Z!At!}fKeMR$K(_YK;s4@Z0WU3<(XLBitGh?EWg`5&u9+U`K<~Z9aV41;?kBcmM z9Sy1kqfuq)5Mr537xMAoDANlaBbLk#V{&l2ltUbzK&v^OjmJ#zH6q^a4AGF#yH3Dh zA06@G-?91lUjtk_m8Hqzv2JTNtowxUY@Wd=C@rdG11`5`jBCq@FPE&)+)u&Fmnn3a z)@Qb|=X9eLnmg^eVP{6lqjBegRFm21F83@|hmdWfoP2695=b2*7z@5S4F8EbEEulX zY-V{*IEw&VUy+6Ib%K;)p=!c{RV@@?9ZV=fiHO!qh9k7Vixc2^a^{*sc(2QVg+I$8 zf)CqYL}XGH(B*1)o3o+bXQJVKB+aSO?@oh*6VS=%cbBZ+9S6YE2JkrmT;z4IYW1#x z+3`&Sv*&@?@VY;#_d7+rBe;I3mh0a6XvK!=TcEUPTeQ_vRB0YxBN4y#lPEd(#!Ftt zgZd`~)x^kJ1F-h&)s~BcYh}SxkD)G`1%<5~X<1&dELfEB)PY{8T>jhZAgz81#+$ zEVWon&R`Wg9JQLd$59~|dYJ-4?cEd_${Y*tXTcD*g|lzC)MdtwL`Hj~7Htpqkt+Iu zwzkgT!(j1cB@G_9RNo_Li*-8rL{1o5vslDQ2N;MoOPR_u|IQgT>I8<@jCGQoS)au- zT`|YqSvJ5pmuKy*k#5iNd&RELK=1cJ^+t`8{-6K+=RfP8KGjc8!Ta||!{Jf7ig{{R zC34?KRLBqKwT(v+L-ab%E2~mr(8a#&HQ9#+$_b#)=FF$q?I-gURy@(%Gj_6y1gyLZ zjD+(fEPU3%M%t@4ALxi@#l;JS=LW+rqWQuj9-BgRZ}=wD2yTSnUXK#ovc+?@*90G- zk6i2SIm@V-M)8?_VuA2Z7Arj4w^b~`sf2iFgqRUxR#vCwkkz4))p%LGDTAy&e16U% z8n3AtY$N7l zH*8dTjV)9x>^GAOdvdCm*n+>zQXK0eyI28cq2&_B?%M^6GwqS_#N@f!iS^xVhqoz* z;xlO;fgJ?CD)|78&Y6g@e?g(kdWZ^t<22hXZ;Nb8Omws=KdFGx$71Oe&4 zTX+bXoaLNnID(s`e}y^@@)>e1dgu8a3sGOTiHyab4*?1c&PL*b)cSvdsE>Qtf<6Lo zcz$<9t2_q0Y#)4}v|*7l0Zn-`gPMgDwGep6-E01e^qh%yyyeqY|^tA?Df zl^bdlFJGjo%=Ds^eKhnO=wr7ZEmln|e-wAY}zd$_M z5UGIve*}mMV{OepPJ0|TNGox-k8V>lmcD?6mc+Su>Nvfk zMOfOc-#kv!!_phirFOLYV$1179~31?m{FS!xE>vFwyyU`oo-T9OtN!P@XQ~}qZ z!)8re$M)8&#pi;$YQ&H@cRwAcdVGi#^mBILb~!q*`1eOe^&aV_5TWNNW(&Egw?cdC zFf0qXsU|-2uyrMLN9tqMB%N@Fr0)$w=r8`(y>+TP`j7T7{(DdRyQTlwY3ffjtMIn= zcgvRJLYot})%b z`|$byfNc+iW&d|L(UAb`Sp2+HEyk&D~~m zXZJ77_TFx5_b;HikQ$D;0_H>dm*(7gr7O24mm1fd4tBjDq3XGxVv`&#AZNL|VH+`v zVlQ;^7_@SP!~T&q$8NoCjg! zyvsg{hii4evERtLYv*L`K^Hl>8Ef8Z$!wDkv`i<-FTdgOh$eTljh&x;tI^czoDc+b zUE;%VrjAaBQktEVwy_&v$N%7F^l?dCRIdXi3Q(^nQ5JG@J+ouLls(w9h?@*J)~tbc zt5pN-y}cSp2LcJ3<~Xh%_%CqmAe#0jiJPAdx&%@?M-N-kWLGeT@@Yq_eHZy+)Ew@& zcEfwTqg+G|nyLwmK75hjjC67RB?`6BSyT7-;zq6yxyfWuevcndPry{!60-}Oq zs)9nYf~jC}stqrQ4;`T+20pw(F6a>o#Cj)AM+1-f6u}`7&P$X5p8(}g4Ioe}qIi=b z*A}Q?nAFm4lhB9nLw|7hKL{)?@-(E+@~j| zkI{I^ElDwdL59Jgoqm!hx}Zb3nseIbv0qL^SJSL>J|nZT}%udyA#0+n1onM5v~#0Wx(VoHf3 zQi%}@W0qJVS>!CaL}qMgv<;cwR6yELOxsXM+)zl}P(a==dOVM!nt1eb=Z>T-^+YlG z#0dI{IQe|Vb*T~f07?AKJmmU-xPS`waWT9HC_>brN6Ap!NrCdmgW9QEb7JjXgSFLt zgSFQfYby)z6=9x2hSo8NXta6Pnqu|UHvN+W>*Z~}bwlgl!WBANybVw{Ks~q22B?=7 zs6V#e`sM6cdS^VA9>vqUBCK5;_|^dNX9L7z#Nt7JupkAaMFMv|#4-(FnHo&r-veIR zw6{e0fsLXC1lPm~hKNh;4Eh5DY?cdbDEh-Q;KqQP#FNEpA>R@T5VQtzULswgTC{5b z`wR?`jiDQ>9Sb)#kFI^312Mfch{+(PxGBqwm!4%z~)Oq6KFIklsSq!nDr_#W z);3^mX<*HOw8sQ#McOTmt2GUY3?7=q(n;v5EaI|Yh-?FijMB;gp;Yo~0E8Y}!xV7@ z&jMN|@YOY-#ef#|xCAy&D>Zeh#cxEqCQa2;D?GLX-8%uUYU;by*+zl;`>?EQhl^5r zB4aNV)yvpR8EBMF-asSmR)Ioi4s3LIXrPgSMsZV?85%{vNF1$9VXzd2+yPTyp$P13 zUAkL9(<5zzL^-A{hQMUA7bGf27HSm*R9dYw=mhGjshvXk57Fq;gjkx?C`~nVc$}*I zBMX~1J_tQZDe)td}M&B0j7y3YXwZRI=h|r?6`D) zJT5hqAMynQEf)(d$3wdCR(RImaiEV}>rOv2oB`u)&44b)7G*xbSyq?{C0v=1JEJTh z>zhu`ge?S=unfL3hoPA=KU-i`(X!BEr^Rs+GU3zO?eIY+fLc0)njS<=3yzQtq&Ajt zI~zu1Y(TXM*y0N#gp3WVRuq$?AS%bm;A*4dN*2U=Nk)4~bn?kDt1!9iVHbxMchf~f z$q!XhB&!iYUvx>HtI0YW{-rno%*YTh6Nz|16`!(4uq*6+qt5xAYvlvtOeB|av0RFy z{S?G=84=N?Fs4fpEqo%jOFFuX9_u6#;3fHeD#**2FfYkKFR4&3sbDY3a4*SFEU92D zsh}^(=q$;=FIwoAbWrS^@Gs+XO=h#7%qE$u9ttKI3?>;4Mh^&+C$PM*FnNJtLdJ>r zA?58^9Cao9NCk=6efPF|^@aU!v?L@##Z(I8e-y@lQ4h8)CtyCJ;qSWoU3ZC%*x1l7 z;u;{>G%yH;Q9# zqyuN=1lNc|YlNsW9auxGz*5K47HXwb$c%KrjA+tL>DJ=%-rvi8r-dFKc)2%r4h|3O zy-akMToqiA0(ZlqydNIr^ES#mm>>6>ISF^>_K&yKobe(F^6P z?(!9PaZU4-cKIs1F$%j8N;eg*Dc;sp4;n3vUA0IhSD=t9R>zH0#ucjK@)dET)NqrB zNN<5UfY<#^EVN$t9T8Bt(|Pru%PL<=JC+wj8Z9BgpEuaG$qf@v1hx^kFRQg7vC*r` zDz+VTS$+8aYp280jKErW$QMo;sTf6tTB@95K5gDfWA4mRUrsdgeEn0A_Nh?!RH%81 z5!1=pH}K8J4*oM4P(4@KRHSOk3qv|i%@mKHd=*oUf~iowRHR(WS1si$mU7feaS^jB zrKCO`S$HVHesU`{-Vd=*Z&ReTQ4?LYmD+5IiLTmA?b&j)HATDkQTnA>OPSRI=IWL5 z%b6J#S$$HGHmOjT^q_Ak41gG;CLKbbZ(UNUgJ=b>cJD+0!CLxhyqT zU(Z_8nT6U~v{YLYi}j==xRn7y&QTKfw?c)JGS8H6{P zW-CGjLo_7xuJZ{EkFOziVAnw%Vfo8JLI?{8>v)4ZhArrXAM_|vFQx#2G#E=KEcGG& z1FxoqS1$5z2;~6DLiieW5TyzWXzCn?{Jci~pz-3TO{^NmP8lwS;`t*P}u8X%cw+_ zb?jtRB1R=*R3bUXH?7?nR3a~pO2nu{W>twqxJEl5Ssbd#oXk8`2(vJ?$LhuKXI{0XvG(ZlO+)rM)m~B5E=lkPw!w*{cmtcC ziH(??4?~{0TpGB#G}6;J=XOSM&Y7z`*R1@1lQI9vYYhM2?tXhO#s9a{-fJ5Ezg1j@ z|F5k4e?|vlX#I=|r0gn?mD2i+Q8I`QGU0}}bRIf}!7ou@y?a8Z*B%XLz(x)QDW%;mH~p#0tlAFMaVGW8HBYi zOn3|7zI)1ABg1mH7)W3gM+Pq#ykN-dfPo9ooxHAmbahV}!5C(`WPuHSd5-wSz!bwP zXJ85_B}{oNUb%UgGMlDJU)s1DjD?7zVb5!H%V33`4TE z&^Dh|t5615XU?L`S=3X9bcRRm5qZ=`@~1sEbJ|$`uK^jNi2O@|@;bjcIRn^e{;z}G zorB#p|JQD7*YJO>;u_EYl}m>e%|BD|VMVV@$cR;*ZDZkPa3{4HZ10ZQ4QAaBMbosh z0HvD23OC5H$PmfND7{a&pfx}jc!)@l0X-IR2z?E$t3D-x*i0t(8{+xz915hjYF6k| z5`zHA!?xF~f!0C026p#qpxHP)NKmnfSK2!VHPC7w*1&F)zw`1i=N4UA@EQ07_~v(VlWFrQ^l&GUfUbSZj14iLoe(D& zx~T`7I>A1&wFO@Ao>wi{5sCz)8m(B#pkw;P!?)1#MI*L~)H%s*mXAC! z5JpHop>e40@72IzvzlFui|Ogq+RU)qcM$WTHj|4{tM~VpdVd#BNB4Kai(h?}-_@J> zQ^eT5E?)es=A2MxY#>DvQW*45LiCV!dYKkI>>BhCCT7rsK@YQ`2Nn!-U_&9>$r4|RJ&7j$i(y!G8K5(GvL912Lm1!2_AOm0}pKj9>T;7crf5$4)Aal zbWumZ1-=LdtOFf~SWqM`aDou^y;Mew`{14;IX%C+tXf`hS*-;w_W2J&Ij$Jt|57@< zkaV>%fWZKU@&N{+PkbhbA#I~F9bz~%fFVrmF#y9zsL-AsDzpt$SUpr&qyfn??OoOc zWQ4{hMlWGthJhKNBrqdZEzG8wXd0jqCRRG2VT?@H189uYN$5yo2DOCz{IXgDN;Sa~ zT0hiav=hL<1_K*ZUn~J^NE@e42^)3{YzPxGu))BFsbRxnY&z??A^MhW+d7kJs4VI- zZDrR45J>}3qeL-i$eB!j6Gw>|G-S}wBcY+k@o-ru*zt_CFsloMpS$$W zvu-DvCSD_ETFxcQc`I>aI+pYO)Y>_g<-DC;JIAt|x0`!$86S!0Jnccebe{8^<$qPw z=X=TfS*ffM_4yK+ta2E!r}r`#U^`Pg+4EiI!@S-*eyK?FZR-rP(Mz+CoAbt8P+NlW zjS0GUU{f}Og%;YfQ?=gxJqQZ{9v%uBu`G1u(l>-p0r4|KRz5LVd4`N4aB%_WcbenA zoXq5_D`lqFFD=xJ0dFe;Z)qddS;1S|fHwo)W&&@`CU^nXk5BB0qd+B3}5R<0WEGiu(iq zJa?TixOBa7sp5`X6Y98J;}_?TN>t-5?_eGlgLwH+qtEXN;Ri#3L)#ac%#;>h)gV`1ivIZ=CHzvXqmR#zE0)9D8z8N>q907;>r5J}3FB!{G)`7Ub z6jXI%0~~ir;Daz$>8B|A=cRk;X72*b00i%mGX&NEQXklS=n)Uud_fK0_Xp7DZ+heg zQTgb5ycY&vJVc>S=#R~T?|bZMd%KVQLC|ejWVr1`@70NVFYn$~1AGv9bRk1FATIC+ z2m~JUDS|`r{VM39y7ryeDvZm}BEw6G-YWcU zA7WS5otI3jew0gtxAE&cpgLPkycjmC=a4%F-ci_tE(FjaZl7Tr0SFlK0qI4L>}Xs7 zE1=Mi^Gr9w#OZVPyn{2N)mDDYcC!H`e{uq)RQOkCdn19Fqojew1NJwzGkQSvBa zsR7SHkRfo5(T!-9llRA;-@WU2ve9pqAcRjQvH_MI?0XmuSLT^p^5iR9 zfFh4Dp6Xq3`#~`Zc@z2sSYkp7D9UNiY<0eeFWJP>3ZzOQO2nT;#ky`cZnu%Uy(LOh z%|TW}NUv;i<7VMou09~af?bSPN5j(WoGwfS<$S(=QLCk1E3xX8G?H~#FFZt@c)9pK zHWxkNeLZ14m-epyLo@0=u=Vn$%M$j0xM6eSZFecTVPRP9s3*NAYG06!v^^k0lnt}J zx7skWKBcxKV>#GfNbG)EpwM*(QwuqZ_d1%%^yVa_J_TF9%w6=0o0oCKU zI^e&+v4g0uAMz%)4+26}6T8RUfahVkriypIBhdS#(auvRRB?Il??XM)!-IhDI|qjc z_Fi_KF8@*1OnYW|X4OpGnC{H#AhpjLXUv`r(muh7RlIM099yW2``pqGomO?i)K1=C z>k}px3^#?5HD63SF7j^(z3NyF@64S(^{fs>7Q)xambz_eSAG9)(tUMV6?+~2;S7e= zx{K1dvlU(#a6w_Ohb{2I1)KU5v^D>s%lJlM{I8NUz?Z1nUIg{%A*Q_Qj{{Ywa^R;Yy5KGYKtLiG7&E|ofna7?v(Cp;}{ z>8G)pp!$(O`}^MTM`~6~eDRP>pz2ZLA?jn4vR;Zig@oQ<)!;8}3_lC_8)K_vz@Gts zA?^{7$41?t-^XshGrYE}j@^|gN7^)CS0bMUp_$Xy;2i&nrU!A431L*B4Q!du7&*!2 z0v>DCH|WHmlSfzbWDJvMS?G7oLT?uO$rgI0$Dr4Uc9;*Tk8GvOh@N1<^~(`~e9!AP z{=wn-Wwj>W;Y-o0%W4dMn(I?H;+#eBS zXl2bkb#AjZx5xkaf|D@EC7<+VstP^N!7HrjvCMCJFf?B^ zdk{M-tmRvg-DH(KnXZ!g_4ANxW4FKPdYs8*C#%S5NucXj*z-YH1p{3TbS*_W4Rn3N z&^3L6ISX{%H_+8U*D0Xu7Tz{Znx3 zUzj6*i9Poh=c`}xZMkvIH_rL#LO%VidF`>VPAPoujqkfbNb1qEMo3fmzR&6HZrt0S z?!s@}+h;7NS>M-Bhhe96FWLEgaqi|NSHc+oa=pODNv9m; zH27@&@R@NNH}Gt2+{PE@DE|1K;fwMGe{|>X1-W~#!oPb_9^J-;+n~eJpe}4T3RF&?B6n zpRw0-$?=bIb6z+SGH%YL20O;h`LW!bi`|k){`XVg_8JFav+G^8-X3~bDY_~8BS6fb zkQTlMEMm{j6?%WqKYw^wt0<7iXCJ`1Xe{tmHkMI!FH_ZBlD(7J;~8F16U^E;^oF+$ zqA4q)xgqrGj{pUzV00saU z0AK)sp|LRQ{}WmN-9C12JJ{`0#8@X*B6Q>fj}l8gaFHcW>h6UuMJN@Zjop4mlQ4%4 z0Ztxee##?)IqG=>vA@uI{zE3Xlrw>O>PZ(}PdY_Cr&Rx22s@kDwJ3rN%}{IQ)Ed?u zS{CwrRK$tDpawZsxh&;mV8Jb-oPU?wAn#=+(;pH%=GNeYY*e5r3s2%^G<$^Qg%B{? zgpzC%jN{8=IKKQn=pyPOAMv>-bp99_@Gs9##DxAUg7p z?!k`n|5?Rl{C}3||0CL`eDVLDn=;F|^%!MV+1z>-;>=U>(=6k@W88O2T+Su#RBO** zY1ck9UOA%yiSf!YfMlJ$au(`~Q%2{T#kt&+)W>EKR@MxSmf)kh(k#w_ro^F{jFGnS=qNwfHXa?N@#vVulf(FMJhf}A|A%nii9A5~ueyzVh@FYuKgRff z>@{1>R@(n#XMfN5f2`s%{vS*9|7Z&p$O7WO45hWVVLUNTBI>SDN3D@M3SRd&vG5YP z?{xSq)#<$Y&t;V_rX9-*qOhJqdOvTlYm*x$o^UuPZ(mkxAT)%2by@v2{JUW5EX-1d z^ZA$z*TKi+MP0?m zHXN!r1loI%Hx@@QItl?_z5;mN@9;4!aLZ;0WY`_^(J(v>AhaWGa2-*N!u0syoc#nK z8s6j4OTluITm9DRs^6Ns`mMt1PkU$=Rey!zZ_O|NR&fV7DG7Y#e8*@c0^H2X-CQ>E8K>jYI?C`cGKL z8{9E$K_^V9N71+xw!n5K_Y2-nrpVdK<~%0TS>c8#S;;kJpF|57Wf_iGvW4TrLusC*=h4n8%q9Y{t{pf`UV(8t{f<-$(9p+K?xX9<>qw!AmenE50rh ziu_-PaC3em=kpFIb9S@52 zEi9tV%SfV9y4d>VKfg6zUv-tOnp};2MPe0(L#csdx;X#aly(ic{ZdA?-{8^(l1O5c_2wp(OCTByiVogkGrDonnYi z$rVyOL~TmEk_t2$pEhO|q;@z`*FvV@7(JzgubPv{bV@3e5u>!kLXAdgB-FJKXEa2o zkmr;v<|E`;?sb$Q*I%QN8HsY@<@0SxG(w+czW^5$_IlVdilJp4>lww6Q4ATyP{weo zwL61i=%rB%8O6}7ilGPr=_g0a$3K~~tY-yx7N-6wkwID~FJLVZL#-2gjw2fIBIQ4ZxiyR1IMlWu};O)+8WI7r;>qubQ9nm3d9urJz> z{ZCl#YVv8p12wJ4+G-C1hAyN?6Yx>|YluJ#h(JFR8-dMJ!RIJtnqdm6P_+0|w(PzTGU z_pAZF4}Nu7#kNzV=y=Ms1%}`=QDEas_bfCTwP%10v=0rzry=+>7{(BM8iG$l@M#D> z4R$Rx>@)E6S-{hB_yQV&PlNlGsJn_*|HtC^%qf7O`7|`2j}JSH%FJLAgGmg3Coqu2 z@OMs2cli`JJD)U4G8CQ30vn9<95IrCLWW|~Kp{{{D6~Elo3p!CL3`0IaAjxGoVBe4 zduGW!&J1CuaW^w4Dio(dQJ@G#8Ny2gqgDl@HcQ2L`Q2=j#BkaVS`p6(#K-GoI#+EM1HwAiKaL( zC$OrUZ9$SWTas4Nwg7>>$EmeRBum@+^|b2ezs z2A?`?G*py^iqcR~&PGKkALcPo8tTa7IA%uT}0WWM37_nA6w0X zy%hiB&cVU1;eTAkW%wVL&;N*hM5U9#5oqnVUbgr5+O6H49ic&)ksUIw&Ha5eB2D}i z!y}p5g%}OiT4}JN!7KNn#u-v$P$x;Rk z_EA*GD@0x742g|aT+&%ZdoCJzLYdAI19wzwt%XP*qmXmCZB8i6S;F6@+X>P2k|i(k z8V$~G4ABXtd0G-Zv7!1+6nJi3aYh*$D`G7#cziXiQ5R1UV$ zH{mWXh8T*g?1s=Q?DjhhDNBWg?(7moY3Zybz_G|MvXWS6-iv}V({CCd6U7(;wuJ+k zqC;=dWgj0O7#w48%;V#jg;2*DuUZ3SW>Z&>_QQNUMb4v@Yay0>D^Zw_@%edt*{!}{ zi!q*EiE6y4gWJ+WtTaM=wDK*;d2%JH@f>~v&7HWsZ6v*hXV5nL*UCv2oC zTsWth(#tk0JYE48<$^n*JdGdc^U_TiKTe~WFq(;l5y%@)P@|YwjABCfIDCBkv*J>% zu~MR3a$9w=9!()p2CQlvM~&mC!Kw0r!KvB}!|rcz>Qlj~Jtn#3S=k|l;G$m%2JA5r znV|G7@)f~J)qrJzR)(zK;HqbVt0F>M3dx{EFJMo+<5UbyBC)9OHtx# zp4INGA4x~8gwpefy;QlqN-d+nBX%T9kJ#%cMe(npS}CAfIU_dMJc(#LwsL7#l2jjA z0+yGCfaNJ%Q}e$}O8TN*qxoNU4))va6#q+Wf5-5@tmHEMFYC_#VpM>J@+G`$RDkQP z0(@-BmxXY=JS|R_@{+jB$J+9wSXxR+%Q6=a%TwZADJ#*+Jj^PFN#$87`3;jw>Gk|I zvtLTr#*nAPcg=q3DeRY?6M4!q@T1{Kd9o12aHJT7Vi1ay|Q6P=WX*<>-ELr;aeq-SxD9x`Mb1`It5Fl5L!4B3Vu+c0DshHOJ4+bHDM zC;_R)SpJ6_La!VGH4=#M4zB{6gbrdf|HJOi{%$kH|FFA%VE7+aavA=Ib?1M$zxRl3 zm|zVJL}mwO)JyB2UfP_22cl5zQcQBnq2(5M0f;O91Xn>9bv$Bsu-hXe^fQtG zbniM>*tI!+<^QH0@lW`p5FA`q9~MF;0XEhAwg7_JqL$9(m6)-K=i!TZ(o&VI6Jy0W zg*|bRIP<6;Rwd16Fg&9;5+mg}h2e3r95YN6s}f_xK=Gs{`HdkuR*;6#BF^b4Y0?d& zMd_94HM0XOkAZ<9wlF)uW$pkcV74d*Bh&I!6sNRq7-pL7;bX!VLwK=p1Y-y<41h5J z1{47p!+T*6%wy`XXXKlhOOvydJl6vVWdigrQ)@med&NS8yVy+EL%P{0zRT32&&h(Z zlp(y3yw^k6DQb^p>)K~y`FKhVEr~OxQiU&K(tJJ*ouVii+tO2zl}xoft#SfePUdSS z?@6aH!+r9+bTo$h#As-qy@tk6pcn;Bi4-&w`E@RIZ?}LP*8>kdu5xB|f?Z^m>mk`W z6fC}M%*Zx&3iVYIt=9_~{TcpZxS1AjAmEi>z8=GrY_k-+t5 z;75sBP_%_%3M!QC#tWTdW%K+0y{!Itv2|J9E(b|Ut%Mzii*V*Xli{&R^^K>|r?N1^ z^sEVbR*1Kj*1JaFy(ic46o@Td#}oe=-lqcIr+=s+05;Ev&9-tmpb|_2(hX2X%KN+>P;eRq}Yw(El;!lAyCQxG{3*fC`lUTr{&6UROq28Bh4Dpr^gcFH-@O;dU{r;ScdDV^aoirv)e0= zk&@whGP}KH@AjTK-_uess3CiLvJl3QJsAXJ5DX|nFox{OK$yo?SR2Bp)gqxK1ZOu~ zPh}A7)S=$zl&qn7dfWl5NK%%kSYLmJr@7l$5)aK!>@@K#`Hb2)#qKmer_Pb( zwWvqWS%%K(d1+w`os-eQJbN9Cp>r}Sn3Abr45ic4Q@dp>8tNO@_M3 zP&XOsrc(7RL)~Pkn+$bRJOm0kn;wO(Y2jB6|C2R<)MwisB}3#7P{8Ugu~8k}dW8Cj zZlCbyjXOAWCd^|r|5LNo+S^O>Kecyu4FA(AE{*!>r~-fmedv&W!-Br=pav$}QnSZ* zbTmNK+*b%Y0uFYATkWapSNySssE>OX*+)R#&3`YN-;aPyTkDi{Nz#%3Aw>>?4Apr8 zQ69-oTY(-{yNM%k-Ks#(i+;8mtwy_IBW6+T`Qp|wc#oVR5F-Kf2nF$A0LgR*gy%W% zeUBY&Z}+i32)Yf647K62&A;eG!>4kE?rsRR*-@pQO02HsQ>laK{t#ldN{Nrq5Mt*D z^f7d4(8c8c>+>5t*9ri#5u#^24{_(3IhX`4hUhxF*TrlIsdZJ6KZ{0uMJl>Q-c!}| zT5IB$jn?|jj!*xZVg8runJE^4(er<+xzpTF&;Pso2WI|X#kB!W<*^iyVol9X{7Uj}-1=XM!}Iti9&_>Qzh&Wu@b;SvuOW7LLmYutr9x4-gvpw3fPWwm zumC#F9iYe}!y$5Q;1ZvAR^}lK_wIl?um#cA0J=7R!9nnv7oHCTJ`ybAG7FP{iKMLo z!4?t&Nz{)a+K|HrI*b79@(m(GjKd4plK)bl0UEe~xB$7=m=br0T%Um(><@s0`H&E4 zM@6Xt7FYwG{U_{Vz7=nP4?RAxfK9*+bQ3kvJ_}q~TVE8eM;wRTV7D()7iXI_0PTMV zOgta*3|wR(#vr|`iTYDCB-c`ORzRIQ(4|ncP0vRZ{1!L$Zw-~`5c{H=ZU6u*FE|42 zW^<^1OU{BLu-E*ARSo|L5KDc~%6_oJKL|(Xu_gBV@|$x}X^a@S8SpVe0R-oX_W&D^ zz_IzPq&Dk(;t_vE1Cq~lNDL4_dZM~7C;ARUzGxzu6rUx<$p(Nj9n3%< zxrldZ8w3oyeJO*$am4d*LJUz{YFdz8S4@0of#aMbiy~hRwhBX5K(T*!LR=r+iiYU1 zca#L)5!m0`+u7wqC2)^(?|mljS3>-#>f+`%hG_U+CDM|dr}7DhlLbB4#SZo{iX;bZ zJN&Z_&i{Gdx%lwuO{GG+&=U7Wv&jZh4fbEWMZwqC$0u=*6>sKdQ>*}JxqDaQpETaGC&knkZa3> zf7ur{z?)l-FgZlk0O7rr{~QqJ17+V=;XjlOnW{!bZ`Q<$2|QvmFyuX-$yBxh^uad& zbDI+4S2i|8g1jfaWuL@wj1xU(4EJ3Cr9zL_4)%K3;lPANnqdZoj!jRvMNPnIdYKY6MBK@kj0O9PaQ(v z8ob5Gu@evE!z*-m1cu0mHuPbGkJ8jD01%Ila6*s32RHLjf~<79GHr<;>bw!fR+dXr zr!tl>3feXjix95{NQkH65&JlaBR0TWd@Fk4HKKQbIphYs`}>=)UxC2uQ)r8Up>EY- z;1gy+2hm1yfH2rYb)VGHHMaa1itz5{QwYTJKVc~~7*YxG066`8&R5bN?gx@CIh|G! znv==eu8v7IB(_2HT5Ou-B-CoO8#|5N$_8KvQfq*sCoXF>*tOLN8^I=g&)q<`aOgQm zy)?XQ*e+|xZyPM=_3&+F0}xL&w@OOvrCpo&Oo>?t{RmXs)x;~vc3CqyI`po|k&x_5 zd}u&0xa(4EhhpNRM1MOPDP82ll;C)Aj{qFn`@2Q2#44PMPaH*8EqYKLpk5Dgfqy1y zj7d-#_wzTmnE5RAt{iv;uO=#eMllgwdomP!HC>lSfj!!>Nou9y#f*1&S&sN1}UBlhb5Zc;e>=@8=m?Abpz z2S3@*>n-~`tpEArr+Ym_mzVb6T>d|Ai~s-EoW%JeDKcgGc2te`g!#V{Cm13z!A4aIyVQS+uXzLgKeF%fug{=AI0FA2{;8gbH`Sx)Z}p5K zXn%2?J2`>>lp6`{D@r`rhf-DcnYidDFV_V*2?g-;HJ0@iRmzc55BG=A3nvSaD6$*8 zn(;$bx2S6J$tUQ=)hnn2(~yytfV@5WYl}C*1_%w}gaqRCJKise;TQf0-yYd1<<448 zS$qYd*b?>UJw)uCd6InTw;)wT*97ZcV;jS|ZS{xoCU!%JMDB#u8{3IDj#`b~#*QeG z>@}hcDif_}TGm?c$`m5%*7dMkGgStyDbwA1Bh{m1XG*ow2N(M%aZCApmxO%`op6)r z5jz?L$(KbbA6tvEzSj);zesPh{rStqoAZW$>yOT3%=u6Ipq1AD?H=s5jQ(#GSE~Wu zA*l<1p66goBCl^>KZ5QZ-wC>Eo5~Qd$Z!Z<4vX*a>wIxmGYA9K&q~o%1r2$A-B25k zhJWWF@W6M8YVP~|<@8PG?911SSHB7q0?T(mANinOk0w-be;;jzLA6jD8Cy?*26%V? zbprm)i0eUr@Tz*>U>>p>{8je7`J)l4;vTBuo`_ADO}Iaoxoo9s^5HC15B@P*d~L9g zhN2=Is|2hO?E(2c_2Z!`N@op-*yA2;Z~v;wc=T)3>_T|RVJIoVj|AGUp#xnD(NR(a z0Ptad1U~p+2=9OouMmKshi1gjj!_WhS*y?JX8yZR$^nX4W{bvm|;I`+E)9Z(QGsut)s(Mv#Ioe@<>CQ zLaP-3!Uo~RtM>@Kfz)0=qx>4SxjbeNGIVV&mFegIxz_*A0689_tl@j3jsnN5|9d+- zY5R}8{hhX1|5tHs0A=?ix{-}~*hQeKLZYYxkPcNxZ&grNa|Z53GlM+33(Y}tkL;q) zJc?bv2daN%+try8;Qc)PcVz?oLt68J^T6Ysv{Jdh-+oaE?}o~*8|*j$+IDoX!>2oG z-yw7#a_O#B_$yuHkQ;Sd(}?iV9!10hR(Oh_beK|2{jn;0xSp|&~P2b=6d(cJ7nx^p%`|3}T&PY{LwD|BhN4}INbuMCXjfY3#*oE&# z`P%eq$Op7FKu18dy66aRZar~wmpaf96J4XC-iuph%=%J~Ul+ZoAr0ch>Js*8{$`{^ z_z8R(xE9#o5r5+0xlkQ~YQ36Yt;&f!(ST7N93R{PE=^%c#TOb;l}6I5g`(^JKB}rZk>$@-&rCd4c&{S*=cIXxmsO^zUKbr)h)2LD|Aa#) z`xIy`nEW#_xV2HkCnseq$4879IcgZnw?y+zGkR1liu#J)mF3^zr2P|6h7M|(S`%^n+Eufa9f{?CSJNL+@-cms^F z|J-f2TdDouertEn?EhAA>2~qZ^Vs%vt8#^1`v{y0;hrPE5~@XxBJ=WDlv$^sRxiOi-%H*{}*w<|z>($*7>R z(`CvEQoNG3fy`o#)K|$`#`B{15!OLfR+A~e=55!PamBN!Nw;E&Udvd#$}h91O8@#N zaPu>astG_SUGaAYF-$7YJgkui3R9MMaj7yUd0FwLzfHDg3Pb8mnz5LOa?P=n(A2-V zAEufwBfy+P*Z5tWJdBM}NLMv4kyx1fg~9~dG4)X;HkMMy;whu<@KR^u)r6=Em0Db^ zS|f>%8?jwEcz8Id7f!@FYwV6iZ?QX;cqt{#l#O1pBwCV`5I;&&82F_VO-L#J`UZ6y($>AMj-_7xy7~Ug z`9P6(u$=qu`_@AHK*;ZB!+ zEIyR>AnNRjccYwIW?D&{*QN)9Y$;_llgca-q;$L((Z7=4d6f9XBF+)GIMK`H;A`X} z#?C0|qGUk^zVE$5e!4Y0Y4?)8J9%*^f;L`xo{>{uc5KBC52>*ge}Ao8q2-DzGg~Fi zgz{%J-BKt?MWZL3p5k&+&c2c~YMX0{RF0B^lm3+GLwY0JU9 zZzy#82>jZqfnP--!O^Sf5~;`A1DQgk)hKMH_|@oU_WigC;@87_1(i=E8aH-PS#)uv zi&Xsei1wfEwm#Ws?C_=))%X;aFQ;j`>i9O%EJmkni{dYr(*_gDSQ@BKE!h0ew3}EV&k}w;8XC~t0wyon-l8SBHwr$(CZQHhOI~ChjRczb% zPxfy2w)1{oS6gpuwK>N8MjySi#0p<~x)A@lmD_^UA5R zedH*2i9A1tLlte6#Q;83)1c0=i%-yJ`-*iONgg6Mcg_VdPox$sa;754@?gg=i~ZE| zcXeV>3m6tVR>5SfDFc^t4la`{OIK`-?1R~nLZ>eeE2if4lFP9d%Pr}$IDK<3&mgPj z7GZ-66BiI$&8rW4%P?RgVU&y|8cQ`v9rfkNer!T8giv9WtUWZJpc=trYgWH(gcr%% zU|oCDKlI?4d(&_Boc}kG1Hi=q#HZ?>ND`5^Zyjv5b4`iun$rW5LW z{t^2|ecwyT5qHL>&f#q2VYETXvmjx~5$&1*YmDhiRnVZb8qKl(td1X56pVcUY;JIm zulwKJWZm^eQ9CzbG{S`rs`?0>K@navz(y;GWb6h-mqD3ky-4<|j&>UHAqQPDy0;xI zwn)F7CrI+)I5y}*XoqD4ln{}#a{7{zwv)xD1x-cva!fRTnF8Ezp%_W48knjD{$I9_$yofv>`l$GG>q8) ze*$QI$&T$8iVi`~})@w@WJ$d+HClWBqqq0D&_gKdRye$jD8{xCNoV>1h|@kqV5 zMBH7(@~p-AY@Lqw1g-INe8c#6g#A8;RmtDTko$&@EIipK>`gh{_uJvk$sGg9Y@Fxr zJ~j%F!k2h~w-yG!>`4_L^n$uIdA5MeBj6eh@Wil$$!>rHsY@wHFd}6YvUUi@5+7xJ zq+P)LJ|>fS-ERDlvqt0BVeN)~i|ix_;|q*>cuUXe4+Mi#DygiE<+;m*hk!tXQ?~O5 z&~f+^FH+4?-||4hCSC}OUyVPi^Mg;L*H5*fjWH(kAi2el2-W>Gu=71Wy$|`T*K%2axm!TZ`6TawDt0VV z?J_tXqr)UA+fDaBQn$cU0-Y+;&nTRem<*+vrIXjl98Q&P8))cA*++4|eJtJsv~`zA zc(#$QbWd&)$$y(5+LGQgLN{5rg?dFLZ^dY6r1j4W#s!>=X1>mgCx;UcbsO;QVtBT^ z&!;-ytr2hfcb+J8pvF)BkY^8oV7IALfVxxcIzV=$hRF&S3RSI{jy$w(9flP*%N{E; z)0l!0QuX1KYJ{2*ptzr#0bI#-caAPq?}0cyoPn9I@t({v5~5sZXhFHbI`p}NL10c{ zOe&K$*730OM~&?J;yNx8(4J%snj`pQdt((^qB1Z8)LDRSAZ}yGYoR;9XQcSZPo~L+ zX#jf2QE-z`$HFma*GCrfGwzEGi4JnZ?{YH*?U3kHvhzZDx}|L@McPlVg+Q28IqW#9-#&~Rh z0}SS0Zf?aPp9@`3-3G*%-xdwn^-M;Kq3fyYv3wS)d*0vvm&lH;8c=rx}-yipT@i{G_GwKV-#wc=L>K?3zn0T~vIy?>(EZL;U37aYIS?)-k zz-i=s=0<{TdW}iFkb7r_o)n}Y+J6JI(_~?TGy&fgties6FYoEJAp8xEnuyx zn$!qey`5cP+t=x_zY6>B^La(fM!46K81gPwdke;bf6J%|b{HY0kq>j%@}95$?w7X7 zDWdwVgwSY2sHloGW1I1|k|K2?`jR9ycBEKz6mQ!`5j(jh2jWH?{OW!fXvpXviO@l5 z_xv03oA^GxPoSr+Np9wp13h?v2I&b>q8b1=PPyl`u)&!2}1 z5SQ;MHqn*U#FNd2BWEjLz)4GDf2bE>sH3*N)j)L+`Vo+L39x{CHq{hwN``F@g)a%P zE7qH8AnHWNLn^30NBiAr9bV&S!tlg>sz*fyLD{2Nio=0p4rUL3DdvOon20*om}e^& zH4Z}@nzfa9ym(xy`rcP#02ZiSggnL^aYXnhMr^c`z~%AYb#)G&{Xe)Zzx2IN`qu%q zhf<9UTJzy>XYBjypr8Y!IH4cY-lSv~@%dGLBly}8??J76(DQkKyt1ieOY7Vwx;cRd zewAt|-9+FDyen{Aaq_`zH4m<|A@9W2oe7;q_S3MpeN2<^k%5jE@VLgS;&!VFM1*df^#zt)&bRs<;SGmbCGlz4+rlwZGU7C6 zkI+I;3L~E}y44shQ&5|I2&)iq)x@XBi--bS9^^x9Hw)OqD)F=&&43dD^icdrodQ$B z(Ls-+A_5UMsgzl?xm0xN5G=<;78hfxn8GU1b+uM`g|`U3lEednDWa4cq#SO6U0V4UduHf+n7)22~LUB4}O{^<`&Iq#eF>&SmQuCA@AXR8+J-kuz z$v@-}-v~_jihMN(wHs`Y4#pPtBB@81y}dA?Jj*8bA7Z!*Kii6X39MX`*{n6$XgP#c z(1@!JPS3I*i)Fl))K$(W?6%8{b`ToiiZKY%9JcpC9wBdc$sA~or2Dw*8~iAgey4%` zrsMS!>jL{16dq|Q^FOZQ#R2h7{grwSD5Fy_>WS}PzRQXDc<1{^qhGxE%y_|QULNzp z4eU5Zf+wfndc9*XWOCB%{ci-nyID!veusy6M;6Yd6LPkZgdM=*zS8_Y#Tfy`CWvYY zdWei&DG{(^5bhWB5gX)l03AbIZBrUHQmKAMT!KRssvt$9*j6)~=0Ck(2K@4Xn3&(D zqBBELRv@e9LsvGnP@|TvSX79uj~8O(eORpkLST4IWXGQqY(J2lwimK->Ox&gIEP%r z2zo(BH$OowfJkC`!Td=58Fv+AzS=Z>{M*)^gJ%Ddoalwid zGC^iYX>sK!92cvLFB~eXZi~%SsL#pwk6AAdWEEIVordb(r{n4y^uZ4HcAt2ZAL4lE z*)Iy7(7Pt0!yS{nFFuG=hv= zk$WU^bc1+}cmiLZ0)k!;$D+zaXj6#F5Fd`Bks3+3F>aqLqA6YKoqT}aBK6b074a_x z35ix)*KFP0{|Q@%xLbVY=^Ui!45X`few9hnYj;+oB_?9Av>f>SH|WWD?Nb>RR~A&A z{u?LXS3xr}cs{`$^hKZvbqG?&Z-TtIt1ttFSZlSTUq5t?`t`fGNC&bczA6T0Ea|)M z1^&L2UhhzxVCFW&OTkdHh-|B2b@O|@)?^(2EhUdY;`8VIMwu!a()_-rR4C84;#$9+ zK?{%vL%=VcXjnhpKWlOM)T#T3uX?h+I;gOQh&OTW^v{Mav%)fz;dZW&?vy3&Pj>y+ zT}FWVsClc)7OYyS7J=|7ayMT(OgJE~Ojz}nB*U^NtlU24OTqb~kj9QL?9`&(Dx|$P zrESFr*SC;S5afaMCz&5<1CX02+V77*kOikONqYwYcx9I%m@*v&3_!1+;Q7s43(Adz z2eu0+e#bEU4hL~t&A7KyaNV1kWbJLBHSzhsyC*8u29yf5g7lpPNJk^F@Ld+AbBS`4 zKqb#Wk#3C??MWr)_Olx>SeueUi z%B~S8z-R#W@9u~wyP%LF37pt2-{Hf1LZ##A@W-Y-Y2&jmn+1*={Lj2-IonDi7jGDL)FE+uD@n&Q= z!Kx$|iE0qx{@Kn1kYCVALZ&TgJwYV9q!Ag%uC85r%KJdRd*~=2cyJU(uP^#gDplTY z?1zoECfTBJ_q$fMkD2XNgf&7Au7y);R$HGxsj1?BM0k~>=S^DIM^!^9~n3JmWv4J4T9tM;som8tAUaaunR`5kL zG$%PdJrd-tdB3B3&g%8*=|hzqT(_(p{{c*+iLd|aV>n~M# zfx4VKO?RX8TD&mwv-h5c{!~`+q2|+4RRpcjVA4kz-l`9#i3VQPq^yEhR%c-`M)|=}5Kco})h+Si8t{?7D70=@B!OyZh=Xk9 zmm3YuqDQhloMhYAgP`+aq2pjhv{bfCcvs_t$Az*4pzl%!xVCBAMw6fZ2L88ten??W z6AhxWooB#|@>XPW+Igj!3{xnpcoRO*bMx3nUNbC762*wv(E;J%#e-`;6(guoGr~?q zer0{|xbesfJQqx6xn-5B$Wo#gAuaj8&~@rxz8kjG0sP+nJF9JtPtgY__J5){!>)IA zB-RB8?kv3k9Z;6eZkzX@T`$+7&I1})!EPakRwfnf4tgIiS*&x5<4FS?miC|G*q5Ff z4=rXhUhg$^U$+l;6C2?}bx+t7wqKHYJ-WKwJnwJ%eR*F_j|+4}j|hBmMLDVOZ>Pg_ zKuy(i8Yh3N5~v_8xP*nrqhoC5uhWHzMhwE4$>{n^D-Nt2AhK#Q)RvC0G&QPv`3r~T z596E7+RAJ{Sm)b(R#ZD=(rNaV=I++}!kFO6>LtNV-G2A3@_BprY;}yjiSbFYgTdA2 zdK9M^Ie=2}WehJ)2`eVw=5O025dAA)0p3fq*Ez@^zyMLW^2(oRDa-<7c2tLTh?e_B z_^M4?6`K7kt(Wl91%E;lU*>qLFM)_#e7M|8oc*kLZ< zK>u(MhYraF4N*szy%$$oh~NK5fJl(`=ET9a2r3t)Dx-cQB}MB{k6N6Il@sLjP^oh zi&gq$KgJJmYVp7QiGM^XPh8&=c!0PkEWi78XTzUMm3j)NII84BhN+K)L&z`sRksjd zM`of^(sBP&uvWtUt;RBLs5@7}MhW@ep|byE7csbMmGY^&41FDs(N7$bT68 zoI9IlM#ne$=L@I?uSjMIlDaKwZrFWnVEj8(wZyY%*1C>lwej(6a)109i0t$pYAjYN zh3M+8j$`QQnIvlY^M|+DhxW|r9qg#o5^`|G-L7j&b@C{?qK;mVf2V`#Aa&))xp$4@ zVkPQlu+F?w7N#uMBwwHmM0qjkYJ!^|KyyO>o4G@&%SC|1p*icHSmDaDW=#dJqn9#o z5*uRl2~q8I&!%#FU;Frm@rTN4!@^d0p(@_t;OcoIhB%~W6*9n;3!n{S0ocF}|Ys@L(aIkYFNRz7B!LOZ6*0G)ynC<~VW z=OpdlugK*2(@z!JRe@8SJZZVT*3^R}TXeseujHlq-BuH{tQ~X9nj&NTlg2}x{x{mK zBQM&^f3ol){HWn7LCwRJs@>K$m(<`o+6U#PC4mk9T0~BJiZe`RQ8m`FY&M)!&rOtT z!@tzkQu*}0k#(e5c9Foa5Bp}m?VteG)$N_l4>SPUg98YU)VDNhL!i_MzjBTWc4Y)J z&WZjrm*VMnllurXoCdY4LKZr$xXu1vBAp;gN|LZ^y0h^%uol`D zK%9U{B<`+5AVNQu3XPmhBsj!o6_pmMa{_qK@xpO}70?MnMJ}sI41v*UxYD;{PH4+k zW08T3lYcR!(LrW1)xUXM8&$^Uo;;G5l569K6bCokM9ORI@n8nf|HHjGP0iZFOkS}yl zaI%4%U%12`MGyNGnw>phBmoF_lgB0KmXvW=E*cYl$AkUhby~ZUNWx+_Bk_ z*YgATuU0t-E+<=r`MwFSef9uw@YxkLE^&9-g@xvZkn#cUL7PMbwIaJg!&oPw zG#bTdy`)NuZ{kfcO9TfMlYIk6VB9d2*l!4E=jiFanSaZ!&1FAwjMz12Lz@VCZA+oi zGi5}V(6*tQtETXc`+X0ghYzj5I^_%Nmj9P%jdShfTt~SU=n_o4Mcn*Y-GCU(hbZn5 zf}prT^wkP8fL1ijX;2h@K&&DmOo#z|pTLA>~ViyNzLrO(MaiV59FaWx0n2HjE zmoNqjZ+PIyqy!_C1`O^G2KYa1=8ybTt3bpj4x2woF=QR}XfrVkHHq3>zvm?@$I=SC zXB@nfo-n_zas4uQb>RpbMo4A^_OrKgBbN6rb)q+es!vPV6`w)sG(l4}WjslcBRM8h z;D`n(lPzKqUYrASQOpi96yngKUi+c1;vq2vdvLmcB(elWK_<;W@N79*kQ53a`4E?( zMt2p@Bn|C2lsV*UaONsWSlCq>GTaVIgTJC2p0YN4k%&ZfjB#VB{O)0rDnPNV&5``~ zI$cUXLzfyjWJV1r9byKSh!}%fRM6t9-nL~VEg?X*u)>AqV_LNtjP%;$Za5cbD%<0Q zl0iMQ6iw!RBG0&zmqNxtM?q%$r>#&YX6*_`u4`wjIs?6*h7v9J4jojoI3h@pkgNvf zGl6K-xlsv@_Ll{W-QxGakDQa`7scU^o_l@JN}ID1GE;)H`^S-^B%ow%@)3^YPHi?H z2M%jN)9~=^Fn=$jICPTeS^4XOQP)afWX4S!6YrE1K;-;3$^G9W>2FTXwJvF8Xo;xD}(yA zimhyGr{gtHe8tav<&VD@oulx+B%1Tx*f`glhk2s-V%Y@viCRzlx!}%y`%k^?vdlp5 z;oK0S?1PYRh!zw=(jQO|odLOGm|t>4Th#D za$QG}knVGBs@iCtrZaWxQS%Mfph~|uxdOaK9gxY?G@TOj(!#F7Bm};62d4S#cpr6^ zA+Re$#E|gEI=SkKloP&%A27&w3j{H50Jyn&Zks&uH+TMc`=mc;E{cKj@!h+p#3wv@ zLvCgttM}&jdlc973x#omZ@x%F^$;Hn`D0V(i07P((bqqg5d@ZvhM8rStkY=_R4eHU zPe`OBV|bHjsD^QD5}Nemf+~aPe~VIfSu$gC({#%`f$6vnowbHHrn()nYa!w0?&j9^ z!EL|&$iCCFaT&Vz%Q&Xp>-DMH!Q5TsXU*M3pBn$;d+eKsza=MTdJ}RsYC|D7D3E-o;^rFJ3kSbWn;-^@M*pv ze?+FLRK_oq+jvVG5lvmN!ee4!iZs8ZV3}r6;{)))oliPF+)aJY=y3z)bD|Nm~EB7oBy`FjN>|tWP;SdEL*Aw z8MlH<`PQ3hwe22XMl?HUK+#)#f7cfZ4ms+_)WUFm-c+{K)>t1vd!PW37!VWyt*kTk z(h?<|7n%elPIcC!O7!!-%W7wxM9yph)zq`Xk!q(hm^4C`y^HpVp_YCB=Qy3;4@b-@ zNkO^z{2F-LN8-+|pQjhcmzI}pgn4CJPa|zjg!M+^W;TuzRx%b|oO5sx))yR0M{@n3 zitZSoz*Dv9|Fk(HyO zFM~BqIby%Wj9jX`V`#^F$A{B&HTB$|i8}A6;#^Bd*;GS#K%sib3{SA6S;EAW`h-oB z?GW$$t&WHE6S27s?Ujxw4NUpRzW{+}H?=R@=CZG#YO|6nS?6JSrcH4#;*-y?FZ*5B z?N%fE9~H$r;-5fY8F-9 zCOMV-LAK)W)i4CV38HaM67~xaTiBuzQw$stb$Kh-06wYJOkl3BL*Q_ZCed+q=ci?QW5vjZ zvS{G0Fvwo|N!#-s(@RdSs}w4C1ENcuttVdn5zko>cK*n4&e`&B2cdFd4*(3(`+yq% zsrPwM+M0O|nvH1&5Q7uPS!6a1o9u1bn?R^fsHa$E9-zPaZ*>vks{Jfm)!%yNsiz>Q zqheE*A_}=e7%X&TLJ?;;Wxw45#hhg9+mgu%Ru;bu(QnCPK>vD@Ut$9%h8(nm2O=q4 za|HZh_+^+*^Vs5kt>(o%@Hi_+*Qn)q3D~uvc!=^?NYX#s;R=nN{S-7X@qdN7GX?~u zV83lC$CyuDMH~je?BAMLN6j$9TWDnrIYZMEDkAmq=b5^B3YrPKvoN%e_~v53Wk=CD z<6fBsEfZtY<4xQ>eH=A8x{QnGCmRH}a_bN)z49RMrGhi4eA7BRwC;*ei~{Z)QtgEj zEd!>i>b>i|@ecXz&Gd>gf_)vWg%Ss{QHjYANR?<|*KxwYlB`g1vHCi?oz`)fXSoI=k0 zDB!O8%%LMqWD_)J6H(PRXUvjODA)c}>_iau*Ds%ooo(oM^Bl1aSkW;amPA;ygHrN7 zRd~KpMF*5KcAB^)5D$`d`d8Gh>qa8s!93khYh_~%BfNXy8f*hruCmb3i5{Xg_WG$_f?`CdXyEhD6kHgP^);nTMuFVm z9deGd^=4J!Fu4_z8b(s}HIkjVx=|UQOP{~+?|=R3gM)l|Mu#{eqci3MB9R8mkbLmb z_w(mx6HquB2y-$mVc1feEYwr0@)~Gqy875%L*;ICi6xU#W+5cz+_9rrnv!q^&oQxj zM6J2}2O?!^33`hnh70~WaR8fpo<&yt1Rv=3 zf@5YjP3de-V(2aG&GPy)zXFS1P=pt2W|_4XqFldw`0>UBx^)0y=}awKuN&cN3JKS+_N;)F zK@nJ(y-LdDoGP>jyajEgu;x-rdU08Rl?<5s6Lll?(87DBHh5KC=qa)p2g?=h0H1)XKG zZ&8ZVfEI7s_82GaHzs;I|1H%+aYY9{Z>@pKZ+YfN2^>^TNmvOgx5l?d6_c;A;>z96 z!63iquZ0`McQ;pAlBF}PzQD!R{KJXAE3HGt`GBX3jh_;GMT9hnA+9(p_2uJYgbuW^ zVqWubRjgD7ABhr-JDWkDULcnO5Hgoqm=?>hsQt z_pzpMJaEWbSuh#<4R_eg@%>x&ZqZULeP8ujCIfD!z;nxUjaufAHxn z`1|aIFWFL<6`YRy0;%0XC34rF{|`$o(Ek^f%2+suh%rhM6;4$7%n7bq21Y}{cF+|p zB6E)%*+GntEXc&*SA$Q`R?SQ^IXF3|Z5UWrc*8u`z`e@YHi7g0TliP;4iQ<)aC5>* z`A}@6YTed9;*}NIl4Pt(cf)`!ZwPlLbYuHhz2^;tKGnW!!dHY|b{i4P{~soIU`RUV zISz7;@Sra-9Vp$So(Vx3;saSh(yQ$^1|KR-|3x0Y0^IOp6iwt()PbF*(9Q61gO zs;r^c=iBRK-c6q0bM9E@JXwi~*N$e|D-ThUZ;;PZ2Bf$im9m7z0Mwd-&X+USNbJ>; z`^;fENru$Jjhkd z9|L8(@epf6jd1sZkJD6q{U&CRG^W6%o(szGj#EQvjdi>SOG#&P${1aqOl!<&$wah3 zMPrbfz;DeDHXlwJpZRBXuzCPlcK~*8)6eqU|3^Wi2LS$5FZ__lPsKnreb6U;lLcv) zk8QV-zE0`w&?C{e9?mjD>btkA5%=F7`VC=6K34AS^!$UXvv$Yn@ON&?e5OKadP!^9 zew%c|7qw-bV;+A}!RPovm5%iv9z5RaIf*TjKimIk#{oQApJD*rIdevb{Ab^)cc)ta zY8!y$Ys0L8S2(Qh669R1r>|I5cdkHk%FeOdeajNo3Z60zf4OE0qF;ij%8K5&Q97k) zw|yv+j(yQcojCYr4LMIx_OvUBR6R8SCaV_3C;Zt8%xekO2>`aw?(S0eJJ-iQ=d}|b>8yqLrTP%iKaD0+ zM+N(`fP)bs=wqgfn7plCXw7W%&l#zuZFX8x z1|~@;YX2E;y7opPIY2GlVyWdb)qa8hru^#*Unl91s#l^pXL>_?=xfKjRW%N9(f896 z(VR2~!8s}>BocW^CV}aaY$WJ|I(jw6IVJ59 z^`do@ynE+}Z9_{G-no%yBkQ6co4#$w(2Dy)!kBO!s2h?%`{eA(+x?pD)RUwik{Pc=GfRvM9hcs7yKNTkvdOdYS6 zH?2F)><@2B2%s#2*0{e z5)EaGvkOoLg(sdJFnJ9sQZb=9QOG6ZvGBwLX$hBuM-_p6*EDf;g$w3y)`?)-VhWr6 zM(p<>Wl2`bna!;mmSN_b9YzDG*X!q;u^C6roYE#eh2yzFhx17la&pND3sG019N(jg zgrRvz`3t1SLPBZWzFU81&9)#Q5BD3KhB?X@TrkxPeE7pL0C_chH~_IESb7@^iVoz; z(n~IiflJ+X%qClRpNEJt@{sIewhXe3tYu~)&>5seVqGKn7x=qU;r@e(M2DE{!s2{& zj(;9Zyl|XjhNl>Gdlw{WO4h736or9G}GJPCEdpV9tqJ(&os_ zrG?v(Za1QdErz@*be@L5{}B_#3=t+P0(9IECN1=4!8vjKMH`X&ZEIJ%xcuf3%@oDf z?y47Yek@gH0UA`7G}w%YtuOy|aX`u8moMYW4^t**F4r<5Ys(|*$SPd2 zac#UX%JPKA{H;b;zbkBdNsr8&8%`4989T zNRLoGqSzPM`0&TnUJ_i@_8@Al5@aKa1`hXTIcUt)9n?!UPqc}}>0F}VcK?MiaFtnS{lK-e_955FyH2ik6>324 zZp8EH^d~e3AP>5P9SD=P;RUuojYybtuPEMtSVcnU6D1c0&mYd8A~43)0WQvll&Yq} zMD1Ka09@556(uGQVH6C0f7gjgDMktnBwQ~>Xdkfl!cV;dLVWJH?nR0z>!44Yg=wfk z-0p%=kgOC>EBKPN_e^rZ{JzEg$>80EBV-UQnH4z9-p!3zIkeG<)(Wn^AZ=fC39i!& zLDigbFF}Unm_msw5~57DfJJzH0>Vu>J<3>!LyvSDh`Nan&k*Fn=~iEQDj)(rVFrw6 z!@>F!$pFR&yACt5uXrVCV9%+xNGH~<~ZwO}cge<=#9&hr>_l-u%oRyH75|TYIksKuv zDQlgNa58s(qvb4kLK~8Xm+v1FMg`@rlVs0g-X0~?OdtnGYkxZn8bT{v{85e$AH7cZ z5IC){REYGp+Q8-wC~dRWCV1sIw%mzLZXb0sHmKv@0CV~Qp`F5qwLfdT(JA4zq~!B| zQdG@1yF!;?9n-YE)Kax<8dI$AB%&#Gc{xXO%#PwZz$o!n9D0_?ZuRnp4}fcsx?k6G z$KgevRzK2oz1{OC9^-aOckZTGz(iTytve!fGP`Kz*<5&e^LN`OC&u zI+we+g$jP3H20^5>UlcJ8WS&mB_F8mTvV%*Yu5{$L0K#O^*wCw66NrAG{|yRn4g~uQ*tV;8`fg`)&z}P@@lj7^^rvIe<=-PJ zq#865!SSA))vQ4DIkgaE_ zydV$}ji5Z^VVZ>+%BfLoDD@7a+(F74PReb{Jk!DOC+8rZ)E0PNIqDqA{)!7TaX0^A zA$MxY;*)Z+nA*E#_8FmZi# zdoU}^N*b|Zfya8X76vd9HQQLX+9>Omi`o<`YQf2n1qeeH2w&n~El-%7g2}uyWIFIa zm2bL4Yw}RNgL(B2s-YulNK`sbkIua$wA2hy%&@>pao9qRITRK-2Wb=1V-ana=tN%m z=2?^8fX`TnjVU2n8=-}8%r-P?u&#+jAp|s+f!Su5I-Cs6^#~Cnu$NrGKJd8$W=@@dY z8TpxPA&O}`4dx_r<)cIYyiWZ&Ojc5lBH5{{K&uaR^pz~M1*erOrp@t$${Jj+k^jC2&Y~y{J!h#c04w9=`*HZUfZ6?V1_^K~+}e=Q2(+%Itr|LW%D`LcZ+I z-8Tk|ZJnwMPQ@8uY9DMZqp;*Q2HCMo3bHlNx8K5eht9!hRctlgK5qIuGLMvVUEth0 z+kR0R!=PzuReL!sF@aw}3kR;h)a1W73hlNr-~X027S3TiY(O@W&O_#!?Xb#MB&}Ig zah>2&^o9N#^RA68^hz2{aFXz^2Bw8I0xjLp0YR6yas~LELem`L^f4I{XMbFca+9*r z?#7ewx@5R^NJl*)lR!=BElLsl=3u$H1UBFk(k$TnjC@YWCXmiEgG*kqm}q82x$n0G z>0lNe#3>fuYcEB6rGI+k$!Uvn)xW^V24|PG7a!CUPUNjm61-!M{P!WKT)4e2dWlm= z?XQBHN*FD@d`GQ@R6~&d@x2mqyQX!Pf$U>Y)O*xp%u=s!(0aT2C^3yb&c79QeX}%c zFk~t5X$uiW9HDd;Ix-;$Gn_JSfx%*qa(4a6ROD;(uZC!Ekz6AUxY^NDK>F9Q|T46|nwcS&!a>8V!j&NK=Ib38Zr*_0*Bj0FcEd(6La5vWA zz!W5gmQtL#f;GeeaO9q&sa1?@Q=G*%hR`DvJ)t5pKVN~V%lm-YuuCf=o74{;W;7N| z{X>rZIj~YuHa)(it)sgU)4kKUSRv{m2v_$mv66F7ym4w+qpC;E<9(}<_`GP~(IM4d zDA6)ty6WERKi8fKfSydxNF%uCky_K^q_*^cAFEc!5XFL~^+?(#OUsCK|S$nry;hgkJ6u+2roWB3ZIe zWE?NPRrKN%oMR z`RW^#9LKB8YI3R~JBp?3W%bj?ZPp|b$upaPN1ygW31aFA!kWCo z0qvHu2lSlrW$1nCD2d-)wBg7OY3X?pRiKrVs{Ypb@juXYdC6`r&aO)ry{}5;(De7V z%FICBkd7Zt*EiCM*E5|F@c|q%@i!hO-XuC>DQW6L>O5FmXH*+f77@z;e z@)ZNKvREcJHPiw2d3EI)jP8~JqpBwj*UHzL?VqbF6r_GsJ!Sm(F=vy{3Tg}7N+8uv zDE7J8O#p3~G)be@sLh6E^`?v(Y3O?JNma_=*i1k!ly_B906gUEzU5R#Z`N;qzC$Lb z8AD;DA}=`Gh8;*bk7`5=&QO&2W1ovt;)ZiBwPE0g$KhHzioHUZ;C9#!o2n?bV+_~x zUnvI%6W?moI}g>NTOffFeNZIl3l?Q{maH6Ko1|s_K|NjBR1V2wI=vL`E7C=<@L)3)(bDVzSQhf`b}3?~U<#62tB2_b`|~lf4N2 zFZ>bpCH{zXbnt}8f76AUsQ12jg_mic9w^@WO65J2zuWctasZCr7c0)+W2HVnk~C?c zgeaoQSj`9)ygZ+C*JySmv)R*FN)R?F}%P_piVj}WNV960WHvY7z8h{52 zYL33f{9G^pJFnDEU0tLJm+l3-!sdH2k7sw6o5$lrpC9kX(P^=+h!DmB#iV9se!Scz z2toIIjBBs2%H$(qqEW*TX0zz?Bc{!mOQ#sxVaJU;#U1k70S*W2^_sxndsX#4Cf%kG zdHykD0M;Z=Mh_Wk$_C@B*2m@5o!bG{3HBSw)^0sfm*EF+#1c(T3wyzSuw;#a1&kHa z_tM`^fgR63b0(V#Gl3U$UBk3ou0ri=G2M@-lJ(Ua0?y8a~qQ<+%gI08V5N`bl4A@_M39#O_C@ed=7q@ytQ4ZXc;E62voO!K#G%_ z-|+kJaC}(aj0JyK2|B1~|M~hDsArCLRD-0wR^4Qgy4Z>H|30z+>|UL3QpgcEwgw)< z9-{vbdv6sShqho@idnLlEM{hAu$akWW@cu#n3>69mc`5rmc`6qF>`kM-d8VPRaeZ^ z%tZI}M@8gM{$)hQN!Vwtz2}*QNg=L3%2Y~FH;BhIB4^0exb{a zYGS#yQrP&|Br#VIgXW2#JCCGEaOQ`Uj=HJiz`qPRjTWf0Tp}&}p;$%gGrOKxF~iuV z31;0UG)D02*Fa}OooTeSLTgiT#yneCO?UJ{)li6}b^bRck!Fw&8y)WtzU7aRHfi3= z97xh)ZAu zA0?`I*dDZ+tc4O91NPb2Jm@n*4<9vgE032)Jn6Wx9Q0dQ<98L^G}KdgR#bl* z0#ejUJ|zKc$Yv;n>x4hn&Mq&K@BKSwo<2=HCvz3y*XtvKI~b3p4heT0LQ>RZ< zDNw{&^nrd>X5<5?02U;QbsV$vvBa6Zl)4viCBi74~h3 zZd-jw-PtO(GN@AdE6+j-J6g+CUEt70g1%U<#5p~6qen{{nKlgS6VRAF1IIHcChU~E z5?{;G-bO}^E58eoI4oVo5(*~jnJ5-{OfH4$l3*h0hd6jL#4|1x6!oOFop^fbi0es9 zMUKU{ce#pP7z@ck{j#MC+MH3Mn3NDQ41vm;*bBdjpNEg7DG$=HdrBiSC-@Mjgnsl3 zo?+Jr{9|J5F=)sC2Jxx(ZTH3~_+8>ds&*c6V-`6)kJ9)ea;FR7cxu@j2jSZM(o|8W z-rwBQXQ%7UA9!sJJ-ufmG8gU+{mXbJ%s;8_Du|23BN%I@(cim|9kKD7%^ObBD*ZHI zu5Yu0@DmWKEAV9-0$iM>o&nxB&d<%C{i*X(X!J5$D4qKwRp;RTf!xkO2qgap+7^~L zvKrwKjBW5%ptz}5N`zg$2yYoo5!X~DK%E+yhNj8U1w0$q1KSaaVgL)hgv6LT{FH4+ zc;Xg0pWnr+jL2$shNQC68T&2cK&0s;mD%MX4rG|NAR~F#<-&#BEc4otq8Zua9&Fmu zOtfb7U)Wmo#G*Ymvd%^cFm{~B8xiq&7n6aHjj{FW*wu8H9zS+YEb9o2}wv} z?4OZ77ybD}2KKz(n^AcWlkCcj3>RNW$ywIzpkD3++j-ftz&}ufKK2DMI_Hw!TZX30 z>a%*MJjUo(6USqZQcONQG#M=f3WDr!^V;x@7auCHhZ}7GI?EZ<;$`4F@5%>-nHF;= zR!%v#jE;&<5mv1VM#H)Ie*jL4{Pd_w)CD?P7T9GE(u|HX4vXar@wq?*b+`0b=jzG% zNfg$kD%jb%nwx|fz-=oT0Le-AvVm=1LTI7X%$vL1+zDTqKR^c4mi>u9*1fV3A&Ead z{iBS&HB!$D&6IIFlU*@mC|QCf;aidH2@y#)OT;3KqafC@lp#kf?14u@z^AI&503zp z!HIfrdNF7c8c7cLD}#Y@&j2v;E6ZLzD$F=51u*Z4gnmz_a|dzq^7?|vp(b!j^5}dR z_1cULN@C?f_QkofUCJJ!2%frnH;QYlTp9IoeJ;eP0TYB&un}xNdQ?(L8Pn^s%*(0d zWHX}KYDccSL5&Vb(nHtZPr0NU*%i3pY?AugbJONQ-r`k?}<%pi}*X7-4!rzpVrOy+y1Xm>eb zuEbLbn<2&B3LDK=@GW_E@BvooB4qlz9HHzckHN|HPHLZ!9B7)%Zps6Kf|Lc)U|%_8 zcS(IfnX3og(f*C+&MH2G1&%U_&P_Aiq936}#==hqNwG}_9`oOCx)~eT-`1e`ykRk4 zkaBu}f7UgN`E2O9120Odc;*-Bi|xKOuK#ST_+=DTq7x;dC3|u@#(c;|>pn;>d0iH^ zSHcnactb|;$slEUXyoFHA5}%mX3N=X$E)mj_cw<3SpDzBR26O719I74h^I+sXSeH! zxP5VmW_T&StYI{b*?^`(ZfIbAjdifi3^3?oUN{^s!Qxx}P_YMe>}-2N_a|8x=lO2% z91gs(tpMCxTBIKU9}gD~|F=nPLNrqRGX3zSk$FAXS#RHj-cDZo1Wt`sr>n8{%R2pr zu95-c^ZJbRg{5$kTNo{O#?H0I`&jOKmR|8f6?lzddNiWFxVB>QabmV;!((^Bm+Cv; zP~-EgOH!xMJ(BFtR*CZo#yoQ%O!k)mYVRd4 z#rJ%{HTZ(}XRL=nXr=%Pz}C4R4&X;mN878&=x*&3lh;K1YMgw4Pf`fKG6uYtnxMff| z4p(dT_>EDKyLiQ%j$ma@^G)}6$ik+cc zFGf1mkNbC~U?_a!jy){yImz1Kq4dSCUyT^T28Rfv;3FV0e+z z>Mk`KF8Y8w16!h#ny^d8KnJdqPEO>U3EtFI!CmnH_mW#z0!FG3xCfz!W;<1V5a>yg z#%!H^1iDx5GCnq-0G(Qd^9gcOxy_U3#YI8s^K_cb^f4o`nm6nQ&ByGz-w}V1NIXXpy$J_hYn!> zn0pOKy?u__?)faa{h6`L*K#Y-#+*$mk^03q2+hu5aF1DXDezH2ap-$~&j94=N{|GH zm?)~zaGr&mDNa`J#V78%HUcc{wx-b$^lDg+yNgoeubAkS#;9)Kmjf^n=5Y33xJ$0o z`F*ggMFp?eX0KUxA%CP6A+(lec!4roRlhAJRQyyCZhg-ulVOCRPwqjxlZSWvpuQAO zosC7piiVtk_*S{B3jDr1rHIt029P4l}%Y7pm4q$DP^!>-RvM!Hjn09`;sgoZL+b)9Z@dsAi(v;wAh!26b_t zHwPc5tND!4d;P5Kg^X*$2A+X6>MW|ftmt~2-#FVKdo#V((;y4EkZL6*9wx|sSM!_x z{(K(p&4AmHIOtbOK|*}(JI)rh)2(GhdF2{&dnPr54`0`qB(8qQIr~k_mZsn3Hico0 zJu8d>p9Lh)+yi8WT20N1f_Zx07f-Z$*Uv2L+#*h{O$H+y!OYxsb-hCNAgZN?1)*Wp z(X@Iehp4^kufa^Yy{^~n85i4%AYZ~(`KOcVv>3tsPb384gmn2+cA+`q0+6Qtmp#UE zXW!L@Kb1!*ibhsSH)J)^O8YBJN8**Dhdcb7Sq9XOX(nKBoitIc)OT!JuCd38p9z|u zMP%iMYG$HZJVw*cl2JCXN@z;eY&9DfaGUL};N+sGkrvEReltn{isIm=`YdZHQ6x?^P@UxekHP^6R@A@=)#Gg7};$S*2 zcke{pd!4na%{+ZjO1U&8DyiE*$D~V?ED|ZfT%h}zNNZ`y96p-U$~om{rZrL;S#zVG zf*gd*7b?XOhlq=@@bj_G+{MS=-{BP~f{-I5Osr+ie2dv2KKvB~K6Ar1@;Sw1yfGh2 z(GF_-4!bK+bJX9zMSf?Dn{Mmh3*8oc^s1%#AY9Y#$eMZCGW9Xr7MuYERNW>HEIy&c zWjQ_k`rYbt5hQG0e34Nwl9kX`DvzQ*raCaz-6duXO2&cIt8CI~w?(B9!g@ehFrp`~qXj`C<}(}iyx&n$MfJ_x3V1hNWPL;~rTJkU zvFHYv>ofW6F2@=K9f~kHxP3$pKi*_B^+GM_*p-b*Qx;dr2NyxwV=|=n! zu9krDkLfeGl$eSGa*3$n>GU6S099?iykaBkrF3lvKVjN{dxpkXI*s7m_xzZr)tE>R zrRvwzijvkT0Od}{|Y%I|#*$VFy(U>5l z`W?@jupr=7TqcaCeC!7D`iWPKpNui>R{Sf9zLNL2l+zhj6Sgz4OU9{Xp4J1eaF+*{ zk8BopZ(`PbDDVzMT45^3G{)ZFC+CBa;{-jRr7#+NUYw`9YESL5Zb-tEjSY|v4B>(W zw|>7)_!HcGEOjqDlMzoz2ZTNP_bjc^9r^n&cuxabljA-EMxsp|%As&isn~^O?hQq| zJ$Re?e}3XSUFhb!5Are7rxN1ad#J;%%yR};1_3>UtB65rrCXX7A)#Y<2zWojTc61r zKO%nXp}(koW4i*JS4RQ>i;Ihu<{v%LGe&2EQA2=tT=q`8eS@_DvFJ89GK6U^?zY&m zm{200m!OXMo~M1QR=%_aH%J5qg&-dFR|OEyXnFl69Wn7~7NWSGao@Wy24k$l6@7`; z1&M^5p0OGcL&Bu~F;N;tZgkLi4TZ5pgIeU;CEXXzCc1tk@rSjJHEB?bHi1ln{F2W0 z^+Z$bQ~c<~ns3w#vS;v;GoporgX+5&tQ;igzne_yrK!);bUE-^U0Y@{bH#iKNC5D+ zzYDMOUf=bG07Z{hN17k{!y^R~8Rf^8zhM?p+s`Yz9mk(+6A`C^_nJLuJ*^>HtV}sW z)^vz#gaeZ%_aDLslN4tdqXFx zV(nDEFHE%^3L~)&V&;hBmJo+{Q=w<@2`gKWfszE0^dB_Nu?A=WK z4wFcc?7GK+DYdiTL8cxnT6FcurKmSWvd2}wrtb|J6~bo6H@}udH=M0yJ8XZ2RN-bv z>*c;F1533-zh-me`;uAj5~!C@K+7k7H;cp13{aY(~unFho7@}uwi>TrCHvg2dS*us?QnkuGqWn5F*P?4RuV6 zz6Y);!8P_1KA>iZDzBKDXcCxok2siRkswjRPA52^n{VYY#1qyX%wZ24!Yos?NMb;q zffJ}ec<7bT=Q}tql%4zT3#i~hgkbc*@m&TFia>RPM8vEpVJPO|y~~|D<$homIfz7^ zNvrKr#c7ypbjC9Cyu1qMp;1KeU>-?YC@*@_*iM&z$ra1qhmcS~BGAwhZ*u~KtB_d< zjS&-<2c!+6FQR>oXJ?vh2*Tth5N$WSW(cwAIi*3*1*$~+oCEoJ%{~!$e$cZ*Ox*Zl(EzYLPd?~TU+X%0`y}&R zMX>LgdKoBw!bC}$i000OZD>~D`vi$oEHV{hfBs#wNIkCyzb!0CtKy-z1pz@5GDJDykB zw_w3xZcqfyU(cU^LWD{oWcV0=eTiibvQEUhygeHS^svc5Qh`uYcxn+_PMy(kK^;>0 zBOIHII`7oncj$g%Df&Pgfuu14T}QxE+jI_^az19$$qzBm5=!jKA1PIsku_cCOmh^O z%~YFIfK$!<#juNZH^ay94FKMe@pVZL1V?k+o@UgWiwp{~rOP|x{_3UKpD^Fo%|$r7 zt(Tb;@80`cB9ja$E<_*ve%v^IEol;4O)VdTgWl5!EV1#v%CF0lA6d*ly=NNB{UzXH z_f4k0 z*5mJY=-ot+V@rO6mLbG6@AO)bar3SaNT9M`c%w(iB2*R^tP&I?AJKRYM3zbyL~%~n z@3;MMo=e{uJ zNHil1UJ~^c_G>}(eYj@{vh4k2B7kpd_~6CQbe+4vwXYYmGfDjb%S5t@G4C14;of4k znWqOzCsH2N^F~1fY%B6AftZKOm<8T3M`;PN$F0V`$rhJ`1Mca8`!?FHBC&zQ{(RIR z2`9cw3qyukt1nT6OkHGc$c!tB%UI%`y6J~Ill>!}7Pi3kuHLAGtr+p`jvG5>%qYh6 zdYj4E$@C$(a@RRIz|rZ4u>F@+V5{c-?2md%b$PD4gMu=~)DpWIBnB(SQAs*}ut;rMNlNM%VhV+w6Xs3Cd81Ep&RTnv zP5!Qdvfx9(hxeSGrWLLX>kjh^Vi3a3nZ31{x-g>m()&J_pi0b#3-*veeQ4js#%blHY%zbD6 zeBVZRw_Y}*q2XUE2^Yph;fW`Id|;USPRxdEpwqH}XaXxi`2!pEi_CWIV*Ni|OfUH~*ultdGMi&a5sb zJj3Ygub+DSFfPtwM}L2WU05F&ZvmG5hoHW1J5VNj$A?I9M8t>e?CHTl;Wc2l4_SP7 zYBg8~b;nfu7y9kC+?l&;aQhob4a7aMG3W~um_3vOGKi#pEX~-U@L%j(6DBlSdX6eG90e} zqbVHqY6bU117+uxBtW4JK2igKs+0=78(8+~a}s!*D0W}|POD50?~(iW$FUB&Y@uku zHN?*zc+l!|k+^iffxz6&kIrfLHAYV`Z-itcHm;%_@-`AH8(b0XPvo==QVgy3x)3qZ z+2!FL=D*5f`sBW+4w9@;keX!Ai2w?l<-Qy4wzzFNAYA+S9;Ofct~ z!Xt3<4>VC+x%PYwu>u`oPb<4Dcv;6%pxxHr^HO1Y)k0W@#h0Fg)(6p(6P7^6vz%P3 zb&R+cjQj%5LDuOtTNtP~)QjkP`aDA%c*JgEs%Ma?ng#G0PT!|C^0DrM1nj@6LVq1= z>n>JoBBt2l3x#vs5Va5)li={Jg3dWB7~E<_L#xv^5H%vy8Nq&caB}iEBX*4EtHJe8 zL$Qig{K9uD5=}DJ&Ta^RR9lcw32DmUIjGct@(%wEFR}j!`|2wT?Ai4ZeLC-79kfW^ zhM$X5#f3AMh~>EiO9&^EyYYhBnrz)>Xvl+29P^YU!~b@mEX0W>eOATs${iu8HON(P zi^v;E?LkdI=>LTU4NZY$(mPV+DHYE@c7>IKK<@nE$EqTa@|A8bYBL8{USU$)$T$8m zgLVNlt8zFAL-`#BA}aqe zT#iK_1Y*;ApJ8k0ZlB0_I;EazF$5>j^WEa|D)<-<%+RFDrYd`Rh;E#4`DLYNay6_M zeMl`3A&6LgA0)@`CO{M~B3ln{IeYcF4@mzNZs#gU~mkZlb*<+Ur+IY$Tpw4A12K(jq^Qy;iW)^IJe-W9N8Ferbjy3Dxw? zvCE56koOK_O2jpkPfX$4W}6BfF2w|5;r5}phpDq-OHzZ1Y8T>S7Y+=N<)i{v`U2*`JpeRY|U-CYg2k7bsXk^$$=G=7-VWB6saQNiZj^ zxGa%$v4+JdsJ2rbw??Y`>&3ptjXBmp&=$`hk=rxiLxB>EyMt^jeV>hLxbdHyV9FaI z@65**@R#r?w&3TvM$GU+6wS>)Y#>?gE2m2lQo4Z~xIEp@6eo{pXrZIrx3Bz9*b;q8 z#ane;^6=XU20h#A$L%AL2(aF6*R^snN(sbn2V^+0%R|(9g=aa0a;W94qsx0rEytig z+u8fBXh+f;kZZZpPs~~H^J6Uy4Owb?BX(R@uuRxU41t<`Ue*)9jm4)<(xE%XeVgI#DSH-%x5f5xiM-((%CMA)VX@5ej@woSo z&CiKo&^(;MwhUkmsM7iSlOh*t00Q*h2!67XCXU3+t16nOoduuD7@6ZbCH9@7JqitAkU?CLHYBzA@NX0bj?^E)n$WwD#?1Tw58t4CFZ^uH|H2i1wb}Xos zPNqzTMwvE^@@9MIf3UaFko|;M< zl8|NNa{23%?^{Ogt+LI@E4yS0f&C=7$Hq01cIsO#W{)3`Wr)w;QWr2XwpL9lU8l)p32ZA6&A*^ zN~N(vCZc`n-AnNR&{GT4dkZ#|r6$~LzjM_2o+RpDP@=M>+O}TjB2A1kE+Id@2QT)1 zfkfCSgX7zhBDM#u7IW12#W7D`a#aH;mHecagH=z6NevJ@eOFh`QQC?@_=yLYYuxhJ z?y5dF2h^4Tb3}ix(C;N60h8^U8{CA}rr%P92owUschnjfrc<@7ROr|6mfnBMP6_f+ z&(o!x*6YU#H1xR^>)VfnAe;bMK?2Q`+D2Qx_(v^7CktCdtXFL~hS4OuTFU;%bg@RL zCj;#osNFqKR;6iop4XfPp~<)vlPQ^B#%Xt!bsXI_%+2B}KyJ`HJ_a(thA;6*#=3pn z<26VpChDYv%b&5i0&P_by zjgnnj6)Ye1p*?HK7iZI1IylOv-{JpMd<^4MI%gGIaB|Vg z?mlJBQ~Nr`t7^AKvUnq3R@>;oho7Q$RWDYi z-Z?>G_w4C{ldsaRDtb1I!18jA&m?Y++4_nbNpU{@cizd}y1K7BM|(+)pTdEpVlJaq zA|+60MvC+MSgJJ#+5k;aF#I8(K*uYsk>71G{&vZ2`F|yzARrPmvNQ;H=p+4YmA8VV z6~Hjn)k}gKKg0H^ z_9f8qi@A;QNwm9CM@i%TK^VX_)i34!@0vNmmWfJWVVZsRZ~+Lz$N^SMz&l>Vg}0eO zU3MVEcrSX^X!I4HeUHIc?5Fi@vJ(_VY?!L8-u^F8S?lVZ=(?-b6JAc6}f zIuAX-=mS?ZL*{;5RUzR}oA541Wq;a0eFA}la`MX>oprm?qP3Tr96kS?H!J5!A!TBO z!|RVU_w<-jrf`>n$L4d|O`pKDan6l>fxQNiBJF7gh58s1`- zjbyXJ+tSIKI?k`eoJ~xDa)pbVuLT|`1op9(PjGmfc&hZP|3v~4aO=?Avp55G(6bty zFL$%`U{`wvSlC+eO9iA}Yev6OZuHO)=tgy5U~ZQ$IMC-v7$p&Kx- z>buuGgMNeCB*2PLV8?nKq?3p0LGsNsT|^nF3p~?zGHZ}d)G7L^t~yX z4LLO{6(+|WJ!z8r|5{N8Qky}}5#r-P2ElJFD_a}XCxDkO_1fHn9#bFb?77(G+AvU6 zl9!y_{7qTm^aC>R()pPGrJg#T3#>AF%cFsvZ+Ip|Q~Q^!?+3L$Q6HXypIQOIGKo4v z0cI;Tabd4Lk5-j0=P!-_r#N)uXwl%4umKWZFXzXbR*GRy%kp!m*R zQ$^&&QE|~ECndocJ=}fVbWFHGMBIobg5pZqDvYh)q7a`LDYxLm0ArlnJvUJk zQHT$O&y-#AoGzlGcz(IjZM0#JEcu+qm!?dEd0lD3jzb?g2iKvGHvmuCV?wUDMp!Yz zO?<^T{?8wB{r&K}-?kC;_+~!NA(z-DNgA%rXRQRc-w5%~x?Zn|S|e8<=FkBhjUC#< z{(gTIrvNVn{%2KP!5XOyBV$(s6O~C!6|}OeF<{{eug;2w(8JWHx-`A$rJba<#l&F+Js6b9zvVZ&*dp^v}?(M-X8 zd)xz|tojrIN-7DR*2#{l1F<@PmyK@dQnMPn!qGA4`9&FZOl~np?vst2#pkjNi0wH}GRi@2}e+Nh+i0B5Oqt;g@hCu4n9qV|p=C-73ams^4%aQbI_z{2*sf60@ zh|(E4f;2}8DI5CdO(d%xAr6>QQe>frRgypQm!gWoqoW;n;(~i_-gly*(Ne{bZ5h_m za?K~0d1^3sq3|{v{m!2L66c&do59{LIf@#1RIO?-DqrQS8<2=V{1c06F}3 z_vpV6lKB51B>y+}kNOE-mjsuziXP=mx20Rf$^|54sL(T`t;zk+Hg`ulci@8S{1){c zhi7ULwS(b%#$$Y+!NCojfa>ta&oce&|AywPu1 zFo|#flhi)hWl$T8<2PBxe0@vClnt51i9^9$4U+N%=0TrK3iV5Nlb)$gN_jAv*=j|N zj?mPbYKjCNDmwE9p2(a1atD5EP?G412BO!r<}7{Z;_Mve?JX)sRwFSD2_-4i1W;8lk4lThxNm|hQj$jqe;9{%ngq8}0YLMB@tT3p>9It6r{c~% zpcK_&Ya^Y$!M;nj^bRb^ae&~42No?Wnz&j z=X4MR+f1>*AM#C-IkZb6Ow%wu2}8O$xt2-ntxqMrA&DcY>rc9GKIlnnq34aK?uiyu zM7*-Gva)h<+37jI<#TJ+h!sW}&AfTKvsBxkvw`Bdu{G;k?Q`}@_*%Q%>o*R^Vi3f; z1W4JLTUz)Ws3lGlHAjW~UI|N&02-mDU8GyNi+k=xTe2!0&tljlj2$Dq1p{X5D=t54 zqR={^_+ZR`f!>11fWJ&j0vZ&Om{yC3+_E&i;`|h?AspxKFtuB!dLX^-<9aZNeV@o#6paHPki{eK9u zyVea%GSPI>yhowy>;e{!(=jnAZXnaD{}lFOb$TzN&Z!}* zMi3?M3UJl7_vQ_Sa0p%cHL`b&ha-3jrzJrnq-FvL9<-q|zjoetqwlj;ozH@|K&mDQIEBP4XfX#?_?uuA;l9LtyBl${GO(b*!A63*SO zcPJXJ__VtLo?g3ODU+{eL;KdCbU4(+K08PAxI&CyUz_+>rd&QR^xFjr6>mZOmy>In zgz`%C8_ZcP^l&j-)(z$9kr)5Ss^A4rlvl%q8$jn}56iwc{c-TMr3b*){v!Dn(7k%{ z_`gnU-vbz5+ID1#C-&^T{tytW9iW3%CtH(}?1g^PUqN=`f)}kJJG;O`0u-Bqhb-532FG(e*ln=oF4LPVRs4A$YuCBIJ%bmY<4)o;1?rMOZd^pG7o_rRG z5w;|j`yWr90qDs)wg5eOf|vRz0_nk)@SD(1pK(2y?bp1aKUJo;*C=0%UcXAZk$3iB zeA(y{Xh{LAJ%w-%`TxG3xF&Re@Y1Gz1_x;ta-fQIoNh-d9Uw4~a;qi^$SOcje&A;%Q_(YU>F|wp zrhzLm@_lw5PF(DkO|)fDDIw=qK(P^pHlB>wVGn;M+%yBivH24IJHg-#VO5j?&*x#F zC*M9#=k;Ome*Co2$=pC;40NMMtxsd?Pd z25q)$qviTRDG7r+rXPqAJ3Qq%gGncI1O|ewu-u>^zdp=e&QS+hW0(!5j=K`Mol-eQ zd)N1k5_Pif3b3Xq@(Oz2D;m!fay0x^yaFZ3LLuPp(;rQK%2A+%0I11Z8CACGOo6O$ zWyW3`C;!pp(>?!a@;~AKX!5;(Y4TFd#lgH<*lPNue>8a#T2n`$CO-|-x25MJULT(>xYOHQ0u$}it@*2P?^Zjtm~uf?)p2MH<5oJAaFyskCg-CBz5b=i`wA!5qo+v$SxWHz;j*5Bg`#8K z;!I`IEbFO2?*^{h9V_yci3MhLZPgq?D`7>Yy&) zXG_z=h1~YwchiU5c6~u8npZ^gTZ^}`t-rEA3OnHD!rbGDTCUD!dd#k5yG4FA#shGeyrze1R z7t6=|-uZb7V5^I7q7TqR`zQ#1cwY@{GKD|tkuJJeIk7#-@j7C#$B0bZxi&iqyX@Vm zMmczY=r%wc@LamE+v*Oj&e^z2ia{+A+v&U{Vqd9 zK6ueQmiU()lx_pODm!}DM#*U6MfXM?4fDm3QhUJfd9YlWuYYYgSz>j^{Jr5+OsTbQ zPOa8rY=2a5g5Ns?+;H;wv*83CLKrDZ)5krwzalePqnf48$MDCJ$As#4m`7DVs*ZQ; z+@>2t6N~`XCI!4^?Q?YyJttJvG0^^KC|{iVu>YE}sqw+u$9Du5gm|;{)xS0xP}i}s zr90;Tcn$RAJ&k+35PM_EwK1Wi#`YaMHDLO5%zRlqzQ7|bBYW*2aT&_FeA7zR2(cB< z6XZ-Q9kQw$E$AT^MW%)pGXZv)_EG=cWx9aYs&=h*nVIxgm+4nmQ@IiP_toB;htbR3 zeu;Ai>LQPpl|Q1q1o4y<0`Xs>{HCZYn3ip!+{VpTXVgclLdW~o=OhbMy+J8)J4K0s zk1g*`-EP3rn(m4J#gV3{1lNqzFzM$TV(}$o)S?}>Xd;WMK^hfcL<|j#h-0PD3!#bQfA{y?3_TT2d?W~-sIAk(;Ti#) zGM&^BjuIqlRgMxk2h*lW8T0CTlIS`e2;N6DMFE4F>9W*b?>F&0XUkWguboHW!Gk*Z zJX7BeJ=A|Gfc<<&X<9vB1YGZYOtge=lC>(~%RTzLKmKtgH#aY&KYG&4t0U76&nD9A zNK~7GXcB4#M>VFL13#IPfU11Ks9Ti**FawKTh#URD*wRmYF6OIp%^I1^P(&)tRnbL zHW07cBs04p#expg7DgoRMlJ(G;9r*`C(9z+3-DZ}5wL9}#-5cR8@YR(N4@II5E3Kx z3LX>~L3quHOd~AvZLr&7zNoBj@E^E66!T!mV?hN0re7SZh{|@!!e4<4R3Qt*%mxrA z+lejmo$$3+Z2XjMgxQr1q8wAhT=0^zVBBLIhx6bnXyb>+y*QxCWHwdeAz;4cihUl8 zOJ&qrxK=6eGsZiPqs&OGGm^xhYcvsg15lNLKU{6Fp^}Qrxp@lb5$Y=AR}R2>;gZw9I{pLX{nHa`EMz$#=LOfO`VY!X|v7HuV*GK z{^@p+qr+t(k<=?Z^J-v`sZ~`}Hn7OlMpz?|h1r@ZgoKQHtn9BM(}6!lrc5gJb&$iP zq(V_uox^@oidIMPJc$^87n$nM5=&G;VjHCKOTJxZ_COprW=o@Lx8dNQM`>WyebK~O zMOhHCz>F6h!UYzYg8x-y3Z5D|Gv|yl`k2v5`)qV2TX`bJEQTYdz2>a|dFM#3+|)0m z-j|>8ZR(Lyz=a7NPek8^eT1TSZoMWoJ>tB5wWe`iso|Q1Bh&1dO~uq^E&cF96gN0! zfc8ld=T&AT+HAdSIeAuK?GbFjP8f_)yl@T_oqfbaonUQWW!w1w67>h+}_;?^$5Kdi|dM%jjsyN*Xb zaEQFfsECe7D(jCVA5spK7`I?wJ>fWAdk$Ir|*f$p1v%-F6P zx^rOD(92C{q`cYEA&n|w??`-SgN!jynQHBizn9@5Fh*)lJ+1h z6^57A0rZ|hEdN}bqT%_oIOPXyGFAJ#$uwGfjBcR-xHz@`uaR%oA4^{2t`OsoCI8`B z0JP*={$a^u7G}61TAQRH@w;eM)RQ0Uv99Nu_-b{%O4J^?r-{MX%t<-NKOL%5+MPPM z>3suEPN9p|7M*$iRb?7~lO;>GO{FqKPJ+i8@wH>ukD)HUz^f$`T1|gC|@xuBl#| z#b{F;f2%PhOU3*jWu}rvp3x^1{~VpVvjL7y(G?7xRXx`3|?p zM~Kc+S)dyq*|}rW_w%`prEL+ph27%;mF^D9<)iqq*gW2;v3?(7HN4?eR+}?kOgQ@> zHCC+zRU6^Ji;HG3Ii}FLNkDEK!x2^)ufou?Txy$-2XP)W8g=byId>FG%yr3oxVeil z&Ez5UvV`%;>@@h#>Xc5n()J!52qNNxbK;x?fm1e`2waDVA&Yj9X#tfDxcEOz`Nf69 z)$d0ef0^?0Y@l4d)Vyzmb&Tg1KF12d?>#+TKhzok_V)yrRcF9&=4~!{C*bN7(f%Hu z#8{}h(5Kh|BBJZRR;M(Q&^3IA)R}9S&70S^b%3i==O=6u^m@%4)VdeRb~C`$DV+<` z67mTlS9Y zTc>&g1ss_SV`n^LV0BJ0Drc?Za+3?EPC9C95aFRoJyD|&;d22I@}A$y-GyO*FFGOn zaJgrH$u{&BN1?Zy_a|}8;eO;G13nr{E{1801X+|LUcBJPWyoyE_p|MB++w)T1A5nM zi=!wXTMKSdoL-AnRx{|r1dtu|l-Bcs>P|2%ogcAFuPE6J-9_faAB?hJqU=BrKM3D9 z-BtkJ)*U@Jfc7+VIh>@YZD|2>P0QRPhhn{YrTv7~dNZ*z{CxQlM_D5O&Ac_O zf^y4+?$(&TfvHoi93m%dktQC;OGWyLZ&ak{+l)o~yNGQhb0Ftju?E#6WN?-rJkwHc zp+%sl3V7k(^G=-08#y_)BjwvZyq1_04xSAC$v3Z>RSDLT+o^EYO~cJmg3uuRNT&`$ z_gH?Tfx)wEQBM!d$5xfoXjdQ(Rq~el<|};jA;;H!omlFGz4IQ(y1*;Zf3U zs^POHrC^}@X9qB%s;@eTaee+Y3u>&VD2bx}z0O&@pqo&x=-b-+;P%*ie9MTcmSqq| z?F&EoD0IN+yMIppfPZ%W(yP5v>KCKAl+o|;)TBis4KS#AUQd}`9zg&}qh;bT^7H`vYivX1mH&=V(_aoNo|N3jHk%E`}1Nu$C%zCKR11;Nx)Nw8ke6H+^>AeiPT+}fE0 zmA_HYvE`9fF4{mKYaBZ`$7+O>HG_GfeC;RJ9^A6ozYr@@E9o1pF3CyS#WM+ypdAq< zSg_m%rF-$!N|Y8UJ&kFKO3^?pv!4$exS#2}*y!dmrCYpZooWFa?cC zESS^3uoUscPmE@u`(90HFX}P!Y5V-=1Qna)>cKCa2SX63;{geC#5No8kdTiaYC}&# zKLK82)w~>jfWnc#B@3~6c2-W`vcR#AFN`g%7U^n@9afR~3?D4$<1VDnL8Cijc@$n1 zkO;mGb4-~waT^{(UAT@5N`PBEc4_!H%Wwy~>-M;QUSa)Y7t$F@!uqm1w1mi(O`Hm2 zr1)n0usa0hg7k?jye{3*-jOC+5yvr#{eMvRRG&gfocO_LxTYG=|dEaNP(I$Jl)VfqV9iBqG zx#a93L>}~)6b^E341V-N8gl1pX*V>Uwy+!MKbz>*Jst7sp_>vbaxOzU2g#a?wJ8!h zRCZ*`OA#Exxp@k7-DH+2&oV@_jRIrNX5|5mw3jS1Uvq0on`uaS>^Q5-Z4V~OxsmdO z&xPzNYT51Js?1rtqP3)7SWmC+4b0qZ^P>ms^nYZEyya1g>fdt0kB1c3L`H4L58E6f znayPiT&%eR^uuq4@Tp$boYFAYP0(}`wx?_`#h-rRH=VJf0M5YI^JulLjn;}wuto>f zLT|NY)$yuVq~eqBexmODz~ZVOT$%X?77rA9=(X?p6do!nO=x(noDf;m^(|*X zqA$v>yPXrCXVlJGM*fk4;KQ+%TmZXA=C5Gzi)Eqn(h}wQx*@U72vHqE9uW(?k#N7K zs;)Kg&~;tgii75?(APAYiKc8j@LjM8h=w;!Y_g$KHq231D+r3GXlyvkvB;L${`&Yn zkFJkh6=zMm*fEvL6x3As9}pL5W^g_DYs)V0g`~!_?T%98<4WOW?Zv`#7~A1N(8%)|$&I*`<5|k_5Q4INlhT;N|!_v>;-68@5ge|6shotoc9&`O|;LUQ` zwrbTth#xiTgesRC1{}}{{+>Zd{L(WfGq>|pXchN&^;4UDaKK8_>jIFIoI=x-p=@g(SiCCTgJjJe<~q1t+6P@u zq&k4kUr{ zWAI7ms3x`WvAtQH3;6VWySW6tWgC!up%jbT(mL(p9~D17)8ZV)LWYk@wcm0z7=bHB zZ?hn>$-?ySDB6j082~@>IQcA~TV6cCK|i(5bwDEG_#`R=OF@J}m2u)D#t=?GGaanS z-nCsEvX(CSWrNO@9>L57A-;5QfB;q797(SryTsa}ms!!h?}&kP7k&n`lP^j!Tbx+X z9SQhzqIC}Z`ZYo8rswKFJNaqD2*PE}R1uE1g#bBWBlPFjz$KiY4JF!mM<8--l*d;d z`oQYM+iiJ|&^rzZ8Ugm8J>Snie*2>>VkMJ)4NhofZ)oQk{Y-B=-MxOf+{9^S(nb3^ zoy(hPw@_@moU%?LNwwd60_20ODHBlPseVLF7c+lRyV_}=4XF}j7WVRVgN=z-qpc@r z@e!5$^7jaG@r8;H9jb2Sc551x?g!-mEi-)trTY>;CGBJBGWC+q$ufWPekr@Fx_a>Z zV*u+7%R4l{ig1^xd_}rIjvkM-wLPHs4u8P9b(k3$AJ!5X>|;T9MBNa_PiW$Xtq9|U zVnpNXvFs;gjJQsk3?6I{5#{tuhy6s1ERN2~KZAY}ZBV`j^MZ4X6J?Cz{fF)pSFrI_VBgW%1|lkgLXhQ_E_gcuZQq_~pRT8{Fs!U%}lF}{4@<&@5%&Aj05mWaRR zEcFo#HCvK4V&W@M59`BQ35oE!@R-%f=v!$yKyVd%pLR4}#&=17bz;VaMQST92p5tDQq%&jkfRG&?P4`| zB$lBC7CG$S1dh1WbvwnEO25_U<5oIGe`j|L@4GDyXEIUmdJGJERkRJ;?LEUG z;K@bxKJd+JoVGXYQF+tBMIv&T%T4(YVVq>Y&3)E9-59qDUNI%&GncqKsG|$e`}+#7 zFNE2W%T>q6cJen1X+*|lY^^#{o1*D6yoY(!c|T>L(1{mZfsI19jJw<4TpQ zf45Z-9JFj)l_B*?X);5Z)iSO3KNAQkBJx@NsMuPBC&RoABmb%|6N5l{GvCddi+!~hBzl2<^ zD7At`M)(z4A$Skaql(I=Qub4=&XA^jOm3l6`@zFK%k^1gQswDFnQu(${ z=hjvinuMSikEXcb@m>w(0@2v0uUM$5tR40l&0#KXPJt0CgL8<1CQ*{eR;12(BXNS0 zz9M^On%No!;Zv^3FYMIFt_?C;iLRXog{uY$q;7{3{hWQ2cZP>Rn9$frXm41RPc0cmci(|@l5WCQ5u{}go+CbkE7<<%M~Q$7 zQ^e09-o-GKj1Bt=ONTX;?K(pwgU0>Km+g*SSd*7+rSz#yb;mgd&*rh2wKuDzWnFR1NX zsZU{uJSZF9b-V8^OUZGfLEA~W__X65#pvgpt+V{kt(lA>6h(1o&$6E^ zrzzwEwrV)j1irtP4kGmUN<5W3E>wBYumcJps$(QsH^H!O+XZ!&vY<4?iZ0g zfJ<0`+Cdq91T3(*Ps-JPoJv>*t!||%a5K_mFOJI#O?2)a=_$>tInvh#Avo8Z) zq&e1Dto5;QI*L?WHx#i@ufZmTz5%L=6>b6s=oWT$pw)$?KZZ(kbSP~Hx|w-g5{Xs-i-x zJE!V=oL`yAH$GkdY0UU*k=vVl63lJ{8G1clXi}3m&xKEGco5A>C^a6+Vnp0m&RXNH zmO+VJI|tvoGk$IjlckmAdi7#BTKO!$7=>#(Agnv>Xb1F?K-)>dR(MY<7aksiBKPP? zGTQ3(?f9ClPetf+;2lamBdjsv)wI6?n$zb(4llwxvN)ZxzY+6NgjHli(Eeyx^jTk3 zlY5$h_KWys8SnS+mJ&&A8Sozl1L|extqA;5N*X&SR`?GWEeC_i#}BYFImt?rEs%$& zDmVsV=xt;Xiz7*JdSrVN6C*1~U5CBU+JJ^es`#R5sf(D{1^*n%KrLqGa*B{-@)U(V zzgIboMzhC+E4s1X@P)HVC9NNIuWb{$sJ4zCDeggpW7*4IslU?2*X1nKwFh&)YPVM| z!dfJ~P*$h>?9rXZDPOVL*rKPro^!IDU;JG~&z~J=8{2V1~2GaHosJYwapcwpoH2=3IfYuKW605 zqUx_y3ehYUmKMC-WcJZ)5(jPXwYOqqen{uP&z?!8SR6-ozf`L9*dBo)fK{IR z*q)+JPT(6lV3DEOtC!EU!Daq@IXBOMpUpgA#c6@A-3ju%M`?AZ&6~%1UVd%9x@ar> z)cPUPd<$lG58PO*Sq;#90$v?iyT$19y;c)_e7eQ^a~UB6r)vD&6+Y{8Km3WLVjb_* zxo=-;e0hFky#t%apL$wad_G7wKYcj*Z20VTcC4>~Wl4ydpYEP}hDT}XdpvHfm5KA~ zyC|cwe~F|VvY?pr4&fi1p-M^ZdpdGZqTu3M{;q7FYA?Sy=D`|a06vkQIoKzkhuGoI!pGAVAt6h0A&dDuQ|> zZ6D7!vOrH3C7EI)aIxhFQ~nvHzCEe(UEcH-5lR*Y{zcRt73l+&7-k-{;zD1@mo-*` z=5c1eZjCrIrvAaQL(Y`h((JN2EaUl`>OY2Bk7N&jQh*DZNx&`z=H`y zKd_AyqK#oAL{f829w=O58GBex)xiV|j{P3ALPZw}VPW;QWHT!90A^%+mg5P>LLz_Ky4z z3PI*U#5%|3q~8Ilp-+N>EqlNW#82c65zzIoaoywTqs#Ca0J?@hIZ)l)vjT4=$rIuO zbds*Qk9KVAn&-)OTxbtHbnBTqh-+QkA%J&6h&KU_@k+6j52CY7*$aj&0_I}xxW(;WTGT?e3n`c3pj|mkx2je5-?xc zs*A-r_<6u7QOruQ=)FI82Kqq0DY+Y+peesQ7M><}rJ3$Glbt(Dk665!XMBl!Zrck3 z@6*p?mh*o@=Q|QR13o(e4>rUdF&H&R-XFHNw@%X!gdc62KCkvbGisZhx$el>tIl}q z_~OVSU-{Vxo9Kiyr&1!f4qRiQJQP9UOgF=D{F}Rgo+0OeN?Y6%?pfNgf?3FT%J(!~ z(K*oZQK=guhkaSdj{ zPE`~Y74lK%POoRjeGME10=1_4Jvk*uC%BI0CD z(b_$gzr06BNB$TKloTk%$mZvmC=fpt;Ds~gOVQ}Hn@1n#FsG0(tx6_z%TxIkAagJ^ zi}!MJ(Sn7_93>3vwMdBXw86TDKKV?e+IRIUSHc zCh0dkNXW{#u;_$|NW1y|2>;LB9Vy#NruU_!1N+noSACDzR_l75?P~@{wM$u`v)|Nn zS5P>mY>jqhQyvy4r$?#uN|EsPi18Uo?(n0~(yL9}FC^)2tJ+Hnzt$w$YQ0E%*(XLR z+bFQ=+1DTz4mosvWRT=g)v}(+r%QbMRd3xPtApF0A+Tu_W{x=}JWN~4Q|$SfyGB_@ z%^rv&096^nYNN`Tyrd}pTf#ygk$PH-`r1MirW_9f`iSeO_nC*h%Gj3AyQEbTb#x-I zz_{29GaJi|q0^kMHbw_lvGEYpESTs^ciQzM}qh@Nllbae@jFF4Df<|Hyq(pSY_6~AETyV z%e8o)YKszgMX5aM3}tpj(d{}XHXWkEPo{H&2=#zO7Y&RsNVvZum)KX!>ZK-boWki9 zE%@y$wiZcz{>9%|tdMvD$(zCkyOj}+8kc`Xyeo!Uy^dm9a7#-}Ol(BWBgg46gv@Lp zuGp%%+!>CQ8uYdKMaeN@ltu@JYymYb~0)MS5@$Q`-fG7-W zbnkaf;}Fz50;$9hxC1?{M}!J{iV0GcN6;Y$JOV!Z6o!Ww5!D*h5n&O~RzjT4mVdfZ z8AVEUl7EZuq0QAk>&)ep8espVaFdEby4;30fGSLSQEW@3f4Ik(X%L%ETh^{qzsdEI z#nwmZL9;-Mx**+Ajt^S{zdg}@=_b!e1HQk9r%7aMED49uKNo36Ii0FE{_UwmcGFg@ zYbPEs*=o?vw)4e~gqY}vb$B4sk(?ZxCKmAtukf9 zI4_L0^f53SV8<vd#9|HT6SHVXyASS< zT-i=iYIyS60BRnKOHp!>i#5M~A31<1Z~|)*v&JY0DSoQc@1aVj%ucOHY7g^Spf-xG zfiF%VC7RaG^d~74keMmrU3GvMk8e~Ic~Q|bQvBuOLE9!tc#U*qrtimlw{WtS@)yxX zlFwmXJ8z%2VKQv0sI^Dn%B|afHP81?-4v>UXAYDZ-%@zrUBqUD!h`nC27m!zZfw+_ z-d9fc7zJ-#+KzV2ynEwhYw*90S0Ir|uzH4M%`v^UL~wG)7V`9I)~LP`r~vYjE%^$W zVCo;9H>m71|$G`4s#QBY$c8;>oPVtViP) z+Y~>ckdu9pq;O^OTlo$@BA1g%f#oegv-Ew|rx4~5@@~FY@x~8NPuq##!22hU77wk* z{5LOIa3$ZIJ=(Tw-<%_K@M<4CC`yt7l&?!}RWca-B7x#%e%N=>emEr4lz3z}%Xx}- zDZA#j$*Nna^%htJ-_zgDM)7kMPk5&QO6D_EAkVku%$biM4cX#Mf6887USdv>b#&d1 z4yMN{=*Cw}M@(uyMl)<7JSEaFcuYl|OewTWPm~#qP7p>pU48`D@a%$d`8R9uSnp)< z{0|4AodGaQ>@M7$b2Y%nr>o(k1+*zP6wsP(iQI*?j#Nlw0g(2Fr<+Mgq=@z340szp zkZs9<+TrQL=%n-qJzi^^aM;O3Ng7qG zTCEvr7uw3tK}X5JP!q7WHPjY|=6-yCOpgkXVVBHl3}?iM*MMhEXVDVI2o51%+t}RP zJh>9`Ti^ci>Q;I5_D^H!a+fCIW3vn0d;SW?y}Ik9!|^pid%$02)mxAVo{C-4KSdtW z9O`h~sI_}Sp}yz@rZ{u#Ft{`;-`2d@z1`SM?-${;4js=Gzp|?s=589imD2zb6&r8* zS@$}?5`Nodwt5CYN3h2bY$f}SCM6GHK2Lg%pFK^WgDUt}M(l()Qxd#|!g3))L(D}O z4cR;dF8|voVu~a$H9O{FuwTA1y~d4*bpKb0)W$v=bF-j8BFvh)Qpy!-I0^l^ACP;v z7D+I6F@C~h8J$E^M88aawnqX$tfp(^sC?LGP0GUyHdF;}$kdqP<~q;6i~WX;OX3J; z6r|0GMdZdD;&lcXk$Gkpf1K1$!B5M2G_+?~)=i9&wbqd}+s{+UMHgqBWFe${k31oo zADi<}nW*O*?$Xo-U9h*)4^4H%)o_lqiL zn8QI5?gMDpRboH;x_No6%46!`Oz}afLeEg14d2iK2sCp_3{CaTKuS zu2(iv8RRH>Xj3T@iB|sr_Y%E)=$>H4x^ogzQ^}8PiGiP@u5*|jW zV%c=GSmu$_D_Z1rmdk`FVrsHmb(f}GSjwMNpD+W%YfN?IY^XJ2llG-37>Mw#TLeEc z;Syly#GDYu;gkkx0aYDj=K*AuS>=F4Zhe{>5+n0#Y)^$yaCWjDrM0INv*bk8>B&8? z@j)xBT||`xBb*|usc0=`9wlZO#um%jj_^ePU>0})&y5V(YB>QynT2eWH}+q$FW^yk zXi{$V7O>>dQlZJoJksHklAjsR>7CSqc=@q|ztU&yD`mJ%kt5)TExqMeS9k2f6}NLl z@MMl_(=wFl&3=@WPHh^ zm5gT6mbA+1jYm>fslh6)kkyQ;xC2baZVL&`CiB9XP>+u3tZv590cc!8<-W$^@o<{i zYsQ0#bkQcg9pB_-A~=F;<20{OznHMS$P!n7?>oR$-jAy2Mb{w!>qlqzQSmq0v-Hp8 zK@Oseu7 z6i;jxX$oOzfH@k77J6-kHH@~Mqy--ViGG^<6W+YPSDyGGhFFrYj>r&c7Mti=Kgpr; znYoGy^1e`Q{7+E)b+X%VDXyPj&!J3)xxAZeu~Wvb-66^^H}2589GNgwwzvp{W8ll7_u>+PdV*v^a#ce!6l2APibaDfhv+&1}7>Q z%2>n7(8zb?XhnPxbfiwRw3DM;Ul^xGv9bJ9pf0Wdeon5cI#U??vF02WaN*F!0|I&W zkM^_l>IVR;yL}}zS@jLaLU-CmKCZu)Le#1EhrAlRx2kNfavE*Kt&SAbk^FTUjc&EQL?0?$^si*{F{3QB zS%RQSCtp$8ZJ`3QW^WO5aaQ!7GLubLvCs;s8%74t__j14&RN5?NsexXX*F#Mh;t^W zPYvRn?FIhBIYUUtCa+2Rra^9h3ajN!Z6?8>{UCECGb37teTOl|c#epJ>eDw}g~t{| z3ot3Hfwdd!!!gos;Nl{Z^KWKjd|rO>V)#&M{H$%g_u-~ik!3$UI1&4|G`6?7>GGal zU9Iun^X9!gTR%HCKs*~5+n-T@vf`W*HFYWvWt8u}6Kr+TPQL<>_6gMZTGU|OHwKz3 zix{Xb0X>#ydwS<(=ir}+P2*04T=sR{cOXM-(6B7O6AklSOV=4*Gr27o%Ye+Boy%O3 z-bMN_HwQ8)xpyJfl-RiNUj=Ze_!HV=<-0<5D<`_!bxt}1^r3DH`P;*w0|m7`k-r%{ zf?8vPGq7cMaxN5bMztmErh)tsJxb1tY(ACYNchD4c&4({T9jXxXQ)d!l8aDZg~KS%dD=H6O`-P|)(=+nPCAf6e>gdevy#E~cMZc^{`!#zmKVf*!N3 zOsPRSbnfL84l^^?J_`X==1T847NdoggyyD;peJwba$k4j+o6Rmtx@xejEmT66~D~z zVwF^{Gc_C@XQ;t`%SqsPy7((~k4DO1f@V=)Smlc5bdDk5T5Wa?4M*1Rgzh^uhm7~> zEmT{zdr8b&$&hpJ48J=^>=Qpt(PVCF=nba3#tJT^ey-7u(6q2;#hqjE!|$VS66>8k zzG9m;&yiUkUY%0s@NrZJsUal1P7}Kec9-vtbNYJJ9qC(tDVgTAhX*?}3^RYc5Wv`F zLE7+xen5XPhu6BFn_(1x7wLuH_igIqLXZyiTYINUM2k&O1Cfg(=sR=cy0z1+jh*R&l>aYt4l2a^7oNBs^AEK4RCo3Zv zpCOZEJa{JjgiA#$EZ<((C8WOF@>>zhtM|?}Rbk|m$&#~xSHl+Oui!MQV7ipN{)#+O zy})H7O``*{xO_5LkC!2e+GG=p6HEtu)$K5UzZ&TRUBWXy-scVIf9FFbtSZ1EdnCZT zj1gAfeV@lWw99iQe8TFfr6g~;@7(pN_Ov@NlLYeX>rhhmq zhUAz7#W_QW42<{U@N@68C=Yi2`G}A2%A)eZRYvj*DJOaDy~cs^x@fhIYI>4R*Ua%2 zBQg+=RyBQ$?P8F{Fsx=I0w25f-rc`TW13EjA}}^z3w^n`X=8C?bq;=68rnwu^e!ec> z&IfF`62A0QD|v+gpA>5`fR4Ym4R?WC6OEKFq`&A=$-2|@!r(Pn0@!#Sb@cnZC{`_Gs{02Ft`I0jxPx!kqzyH&f;mj6k4_k5>EsJPk zz4}$W(i9X~M|-ThP%T1vLr^=%Z}hcaPCY~zbTGO(Y|bdm62!VeB`Eb((3=N3SB#RM zDHuEe(xV4Eg|$QL0{hp0(QBFgCF#be2BKMn$typD=NVuOZPRlF^E_*vmZwVV15=7h zqzS2KMR3`-G6v_z#8ti+dF6S^Tzb;QiOe5hYP~JU?Lt&!UI8Wv8rsqa^Oi=K=-vI0 zu0JHMk4GR8S=OGftY8gd+2Ww4 zb6Xa8gEJ@b*dVQ_ONPfE;P6dN8# zVHwNW2)FXL<`agk&Y<*po{N3vBGX*Y=k)}Zb$PN+UeR34U=Fy}n$3y8Dc0Pec}dBw z9sdU3b$9xbIz@s4*nCu!1f>~+F8=|@2>)toD5)mce4z95*&nlP^0tmy`O&Fd zCuO51wB}c9l+;yOOY?SON;(j7ZSlQmD#S&h%IM{pt6D$(&ox((vT z4JG_62r&KUzUk-0C1y%`J29Nr)wx@GW6A;uxt8DA-Q!#`!caW%=G#-hQi;#hM&Q$} zfKr)bRwGjR4{{Bc=gbS15?|Q(IGv$H4)za}gJyD%3A8rlmk{hGnwkvtmY)iLh8mMJ zEetNozpffuT$OJGX;R2F7Rm05Nd?Up{HcjWV7l6MGbYv|B=m}Y^I25Y!BNk7m5GmQvRbNRtnb5UQ?Zyy$_L zEp0Gt06}}^|Ew+4=k&f*OYxrCyn=UMZ8p9c4jFfig`2$&2INl%q)Ki!E^N$yeVEqY zqQ_zx*qfS1-VPeb4y!PK3+6&P((mZ-d&6n=@K`Y18r)ELNrBgX&FkEXF1}Fh+_H)8 zh+EOszSbN1{Lq}4I_P;s7tP-9$?dxRNVwR%(0JeW@lN{!lzFO+mRh;>2&3|{;j%+4 z8&-)iJW=l$?l(|-SYqz8uIP4JuteZP*2(7!SMI=f8)H^Bf#Bp9(VpLIdHWA{Eeph5 zgBD1y`j@-5!0b!-AMTor((l$8)e47^Ef9B&KQIQwU3>Y5yM_WMj1{3C>cVI!`*pxpkQIZr;hiy`Yx8=mqicVx;}S2rFnpN6$9 z^T0nd{~6K5N^$QGOa|FUEU*R_)YCn(+&~v1Kudz%t9~1yjGmQ9L3-gv8^+D1{enI{ zzyNWHzV1T=J53Nh2A%NSk=I{s8uj>*j+_wDrD!rbCM`x6)EhhK+L=ycN#hMb53I_N z2jG3&?La{rOA=pEOm`CgDkIV^ z9IV;l{Xt54+2iYTtPo7NGUo>L^mGIj9+$Uu$AC|_RT?+*Iez$0RV`>l1%F4uKi_RQ%@N z#2rG~Xcx&%XpWQ{Vj6f8ZADSiO5xFt!SV3s%>R#y7UMjDiqc@tiey3;`uLIPND#I= z8e5NH=BHTVfF=e+QCYAoEm&unlF5HSYi2rNg4(QDb+NSZ*iafd`%c^csA&2BtD=qa z+{Ml-J)(RHanNXBqIrZEEg6%agyj1 zmsM0!sJR9dz#)ks3aMlkL4aS?lzAuO{_e)yg+HU~R!vL;woZ+1gd~g#mRR23d`+EJ z#|x$_K~`S3eZ)?=fcWejRnnq)N{L zXdl48*>wxw6owQ&2Ty;^b)8!x$_A5i?a(oyZa%Z=n7$+$-*v+B!Y5SVaLX#^Znl?q zeIk$R8{ftDEsOooDDZc7P`8t{>Iq!1xB#hXO(+TUA)M%~F=qQsvwdZw^8X>OnU1?U z4>OZ}#L?qR`tRjLmdu;5W3V4$V8P43g6$Hy=elX_`5|3MqkvW#eA`I z5lI42gi}O@>3LzLnlZ44tIg6*l|`U6F6rs;1j%FJNe254_7(m?t}*_YLs)G&Toz_o zg!ppmvHF7wU%_cxjB}yJIPQGDFhWs|s~Kw3Hhd$wN~sdGLI3c6*#H;B#BYs)vHgBJ zr~tCmBC6;*rJ5YOrwAt4E{mAssQM>IK@pi(w0;XUrJl3V`ZELV0m%PJUP#1(aUF!c zPTFGx^>nb>jZ-Y{%pi^PkES-WJ5Ye?8auEnk&$Sr2FfGtOPl*a)(U>=&*3b3n1xPW zI%B9I_lK;lE=-D{u3>(HrH?U3X%pxA`evFNo=Z91QN!=Z69Z=Vm(cNZ9lDf~iD~11 zRk*gYndzoP3v`d1j+3}OclB&%u38m3CZpq#f+AQSFo!=J5aP@(s}CJFM&)Wadf~(Qpa^_qcosXx=RWD zD?*fmzoQF{gT{rEu$!Z2z@pbN0L`Qz8>+CS-j{V0B4)w$8&NfhCx_`fzpxhd3c=rI zm>GlMuzzZs_j&h7st(*~IU;Y$nz`0zFb%Z-h-&LA)J%Y@4gizg*IoC}+wy+O>aH!}XRHXmInV`# zeg2Bv|jaow^$VrxyX~8!7h2lxHM$ zxEHlP>Uq>}z)MYhVEu~W8fX)#&pBtmpKnWabc8P+fLI$yLKGn?@)!J+b$Yd)ny&6O zy4J*?e#Wk?ug#z^e|^C^UZ>N}UbX!X-DaK&8B5!ri3*b$#xA_9g~2DhIgCv?IlgHat?Zca_ohd(zbuaoHeuGQ0*vun*&wazfKQJ< zHVz(ox>}-vek?OtAnck-_|&h?f3Rz#(;)0xkKbNAz%JOe8MW~ujmk^rJu=r0G|_O$ z#oO*xlNSw+yMqFa{YybEfaRYR5eyWn^2SF=#sJ$xvoHYD0fRic@b!NCxq8N!0re-< z7@jj|TChkmqOldaV@q3-BBlmS%&H*cjOUep0A=T~Q{(|mq>HPPsV55r9R2Bjz-5`NH4q>HQm z+>-gb+74$J`^B4zDi) zPqXPbzl}Q-G#zL(rHr>+@B71h+#_VNmU<9{%g_K>xvyuaYNaE3uTeH>i6YisUllp3 z{MV7yu3vE6qSYnwyL9iv^6W$?9)k4A2V~R^Snd0!nK2Mjdr6*&VvNgk)0Yq%W%Nqz zQGeyCA#7xPUsLp-*gtH#rG(Cg*A#NwE-~2Vu-pgN_K~O(Gex<{JoBIjYR>{N6@B;TP(eC zYU#g;z1ph9;#EIdKaVyPTg1MZeo?h(iWeyitjbcZ4#@2QaJL8)@^u4QMY8E7I4GBo zY6Z|eRsSv<*DwsqqcN2GN>n!8IiIWd!-%{?eguC;B*X`;LTKFDo(g=6Yqze6e>FFv zcdkA$39Q)(yoz?y9rE;kBJw*GUc(ny{IgogKX z?6`U$ZW5ii;D~kQW|s%U)6TgcRKz)@_S*C$Nsw1<#VV+G7+M0b zA*oXm!sjB3Si|Y9GL*v5rugJv0z)K?C2RVU>Az?xKdWH0{)&3zFqIpM3VrBv$_g2X zk#LeGYS=o;!PD^u~S`S4Ksp;#(j`yRcazgz|k;7k_V&?Hha_ALjn3INg2j!vy zR*;U$h*pj-Pqg|=uq(CKL~`{q_W-Z@YCl$5vT(SFg6~@(VC@h*6?tuWaFzba+k(+5 z%fO6xX9TK5Vp&lLuxY+K#M`1iqN74P0ORiSBS?D5l_*h*U{L*}adK!Wnp6-M@^?t3 z0O+9tsi)~T?=$a8_UX;>Z-ySDi+Kz6zh&qWf1nsf0QvSvF|hK_|Agp-ABO1QJO3?Y zLH}zC8R_US{{SxUnHsscsEepBjDrZD$|iec~M~ z)B)N_aWTPvz-!S@Ppr5BVtnEN)0t2=`bi0dtE7^g>`|f9)3o3%%8f36tsqjHyXK-Q z%rUS2QgxUMdbK5vWiBUNhB#U^|DO~jR5ygqsd-db+|2$GhPBXs9~EZ^)mt4piIjA? z$jWmd@EUz$su?CpPGO(xZ-YS=-qb?uL565)xOS!(Oea8Ud}IYg`M5?8VtxXOPVGL! zpFE}|JG<3q4XQ6n#W$rkNFJ%0@%cpFO!>;5AK$w2%cN@G`;BvMKY>C-v)U2I}t{W9Mkruv~r?fQ!SpAD?PG3z5Dlr*<(#K2u;sToIc2o2wpn!&X7p)IVH;dJ?vkEhe|_v!hLi$XT+&aj=Ty>EcV&-fMjd(F9G#;hWOy!#4z6mUK}lLTZlkA zp^x;R8y^C4{Q*4;U~sx3wHp#gugqj*cB&KAiLBYZp88lc_381h|iiCW7B{qq%ddLg|q2C)(TD*NaTTK%x!QYNmr4cjbaH-cn$duK{z|9oo08_1%kutxH&6w+DiY-XsP-(ZS*X6i0oqT5>6xvPUs5ODT@=V4rZ|{n z@@gu>u6ejiXo0g^ZGCGR!AhM_Er(V$8QY<0W@x%g(AdTT8*(xA6ly{YELi=i@Ce0r z5ZuJi*oDB61!R~U5x!%LDK1+@6|6Q==TzcwlOw`jlR=iIw`druS2z3IC@$YQ?+^6% z*qpl(eShz3hbwI~_Ju5|{yJ53gu0v%zy0yH()cvuI7x}oj|VF{tlITehzm3D{FHt9 zvzfACBcD&fLOL9r5M?0e<3M&DWB_xcw1mC!6zMLCq(XHT~x8W(es9;pINi z)(-zzIb>@=Rt|lSN3X4}er=xYVSRu4BK-wakt&PbpPON^Jk<5Ug-m5p&%cfkgSzj0 z)6JF>r-ILzD+Zb9o5WgHes|nQ4{B)ydenbwDnT`%s%A-ECyvu84kxx@7R>~kD%(pOXSr?{v8gku{1X)Da7Ja zTgvACPD8U2#`tKBsWk}PGY9^8xOk1V&JW65QPTO6%Z<`nuR9n6+3nxS9g*?wTf4Tx z-Buhy&wEhrig43pJKY{EklX`q)FC2$2e_9s6TkF-sUn>H1pjgUvUB}>f4+3a6JgnN z-Xr*~qW~9ggDM2vyIyG<Nzjth4#gN%*Oxw+J@h z&ez)G+5qe?w+Ipay6AAK^qnY_FIa~J=d}j^M!YHY^H~U09`i)>^{Lb2ZeOM6Gm!$P z_6qtWvSAOhzW1$9EPU+skmj8>t|&2O((}!xvn=7f?#W;jZ7`DOWR`=a@V|Pm{?oOCOlxeo(?19t+eg z3dSkqsFhx>q7E2BXpokK0a-Ql*vcJbvRh*;zf@0luB&<0^-ON5wLn&XOS6zj9Sw_z zC=qSb&P;O^Ym##O{`&%LPKTD+;kh7;N+aFT4ZajdulILVCv(P~o zR?!`|R3#B1ZClV<94Zg)Yp$m&$kPIJZk`{1tHlQfRJLe60?#h~4S2OtK7smeKyB7q zM`)uDeO{mjf%}Z2qukZvS5NOssN*s z(1ZE^ub?#LPmV$XLa08N7stw;7G2Qa^4Unxy505@pqjSYTCFvJtTP=;8|pJ*_ag>KsjjmE_EFKq;I7+FVWD~UT~J{;jZfxyzOYcR_Tx%r`@vW9>bZQRFQVY5Rd%( zNHSUdq?{Y5nQf)k^3HQrBz(DG0el*!%nHSI1|$(K&4Jz)NgUI!fDg@DulfIM7obnO z0&YgbeG}&%G6t=9k-xwZFw~D@As`)y;?NbDVn`fQ$cFn8!tKQTEdQ27 zhUc!KV)q_0aJ2op)|ajOxFKL)=?AuFOmO&WPfqC{?1BGv(f<635|JfG3h2B%E9{Iz ztrl(2Bk&XDEB8C70eRCOxWlZJN7ci(h5e8m=oSD~?UDTu;M)qky(r{?cliD+W%nh z9iJ-?`+m#VcG9tJcWm29$F|jR(y?vZwmP=cNykQaZ136W`*~_=PR)x`Gd1VM)cGfV zwZEUeuC)qR!wngQMDdT^5r6^vr3&?5EJIHrEW~CBg8{K+;^P=d zQXJrfWmpu)2iT{;e|*xT z2ra%9xVYF7lgN6;HfaQseC7BhKGOh8+)7+6l#$MXBZ8WkZK{^2^CNX<7r=8OlwP5= z3U-))nlG-QZ_-Cj-Es>_Fb)S|s=aGo$aE4<_6rQ5ev**`q&OBBEv^I`%=l z8eXfg8sR+LnwTAaEbo7Aw*`A?N2Ad(%C9ndZ7j-?6mUl${!K z|7N%H`;_|ke{Z(z|HEcmVj{uzZ?nxi{~l=FMjVJuHh%&VnQ78U7iV`vb6CG90s!-9 z;r_$L>@LtYMN^SqDX(|Ut4{nS;jm!emwD$pQ)|JQ`Pxw2=gHRam+!k)kXPG`py(PK z1Px~{z7|1Q|6ZbUgECf5u{<0s9QuG7Eoh3(e!hXA`O?Xg7aGn?z;qT;QM^Wgj2>wB z(IghQHDw(Z&MNza=m-w{Z*>GBGZ$(FFmR~oKmYm|!ze%ekSv_IJ^Y1_727=WQrAfs z1)Ex>u!hP?Os{DpJA~GZeZBO>Pn*QzSFT>-!zz_8Z0cXnusUYE8fs_YD=`CdcEZj7 z-aWyA0dnDrxj=B2>mND(-%Yg<00RR+w-S7G`MS~H6jSz}zVP#MU7;L}vSEb049lx% zu64Nfij4v_Tkl0Hw_TH@5UnT0JW@WlRp?x9++Uf*?0%|87OW^g@YQOAr)Wz(%TuB` zCRgmCp~hy2Ref_3#9o#5OAHNh?gmPRH7xz#f>1ZoOkQ=Ok%nuCwdwnV5iMT8Zj$>o zK^{aJ9o4$fR<&afex=yxTc{=C*;L}l-R>2Kpkk~n+ju`JgkwD7{k2qkr0OGy7#<#3 z%LOK1ne0gXjX3C$ljggyxg{>`6L5reXrm;TJsmoW*`WjNa|R0}*H#&DSsaRDFSQ4z zE1Kd&lEA$(m5b;3MqHD|twat$O+YOSy;~zqEmG% zEoiaagicCB((>-^Fk@Ew)_<7jS;9B1iWUj(7@#3lZy?I~UbXm2wgbbNy2A1T876=%q;Wsygnno3$ABJ(@5iG4z=!8u>+2M+{{F|;7ZV>I zM98uG*R`CLBSf!vutqHAH2Vy?a&#cP2wYa4;4udH-x@($} zmXtKB0>))Q3L12#cM2q$;~x9L{ul!~EU)HPc{fYkVwYxw5_g?$I z_uBux*Z!~HYqkFOUi-g%ubl;Z=_5tx|D7&IGhUunCL0d8^Yrj2!v{Vx>S|d4Y>qZj zzONIs=YNS;#+i)*-Pai0b!3QWhSq8!qt(s);UplElV{oHQUnG8(RNd=)FK>KCUWBkk*3h&t;s-VUtKE<@l%%Z`4!R{-pTM6p*TXy@QaruowDlvJcT{!a5<4Yu*DaG#) zXka7*zXtmnUct-~@){V)2(q8tgUB{5AuFu>jAUF6d`2?pp5fXoWI4Wk;q+4AM8vTzU+IKirZ2t zZ=o&{zS&+UL*jFWu!>h-Mhn|szk`tLPPD0szB~FuOQKc47DhyEwt(Z|`yi6TG8jW? z{N8-F13@3C#<$T(ZbSWfC*;!Pt19^5W5jk_T3Ms1`I{wF>h;m!cmDG3V_o=lNIq0Q zbSZirRp$F3jhMx{IF@(l3}JibAy>{yASV=lV-^`(|I2lbH@!Tdz($*b)h$ItA4~^X zM6iy*ya?mA;X@JCt$vNkSb$#jqi_DX4gq`{1Y+LtWBvCU!zf^L^V_Z<5RxK)d+Y)W zsE54k{N`GF2?jPm*|Gr#+XU;gBJPAHd%p^N^i%Cb;8j#r)N&$v9CVNq=f>J}ZawOA za`}SK`QS0DgyX^7bAgXgBy-C;$85`gP0(+|4t>|fuOqe?zr{g3@;Ep0D;`HA%3oCs z0sM6DB7xa^QhcDC=7LiSXHrzqeO@%;=|QPCK27mAJg5(#$&=ze%27ZdNXm8_ZoD?+ zu`Q^)YsG@*22isn_~_yN?))}7`u!_VdIkI?l6c?`3!;)#X%Xw>eMe?w-w(&AciUJ8mYo*u&bAiPSw-r-wccd zJ~Aw{@x_PzPOKn{3cWH5boa`~6s(0*SdtiGOGt0G3FRRzu%Ygn{>J(t?*YeIapoMv z{V&vZn^su-{`G#YZx`Erxxh8tgfanTgd2u6_0Q&YMFxneW?I9{aT{EQ0J#c6E4N8& zc&xgcYJs)-DrHDL!y2E{jvh*3eEa!`VLpvrFW<3qJ`MqATkXR^e{_5>gtuX*D=3 z;PtAzPNm4WHOy`wl3byDrP4YbvU>NXzj)I4E-GA*^8WG)t9yScoQBwoLto+{;SLUX zUF$(uMOe&00E0|3XwRe1bI*~XsZN4A`FR{XxWCw>S+|X!``!q6xU%6O;jZL=dW#!0 zIHugMMv~d6ORgwk?9J)^?(gIH^!5`lyVb(gW=H-ExTZOxwjk?7II$Wx9`0BezZq#! zC`?S=lWgm?k@zLw<`UHJttg&f9V7cw%HIt} z1nDMd(LP3X1kOI#p4YdBBD-T%cWYoEXfXAWBj3K(AgmfRjjv5{v{Ad1v~Zj#EFjRD zFy+j+f2F46Vg=L-cgmw;Hznx|{RC6! zPv?yep6HB!PIW%7+Yu(i`tm`Ymnh-*n6da~#A24U@R}HXZd^0(?H`5BpC7CiisI1T z5!L5#X=5F^U@hVux>>m%L0^kJY}X#cPv|lJ!Vs~x731wuaLF3hV3+?6Uh_`Z#A=Op z+JsF@Wp~M>oLf$7$aG6bu|mXPkr~43CyKF&%lmQeKlaW1JD_DB;81({>mAVQPWTQW zJZQpy1H3u|ZVmOBAPnEtxdA-E-iBpuC5nG~y1IG(p}cH}27!aRbQ7<8y@m{vUfUP; z27VzqIh#{VmwV@>J`*AI??UD@90YJ2Cgm#Kh3u5iu6ITxM29d8p>kg zql`xl2jBXi88+{|3C=d`kV70k;}{*(hwHLuwGj<<%uK3Hd8r9d1I~+R1-JTR+_vrX zmBwnO;LhFwAC&5Pxr=|K+*j37ynd@48v#<(OQOd8ISVb4h*wDgcJ^l%O9y?MHOFyJ zm&i92P7+^@w-LdwOvZl=3-@G@4n_UIm~#6?l_cr96Tnb`eG!PxX&Po}8o_JF_Iy{- z!%wCeEQ$19gcBsiGnauI_?NP*|1zW<_HBh8rE{-}hl8qir!qN3-_2}rh=JeM(97dM z6ZLA|Q+9%W>l@=Z(#(|h1Z}2h%nH7|@357<6NT5-=X#%Rd za8q=)#V|@;AiJQygiPkJx;KTR^!=k#E(9HU*>U={hZ~skC|FkVo2Eg49Tv~h0eJ%K zkD+LGxI#@TB8AGrVi0X7FYSW^U>t*7S{6&}*s28zAbt~U`IP63_(9j#&TX&{Nbqm0 z@{#9akCr4VLw6m9$(1EFz6&QCNiYf7hdO_XXdkyQI&^WG-@{oip41J?* z?DP%`oTVo!l<$izaB)On*2kqQ#wc?sqhnc&j$>>1(O-q_r~v=PS^Vfm1Gck>_z5wv z&RHs!@R%$zMGelmU1otc)oa2Igo(3|$D(bg?)p2+vXCMn!Vh2~ISxqf>Z_q#hJjFZ z|92u;9WO@`m`IM+C_0d9$+@v}M@@sBwj$-y_UGiU=P0lfgJz_OCp9ubB*i$15`{eO zDOXl)ZoZ>ECUV&&Ilvj1a#67ysFUHX+zH|kI{hkFLqr8K0z`J{KapK0BVEUE4tk`1 z4OA)Gw@bE+#6Q($?QcUEixZA5V%sj1EX_hJ!ZUnxfOleUj)tHcu^WPq&LFlN%T#Q- zQm&&>4ciTDp&Iu0n|n@3*gpMYYGk0SnbF*&cGu!q!R#&^c)rr2z&UPeCp+JB0k`5kCGX4T*wCe$3u4$_~m3 z^GClfasve1S;grPTvHG-qgFiycNc!D5Qp@pTMto&H~kAEcgeRHSXdOAj!w2)t`#iW z+BIAnXL=#yB4{wy?TEUaF`=_%x{&$OB>4JWQdn;ULD>E$j$!<{_`Y1i4k*CC!w*@L zd@jBlx(}&pO3R$Jo=LRvbz?Vk*IU|Go_6$BJfBJAE#F4wzXE-AKfAv_=24t$2Voc} zLTJQM_3uSC^itoG<7SBj4HVa>SPLDF@TTvMX5*m?DuNAa*Ly7*rLsbolVkMTkntD` zO%K@z2Ff?l9!4uq)*3(KY>Rp&XfYd3B^!XCCJ}|w6R2Ndg?T(O@T{+|{jQ1=g%G@L zkirUCS84Q28P+4VyYAp~QGVgW{R|?bp>j?7g1hH!ldgPSJpLo6S_5(hA=xZxaiodz z^e9K%13Fe7*y8}wss>3z6A7##Gn2sX((t15eIR@&f#F{6AmIPDR?|`*?_L6?F`SK4 zFrsr&Mj((y9C>hQM#$jt^rxEc`4R`=q)&{`tlO!8=6t(5;(tBnFu5fntz!{ z&h@yr^N+to`#r{OP31Dip{yDuniF47Unq$EA^y5j*t$dOeJY>a1H)mH&nk;6!8#A2 zT1I8i0kGa&%EdhUa{A7=0HsV6l_6cv*^3(~WGH^wV~l;X;& zU!OWP_KPBz|K$9{cjt3Q35tsAg2>@!a4L%Ed>BoK^v&-iDnlHc^W}R~eZ&#G^$kvx z`%HXky~%x!c&TCIIQ%g9Ca!%_(ZmeP!(?3BSu`}$LixJl+;>x2T@++T_gPQ5RGZn} zuhi^3@nt;XP}A5f-$xGFNp1ofKycHwrxVW3uz1h(Jv62fySMo8Gq4npBugTKrASE% z%snR{3_I2;KxopApzxaf5w_W~vz#-T_>vX#{#q#WR>5XS^R&Z8^A&_A&ka4mDqnK@SIHqqLipVc{cY@6C{0LlhuM09Oy!%x!jti6yNPY; z^$)K?lhvv2!n8M`TrRD#mlJzyLK~brzisO0+78Z!U!vTilDlds&`u0wRx(SW4=sM$;Dyw@_u`_mmMwW$l7?POW%x`)RME;_?n?S!bQ1QlnX;#Hv7gAziGLoc3)@FpRs7>}JHt>=X-cmi z$Lh-wTpC5jQ*YF#U<5pARoxfN8#RYd$QXE>e!^v}5Qfn@$n2X+d3dD5*s>3C;L5!Xd{Utgb+K(#asU2A=mV?~9eLS7{90jxtDmKtceRnhBkwE;;*( zC=Cc1c1IniQ~=?7DFXw{(2+gpuNAzo%o-V-#wT#q_dq zy@E=gT&~j(zps9}->oCR1xy<1rY=cvo=Lw=$!YNwB65Tcb!)JE5)y}SuL2H8x z&Vh7zV~&(MoR({W8E`5)kOM(x@Vo6EWcnej6STo47V(%!c1^{1UcwX@8(yM#I?tW3 z!j008ZzH)$9z8mTgmNJ{MO_`olg;!UCs^jE_0f}Aj@)KkqMiVFG|s}B7)vrG?B;HP z#qK@2LCAoHQE9~u(+aB~u4!o60~%yxsRypQ4v{-Y6BObR_{D2{MTV z{7yqF4onet=kyowu;|4^{a`9}>AL*uB2rkzs4J?O)VrvV*`JO&frC-hPHN=b@p+Lp z-or$)lWpew!AL^25lL0tL{2oI{AcBkf6`fXUSe=!?-{1G#rGiy)|L?@RAj;n7!Ez5 zdSb2goPO%|+Qu|!kC52Gt7<6}!AmWLtUxzUF(IGWj@41lXv`mHH07TjbVsB6P*O8A zUf(2~)ymB>(JFfQVCdj-T6QjSkS=?p0KFEZr80SD7@7ov-WcG~VO2ipk#gYFRlQpN z4TM4;x9&$2kzT9VI_Q;PTh%PPV9J!kBC5!%3Bl7p8(p^`m_`!?UvaP~f^H#S zAlzAwEw@f$ovvaz^&S1??O`n>w4)0^(irPo;G?O<<@q@$CXn7z7Wk&Y|HLgBktEh< zw9j4_AQ|)yRySt>%EVgy_WOrH7G6;$@!Q0BB=;_MnP&v6lTyfu*41c{J&R}O$T&My zJI$jKjNv9o)jS&mz1|UKM{ffoASia!RSi+FPKOX94V_Wo!EZI3vvu&EFal{$noq8&S%xO6otng!c7A(N<_&!fcY!w6R*K4w zQN=T^`(R4sLtRrD?kL{J>Ae6is2Y8^-cXk&%3Xc@J{pl>L)-$zZ6Z!>q=?j? zPUO@J*g_sa@omDsd2XtpyYs%plTIvlZZ z7_Pd6R6B*${HW^CDk)VTzXXW*8~-dV+Rx_NzxWdMInx>gQ^*}WtLoYve$Iz6-Xfd# z1W~;vs9ku7y|Uh>EiC_1$aR=bDk?&O6I{H;4y9|m-2H6|i%4v2W=o$yZm&r}rgzWW z1(a;Ygvq?iqe0(oYn!SRh^FVy0Z-NpvVBQa;lEPiLx+?~_D3I=%-={OmPMyhb6P4V zO?haBF8DNCFa-Rd&g573Wxz=AxueSXhweB`pI}MS5*(0p6Hz!^EQ8;-oCdze^pDXL zd$Qlu?6>t-W@({<9i2veXEnnR#fDi<$g zz9%&YCcYg~IEd2> zL7zPCe!LG8>UM9M!Pt)K#}ANRfV2;A? z^D~QOY)GMNv9p;{cO(>yyykI1=^3SZjkuB(tMN+zlI3AVEi*q1Oh8c?dUWKjl?2w1 zazfHlP_Z#~7Lly@F9Upe3dUK6lVfIlK*j-6UUj4?ukT-AxHxo?_4~8w{mIh`;Qf8j zVbtNA6m5W8Au%!S<^E}j5v0*(O#689he|1O1x7IcOgceh*{tE$(n*d6;?Y6J3Cr|x zqT~LG>prN?RF7{z{<@B%k-VlW4A4=#Slq0sDVdM%*bv;bjZU@zyTWv3&v?C&%$M~K z;3#F<+*WnM!(Wq53@zcUS>H|%_3|&ZF3EbVDvo}-VSgJT;Jp`V;-z%O#0*R5ZV^%dh*&KogigYevyAS5yIn&GH?Vn;1hM*r>9sQ z3wb7O>)DoiAiw{D@G0f|ok)0LYOm%SJfx8Rc$=O4tlY4XN#NLUVL@7Rpfz*IPfN+g z9A;bb*m_R4|;zjLOTK#7b`3VL|=X$ zy?s~iB3xcEsMpQuCz3n(m&*ZJ@U0PWyKB)#44iqN@8SlxEwDs2pcyW{+ToSlJ5cp~ zxC3Y2oAE!~)94K?fkzx@8eHfyBM^J)FW0$Phq7DsmS0fwXR4&65sHSmwt{FeyNR4*X%owvp3i znqflE$_}wJi9L8?Rko~Y6De{$MlK-6YmRvCNV#pP!#+9Db43tT>9lS!)L0{qt3D^Pcwp#!ih3+adRIHN(lm&1vRQ*J88gq+*%( z_M5fmA^9tWH)MQgZFlNO{H*~MUAY1`wi5hiGRx{Jx z`47qctvVm5PioUOK;c|lCS<34@vHPWXJ_VwAnSpjlox)OcOYzvp(50Cd>T#bFQoND zekR04V zZ#$FLr1Mr=*LoU}k%a}Z2`&8D{u6) z0Jm|NHA;Zp<*$9gR*$?(feC-)Ywg%Ks?9$9xZ1-_IN7Tu>kcfb;3BM0*GgRz`?`uF z`?MYQ<&E}pHt`^=npp(V@@<4pQ*3H3%%1I%G1ZHL&Ae><$0q8W!FwyDS&F)=wQ;BM zR(K|3fEb=mcj}bL?JK>!n(LV{q3jl9_V&WJx|N?Zn-4-yrQF46*-WZV-!5lv?D=i~35S;?Y?;)qh z9W%}2*)@z)XfSX>rLl00u-PZayfhH5@uY5VEsBe^^-6%{Vl{uFW9fPkXYW{Ce@!Zs z&vNm&|2^cYd4j0C0$PTW)Ra^avA5gJZZWM4Ts&r4nz+J;m!n8xv#GFau7=H(0l8p! zD1c^Vr|%{z>Xze!=$Wc(V#QT-(DTlTS6DN8$7-mS>gS>*jz2=K#4-iIL%H<$=OO@J zV@zonWu*iIR9*_6&n_ZExb zy69^Xt~-ffG-#Z^h(!W>xz&8Kk!Y-eNG?Oq#Pg`0Ck#(0^KCXp=2cZfce=fCgy@oXJ^m5L3NXEPP|cDDZl9h(tKRt6XU@uMIAvAj@zws~*GrW41H`gOXf4 z8}gmMAdG^1bv|E$Pgq~=jvQ6y;c(<>%yR>#?(wGF9rq<{j&_k^2t6v~&q#1!yf`Nc z4oKv-5oZf&rz7L2pe{tF$|e30ku`krhaixWO@Y@X=5q#%o|>S0V}g|-*hnP%4H`gC zw;|^&i-g*MWf&m(L9z!ZcuxcIP1Th)rfVxI+KhAol}v6k;!|b_F$aAvn$2g9(wY;4 zA;#9Nr*D^>6(ijy601Il3nq%r^;^7vSy%aNOh1OG-5d_>B*rP%ITj{#G_ zREpOCyJvf(1_W~LRnJ#`XHfsXW@XHDKVjE3I_pX|-x7riPMHL@iwRyQhoX-*qzq(C z^R~Z7;I$EhW+hmB+L%?$fKX?oV~PRzTA4Zkp7-ZJiLM)xV#Tr-)>yZB*QN~QW~GnOk-Pu zr_|AaWd6ibHZnAu)bEI8yXBf*G6hNt3wgCB6^o<9)}U)>xL7U2W3tp(r6n-(sH9Jh zg@D8MnJzvEBaxNF>>l3T^p%}?Xmx-1vybv~)`vb3a{`Xxe!@VDq?b?0)91gLm;i<>K@CjOWjCG5Tk@*xK;&O8|qquuSBqIYCZJ#4~aR zB2F;))12^?8(gv#4^u;pmC21dKPX#^09ACBP^BhOy>G|nVdh-7Pvlah{b(*D z!-jIAfr`Y>_RD@e-0PjP_gI>%Y)b%69_heJAwl?7d@9$8M?Rd-kX{JNT*HO@Yu68? zu9X~h7w|eRWXaMWNrTE(d&G%SQsub0pVeY_V70iUBXH!5Xz&r?xHS6+9{F(b_(l7F zL~(sTQQS7GMQC(gXnKBpdjfOm78s+C!IYY(M4 z)?%^t13S#>cY!(9s*-=v;_2*~{jSD#PLwu8&j&pEI|iQb4Ijpvq=)u45fCqF3vQ)$ zI#Qb`jT>uCmA{O`O7!GMb>vR}j`;UaMpgdwORoK-J5xM#)-CeG2xp;xBO8aWBU&VF59Nbwynftb5MZ5^|D+!i(!a#M>) zBew7#h?`~YvcC|8)e2x=2NbVm$*$qn{6czK`8L3xt(f)hZ(-A957-7?Ag|1M+_Odz~W7;tJjWfUqPFkMMc2?b481#Ms~s&p6z)kwP` zlK`~|yO#+@%DDg0CRC-P`dq1%o)u4<)NxKOVY1foBdKpCkBrA(T%4WRI-H%I z+u2^6+ttQN>~qKN*W5o1-_Flmr1!3BE&A4UZ^CTb^Bse~mXx0az+aRDss@V$RUIJA zaVzL0iiGZ%%Boo*$o1_~?rS2es)?$Xtm%X&Lgt~2*dcw%fPGS29^oWkRXJs3#FyXc zvMte*b&eK%@ERe*>L|4O&R5PfWjxdzRm!ALm4qDGM~!1+0QEM>ck*&8xi4+j@JGYk^rc4VI%!RXL^y#)S$Of&n>G9{L$NHdI;h1gnxe*? zKyQMhp>FHjKW~CI6r<%UguZBS>i(xU!SzXyYoYZp{T7pMXhAvUD2?0%F2W_wd>y~XXl$mkD z<|8`#_RGGJJ^$S{{`H@Un~>?qKmD``e`Vq9=)%3=Ql9CFhuBk3qY*ehpe89dihM$= z0>XnK^c;S4)0US6ByR~S!4O_eY|C>#Y%8gstK~@7`u;IrFW(FK;5qEedimye<(XxP ziSZ6&Uf|YCAg?_5rT6L_isr;TwbP^5XtthL7`~Qa(jI_`!xeQSL6sByt(HM#Vihfl zzNVINqghV4Ye0$kf&cQ@EmOJuJeqHCVKx4Uf#)n_RV6i99!~Atr7}c4vx3o!s#4J? zOWEH>6h^-h!Wn6Nx>HOy*z%eL0jaR+dke1+5y#)DfbQ=^AYt6C>XGg;)rxryD7-WU zZa8i~Sg?nzX$@Gc_kFXW71lt;{0*T_`o0rsg)_`igjSeD;$d3V=DxT|(W3rx6(H8U z>PHsukbm!r=BK*!Zkgauhxsb$;WC?MrR_Y=FtuQWo5r>4IAI@p^?^-pE2jHpULv2- z(#yBhYgjWB9>gRrDYt!GWf8(56IpF+rJNpT@s(2#i+7QbF=6h%)+%k$DD86q>xlKuXck!zrqd+|iw%xXL5T4p0wc~1=DRU$5zA}~o^%jPtC9Efd&I&d=?S|ElrSN}Xp_fa)@*{ay z^mxyk0lC@@GDp{GEYEaRfoweiIe417`XOf4}^_VLI`YlUxqC^P@2>CIozvxWyh%$LurS54Iff z1*#mlHd7~um<-5~ld#xC-vw>OzO3(h$B98-lM|L|>y#vmXN$vR$=p3QqX9zPLz^SX zzAQ**MPY1_G4V9T`!A~}2l0>_==qoTBggpurT#0%LcgjpQTR>WncqYd-eVqDEa!$S z<+^-qJ5tG8Uum_SS#104htG%YAGn^aE{ViXX+n7JB_oEFDFsgm717uZh4%6@5X7~H zyv8JBhulmZg>9#{Q50JaR6DHfYnhddtLD9LUT-SP^4lJ*%Z}6<*^#$La#z==&C~NL z%2o349WA`n8mg5DzDy+4wv*!`PgJ|J5zkJ>P|ClFiCxXAaOXz4s#$CvoRY(J`{Zyh zwaQENnVP$Ps+8Vn-EF+DTy~$IW1s*Y!jjn7r9pgki!M;htE6Stc6t;(I?+7vo(4i&w&^|Fi7vlfzAVl6k=%ULHm@HGWl* za_8volML^Key11xZ~!_JCIPLz%CmqcpJNul`k+rLIY1U9K2*nEiO!*47@o!8_nxGc zG}rS$TMAM-dw(R*-P`GXoXNYmc5%J^0C9jeiR2_0k&PY9nlaxQV}|A_OmMKO9$pJ( z%G@1+mq$~XTBeFzJe2rT(TAj^DNo%1s7yd__?orGBc$ZBKnWn{5&fydpQ>L*QT36c zfh}m1@~o`(7MH8QOdDE;tBoQluAl;+82QcCj~-Lo--$h?ov$rFZ_x40BC*e>kv8%4 zu4Y@v>WjkU*@o ziThZtK=64w5Cqq` zjcpS$t<>&0*JK~rJkc84v=RkyPY+0cN2J}#5Q7%gRZ7}bWI6`(9rY$Um6zo}uI)Nu zy_l=O?(8wzXsNUGI|OTvBD2Q#y`uH{hLuLy%tNxDY#uRZ%Ck*2##^;#Jwdtz$<2SQ zs&{EF;7_->8fb4p~`E@rRMv8VlCtFW%F%JEyU zF|tza4nt=BX51YK()q+skng5W>-X6jPvnSWNs7>6qh&<;eO}+6cGKSTkOjLSe=47k zm-*v=2sGg|@>)7=TP;%8_sPD{BVx>g6RP<&{IY?!m zQ4wLpHJIZjF;d`skr0gB^6IQWZ0x~ysdkAO%_w^4jrP|_RwsXpYw=lqx43ERi@@|E zDElvI0wKn;hYoIipLtSChK;@Qk&KPaTuw2r+K4`H&bhmioV_WS?Nl&SAgAIV{_D^f zCdJ1%fS;%J#n$|g>Uf2)y~8GIEF)u7h^>ReEd91rrwm6}@=7UCjl2DPTB})+=1|nx z;d$#bIurf1D$1pIoACF?`AW(kw|xF+UuB%2`>DQ)=|!Focxy%9uk+U z&6lY2+SI>L1x)RwIfi8IQ~Pz8l$xMh?wRZ8ZE^QI(HR-6j@ae%tC&nU{xXv+;87bV zhcg5S;;j%0My&zjJDNTJL(i^U=ecvX5&eHp&$hp<^atvJKHLK^~q9AT|{CcM(5VR)4o8X+O~pTYu;yg1y<3A>+rxV_w1tBea9a7gVc-%0=G;#IlNLwKV z-+jg_t>&$Cc>wiy3C&}P21bv=gzu9)-iESkw4Hkm;L zQ*FQDFJ;k)bZbfd)U)tq^%8?dT21ucCFC{|bq|+FEnnnJQp{UhXLIK8JeU)VBneLj z&-wHvIRBR~VH&J}t~XQFWe=`aM*CDD!Zh* zkf)gX;^ODVGZF{viEBiw{G`D%*1Nml<|W`H$UN=TOF!9lMnLBRaDS|O|I`c{O^Jf&h7q|atZzr@!O1N{rev8O3 z_sNc6fY9#=aM4+fr(;cPlbIuc{OJJWlOpPT$4#VMU91v6sGg|NFr{h_?%9Ak&C>-*ozgoP8nh1^n$W;_au%JXCgwsDw4%D=Ov z(5;lsF(>^LkSgT1)xsfQzE0&&+yp916>CemrK#NxS`G)$=osv@&bgDZJ!K!qLf3 zC$=Cw0r;V0XKD$1kv=2&fBTuCz&;s;x%lPQgsyd_E91mz3!S$~A`eEJ6fOu8I`nLb z7aP+UUC3UTJFt_kB0;xdC`9x%qYx9SQwC~U+_pQ<@zjt8 zMZ`dk!x(+&_f$n{dc;4a_lU+}FAT={PnLkk@;hae^ZgORsO-lFq;U(%{TH0C7YyHJY0Is@Xm(3uj%k{D zop@f-dv1%!_yi>AiXdPWU)y{2ZL+nt{+kCFuCJ!_G}57^OYcTX5I#ss+*JS5YRl6g11F&fV-f^S(w-fSVUqZxzW}=^ z{s}PsJ}cAGAEASwTSr+0dr>9MMuuQ>mWD*;tn;^l>_q?TMy{!^MBl5VgSldwB+MDJ zG+X?Wxd#=gTYQcUP-=_Wb4NL$ACk$Tlu?2}mSGu0t;!otJ<}m(6VjdsdseK>B26Ru zU!nvYLx^kVH~q=+f^fLRX)wOks}Vk-1hgl1LnaK_(HN@0zC+7H{tkEUqQs>qrD5Z> zz$7#YrI0GFsf!*InmxQMOSS7HgLpB5)m84KYwTQEg9!ufPo-@%Aw(=or@^Pv_Rn5I z*5!0^vN`cw4Jp32dG%%@>g|iX&uo&tLXR&-CjQuBHfiutR676uf0VWX2vgNZQts~X z1nzZTtB#=b9SCFP;Hkoj7KVh$6XKQF_{_lS_0H7-l4V`MV}1*UUgFNk^GstCPL$2w z1OKF44w)*(-+++FRT7i2G=2@C_7HJcEJdbl1!@wwH+XT%X?6<9FPbepWkg(vk+!sU zbn)QBwZlf86>9UamoD=2&7>k6$Jc4KUVZb;G-SJoF}((}cyvcS%$)3q?Y~@|acG_B zIzJe{4|j@BZ2m%ny<;l*E4SVp-$`QH(PE)qGmIqLkr~^PzOa&HGG(QF2}2=uT^_n$ z!YO=p$DV^=nDR6{dMU<-aZ&RK-uGZHxR9mWE$crt=?W2P?P}Am&}52{25V`#rz|e} zzz!@QiBz=GStk8PqlfQo5U9o%x62GL?BQHK8Y#hMumxDP0p3-}@08lnYY48k*T@9U z{%x~W_JH+`HLqp>{}|QGZ6VssH7H3@dt}od-@;rlwpHSskC1mZ+e5cFyGGuJ`Wf8^ zo1pzwt>#JDhjVBVR;!)u1WL}rJ0|3fO1Qp8EPvCH4wfS2A4L#dM6?<`f_#0@spJT= z(u3}@u7X5#+H{2g)8|-KCEyb;u~}0v7@l@k>GfWJ;<)IJR=YP9L?nmLNjF@hm#>0-h@;|OxSDT-M=K0WSCO%-AB`Q6lNfHs zo`H(SP-wRLmNGOU+b4SU@gzzNe6P53!?Mz|*~qBz#%@H_f7A2jk9%r9O3CW~LD%7R0Q%&TP#0 zei(%Hr2yLt`|}Jk_h{+4NaC0dJhVlAtv|uw>y3w!{sy@}CRrVY*Qu`X@S5>~e(TQs zK|n`BYl_8MI~XA(2rLdPwGc-uSev+r3x6^gvvb0$P9Vg|yu;c;kdW;KmZ5Kr)BnNV zTgJAzuxYmqQv(e)%nS`R3=MPAFhj$fhMAc;X_%Rr85(9z!%Ph`__MqBJ2U#EBaM!Z z-ZLZZ|NdjivL0Vv_gclvr2)j@{EYLTo<5f{-rfWM<;oslH((yeuE^YahPd5E<;GP# z1QJvYMTJXH&F>qHB&-bkGW#dT0tQG|^n_+6zke6fC8oqeb$qTBpVCW+!pCLIq|f>8+tIc+rs#uR~0TQK6n8fg>5;!Aclwk?7^7A+`YJhDwU+FfM< zdZ_%HH($XEAJsSO+8RJmsd>?{wB4B^`>H4g<;^5DU~TUF%Kzu8a9Q@D7$ZW(^_giH z&iX~54ZFAid)-{eHKKdaJe1a__?yi+@?4+?`xYKCTxx0{7V@GBTW z;5Fy2{8h6Ny;df>*hzyytTw~nDEpIY^DPy!&9fBA%V(q=hq>iF;a4M`G;swl;>cs{ z#jO{}S8#;Gk-vRM(OxT?2YV`3H-X+=dw$2!UsIt_uc+_&6cIQj0awviOdHWcq@ws3 zCXai*!}EOx`pX*x%NM}fbGM+SF9VY_zT#Z5xc%*16@)@)b>THwiyw>^)ri&chS4df z>tdPm?;hbL&ek;dPU+FOaO-bLNTbc|aKVaBECKgjMBhkPRzldo9R)^DSjK5PnYG@1 zbO$PJWs*`UTxLD81v^EJdVXXAs7zPNazCuw46~PRRMk=4`oZnx8L{eC8EwzoAbY)iAsT}QbJ+gv;k1GmMCQ~Or1~IVO z_eK{!rWxVQG%^P6v9|gM%eZ)c8GX6(nFx9@-?qf?%;ZE!m7N&n=rQq|A;J9wjKYoF zyyRXv{1nSc{N`WCtxc*>0RuKfORrygqb_PYf0-x7)a}wd!k#n4>Qj3hev5Siw##p0 zqLce0*fZyI4$bB`4jKcBkpdm-tq(ru5+0q@fy{*+-D6$!w{N`x_XtPc`*VOJvUh|G zrffOn;iVF3G}R&ifQN}mTOnX|-E$7WKV~BG)C7Z)oi=5gIynM{)_U~)s}#u@n9f;9 zDI4`{J5Kz%vt@;I5j4<|aC;8CqoW;<-%gE1doQ!=ukMaBWHav{ZJ)p)af8bydkybG zw)E)&-V^hJL}(;S`=OzPsT97qD!n`e&C50{nacZsa#os#0shTpjviWWkt1avl6{W= z{*TettuQcfw4G#;ePK^`>hecaDcI4gLOLw?!=ge86H!MWf06A%ok^MR`;5|IH3QL4 zRi>_AwPc$gmY#thk|m@?cQURJ%1g%a8JYsR?c9Ls5@ByS+Dkc86Y(;RTH=iQ7V$0K zt2h>fM^$YR>K{T^1GmBOFH=iRQMIz@eSTI2bSui_i!5yQ-?1_T=763A?C7wU3fO`J zsK7`Bp__4?p@Yf7%BhnM3o?ngnPs2D$KQgnqAGDhE?2(qb>fsWx;B*xRZw)91Qn;O zT+@BRYwv`W@Ih%f&1a9Bp;AS;HeUDEqkGSnk&+N2U=nm+Pt|DeX*iMn7|wCgneHh{ zQ19mn0w`f|pfbW}hnRh6&i!oc20a~J+oR$)Tb7MJ(ckVyo&RM}pi-3}Z zp{A$}@G@(C5!fF^l)r}) zO-pOfnty+q5C8G%zy8IFvH#}DdbaE!*Hb;0vivh|Ej$H{-l3>+sPvga2z|^v8NPDl z_>Bc8VH$wC7OC}`*LeKuf|ixX%Uo zjRqa}qAD2JR=ftLV6P>_2BL({t^)7f>ZK-Mb7sWhF*d2&B6pGUxo7;?DZ<$g#Md>g zzMpRdAK`Zh8W%hKzcv36+OnhR0)@8jf?WgCBr8cbonTCzK}=3T{U{nQZ6x|?;#l|5 z0X3aKp)K$qwCAn4QGDS2YuOdZ&ochQ&;B?0*`?Go7$Vua?=w37Va^oOJyV!-h7Yr& zEnhZj*2Uar6~_Hf7+NE^9gYL7Z9Y1m(WdIQygS?jzm3u*7Y{Nz&6k}oXD#s*i`kt0zv?*+#w5(@R?2d3(4)-8!RZGtM zYxr036Le?>v$P_)pp?7K%!0Cuuw09 z^g0vsTk~fpaC~j_d}qNORMg+Nw%FgXWvvZSsbIYX_|<DB;}&G) z))Wa5aQ)BmnNs8}C37r5bFK0ITB04`yE>s}>65y*~MBXw~piiro4XyT5H4|E9R&X3B&7c!&l4VWW z@X_OOQ{LfTXA5MH$Gge3f7|(6X`9;S%zCM0XCAYv=^T(3K1xEoy1L3T${ts#FiyPJ zU`WYQr=K@Xv}#T(mO1XX&0UO0+`-+z6FF+T(nk^> zbjhj!9hlc)NoVF)i|xeGhK4n{zx$758i=e&Fek+{GF%;te(QOs)D`7IbOT6|mwRqeajhZ2lb}C6&r4 zgLZg4sy5Cg9a0Y+_K{p4VKaKL;pe2nsrS&g)DFPPCGgztiD^ zJ=(Z85ddoH8tSg8K=%QhS6L1KJ02itPD|ILShlA@gczmqai+vNvZbRiwN2Y^R>^*+ zaS|O)qn?lDeU2B)VVrjMFQpr=WD>cSU?*=oyI+&J4oHhdoIJ_xy%v-|$yXVGR|#ll zrk5Jb2;=8CAKHj0WS?HhAj*ZTp78&LH zR{yFOK5WNgM#5zXFa3zI?2}HA-6esMd{EC7htH;Lq{BAvy5w!7e6)R)6?uGw_V+rA zulcsBvEkAA40=aJgV<*wp6u_tqscX~U~Y}WP(EQQFfOWRNfS)_LNw;025^&x`>%)@leK9eHtV~M>??T(AxX`Wpau`;%KbPL@SEiuiHlK)y z)^tU&B0Dl}BQH2-yH`-&~+rc+J+Fhzj8V!A8AuV+~PXT-8^g?X1$V4?G zc&MOnaU!BiP~*&YnHWOt&@(SD*wkj2sz*Sf?fk}1SJd*D^h|@njd?g>kkIx@*AuK! zefMj8yf6hiD$5L2h)#wFM@d*5xZ%K_QEa?7L3#`sy*f%p(LBxz)-ZDJmiNf#hpLzD zZI4KR*xPXB)#tS-Mgq@t*(nTC7o3_Ci3?VoK|=o`dB5I-Hu+ zMhCyvhadMXJC7!0CScG)t)1=-HkX!-2DSB$-n8L>2k<{sE@bYDP^t{7ddofdSO4nRosoh$_DJaOH)vCYZ803 ze1af*($bY}lb9lBsbCr*6GWHMH4Wkbiu_|SZH9wBV6TtO2(z-L^e@)(8miHypAX%@bTeoXKxoo-Hg%OQ-E zQBCs0D8Eg1$j%XBPPg=EDisClp)DGTGPQl`Cb0IUko|O!)AoEo34+&^5nVq;o<{{m z$yHvUoe(_zg75DxnTnYMftlPai$-J|%e>P_Q;K20|9*J(3-|v_cvkTrc=p3T@a#YE z?El~JET3$!1AhzTK~w|8+u9gWGH(YudXE1S_-at1DJGnYP5Ljsu<4z(jxy}e0J~r#V}Q3K%|E- zx^-al2#0bueY5bF5V4OVM7ii>ef9Sg)!nDT))xdWf?4^`L>;WT!Bw$fd< z!63}vxhx@Edtx*@^08eQIXCUu)wbV4I+qb1UzX=E+&Y{i$s`oGg#6JboUy`KYvb^G zwR-po*9q{2szSqykm8JCIrl4V1aZAeHUL%0Zr(N`~9Y+48JR*ZGdBtO%XK z1qC}y8x8HETxGkwTya~c!L&1-zG_~NvqW?`TOls01kF%ILD}H(FR~Y7iw~ z6#9jePx|h@|B;{y(+feE(jHx%fZ**b6)SZSrI7DJ{P-~pyI!`5|9bv z??^|u!9VfLXQ!X%Y5tu%+ALJ0b9fhIyV#lgn20dN5LIk@(^IzVsIHYdwI2|nm`W}f zzvmH6bW$ExMjieYYxAaG&bA{B?9!GMZRe-CfE_|piaN9`t4Ru?Q&4M@-efA!WlNzs z)0Z(8S!xrr1b6L~8PCj5lcZS(!LaZuou7y|+R`pIunWB(Lw~#8=sB?Z=|bbNF^z}p zw09SubSGNVfO2YDM8J)bm4SGx^FuON^46{>g|FWx)=m6?)uO$|Ry-?_93MU&L6(=x z>;BnRu6a^O*k7arS^`kxX9w+u82oMierVE}uGnkt<0f+f=(~ zFHr3@{NqbI|51xloMtbF6kLm;hrmui0O#@{?kkns!BHXG(4Ed$&BSK{lc<$v<~MbD zmDmgZg{yD(S;HG|6e_!p>F_opMB*hEZeMpd%#6CF8)_IT~ z(ahs1=%hIjX?Y$LwdoY-bVeTUZ;xN&bF=&|XP9{OIw^0%;BC+_>6AjON;k~!I`qutwyA=G>cOO@$zC587m?v=PGChf6o`nnRr42AxsNB(?@s`D|@T{5RT4cC;E zp_OX0@Wd^8G5yHe%1t}kFYFG3*-kNGlN>d%hnN=fd6Z8r>fja~U&aaM7W&$2tBoQ~ zWSi^rQ)XFxD?20R%liU=-LVjPlE!y$rdsYVbcO(-iJ9N8i&22C7M)4J-OJOWV z&L@|ItK8ht4_QF0@qeY{z|Hw_QuI2V9JX=DI}Nvu`}Seufcqr+YD37wJbgN9$+_>{ zi(0Lt?N^&Z*h_t4DEo}t;oT4T9C}j6f$p0Dh|9z{>bbJ3(tMugHj_j1o3TOwsvsf- zBnM;B&DLS+3vOa-aKLATfXWAR+3`?XP;^XHdzsNz3K>^z9sf}o(t~w9jyc>pS*q5b z#XhMvY(FNqxedntfP0QCdzO5Kjoy1t^Jewcp&gKikg8pH;3_}!_-xt&Sj@7S-vO{K z5Z>}5U#k;~*(y(?vfysR$Dbgi#&5BX6PcCw(2rrW&oMlu-_q1#lmKnxEBf{K(VsNdk+iiz~Y7fO3o><>L@7a@^Ht&ukvHh zY>2j;U(qz<+eeU|k&TGK6#LPuS7;H`=rbWy#sg3yE8g#evy#EC@0N$vMVO_Fa#oXPvyK$L zt5P6R;;1KX6-dW*`Dg}5(RYqLEHY>paLl?TaB__j>v{ECTwpFnS42hiobe)MPpJNA zk;wrm3T%+pATVLu;kN_1aq6WlMI(yKEigOwO{j86Yn?{G8EAzezEDOQp5E~gu8ETr zKvI>^7+{ubLEIb=Wj#2>eEIAJJh(p`_Rm2Xjo7a7%N_}b-+o2e47ev|(t|wOjBAq2 zyB2p(&73w*NH1wr>>OvT-pRVfnLbUNK{ehdom!+_ZYikO(^!tE`@@Y!Jq!2&7 z0bq2jVL~Ku2{J|#MK+sm4CZ|ateJ=ug@j`cIpZt8A5wn7NFY5C0VkNK@gBxoGGqag z^>FOzyDv!?))Xz|!69l0jNQZlluN+Wo0JdVXa!kK;_CFY^+1ac>BuT$W-+ElpKhpmfW43N++DUU}MQ}JET@H-Dyj+oD=)^jO<}}6i2-p z>5JN1=YJxvojmUlj?|3t85d{e^2rsIcG|0v0q_bendNxEG_VC`Phv++x%H`&x6?&E!cd!|bo(*xljS3#d2-2P%$zuD(a?PAVlL z7nv5T{y;%S%p+pr_cN=9P?Bf|Ki!v9GZLPbCMB5*{i}d%d7R%gTJMid0ayk~(t#g_ z#NQ7GsL0;D?E!TP^xtza`xeTEP5qwDr^jIXaGneLLedx9PGMUYk(wygv!>7Arqh;Z z_dbAgOV7L~>s($76~{L`(3r#268Y2-T8ouqjHqNx-6u|wN;HyyL=tAtFpWd}+XS53 zOi5Z{1mzRzg)hbmA@oOqcD$}dJ3FdeKf}6r$ZYLQ$Y1jz`4E>724-w`BsOh0HC*K? z@h6JOKJzKn{BYU?<;J#-5$oJP35PWgQs5}R>|&A0!?3YU7`_A^%p_l7$@X0_V&}p5 z8btiY3jL5@(CV_g@6JMAfDP+V1{<7-ZP8@d-|mIBah;#0XhRrC0dvJ#G?e{FVm#TL zP9aRdh)D#&QpOpVu_hS2b}~`g;=7m@Ogh^;yj9Fzu-k^nle8Fij7?uPb^$& zt83wgtU~j+BVs-!rFQ@=gx0ZkO%1}}uTn=`vuyPF*0AcqEUO1E4}WKei`Whf!k$h|Hvxj!HWx}UsuS9PpL-|SV)nUrW#6R}32=NBykJk!i)`(z|`R=rcty!XUf zhoQ!6hnO|q-m40>ICXoUqTlBHQPG|ORkZtecX_Ws_4vQZM0?HwH9sC8_#jOY6XQ=C z-+1QkO#I{i1%b9l>wWgXTUTdWr!qgF?Swn}06@$~JMzPa79m;g6_$E3E1`?iYXk6T z#lbK#+Pr|J;zY$k;WL3kSCFv+l*zoO#db}DZN=QaLgiFD3QIumN~zT8z_Cm<#u<+O>=io zJIR{{st#N%c)cz?>g%`*Kd~)1=+fG-_cq~9K6ZOi({OG2aUTPYFAgW?aDCN9X~L(e zP+mu=%ie>9s%jc}mTl9Vz|c0VNX9UKs~7kvBd`GrZe=ejJ7u_mt~e*;@5Q#SK)-WE z`wM&0596CHMnG6HUc1(a8It6td@c&b}Bazq>Pq|5Vb9B4JJ`bOcVmNeyscE;?nneCCEsY zqe+CXp01b-quo$eS=|<UtptS0qtLFdSG z;ZmoTS~(k08w;7K`dFLHOG)Gnv54-d{48jg(Wd^068wEVh@OGzTH_943~h*bGCCBUHmw2jXTTS7u29y|7yP9P|2K#w#d;BCg|E zv9?|YJYyBXZ)v1D+Ul9r>hkz%GU1KblPzhj`- z#`v66#Hd0wpvTNS!@&1I=sdO!55D1+mS&W)3^&NFS>h_EPw^MMI4gFIA`{r4Rruu+ z_R!T&H04p7yYyjot`R}4jVatuu%BY9P@48M7%iW5f$td0uOH^ySC2M`h+}K&#}>@b z`==#Qo2q_<@9#W#ZI@+%Z_0=@QNzKVX(tcPK+znDtCjFA^^{GlmSmYHKNr5Gwq!ZB zv4ZW9O8PQE+@hXrYJoz}7tkZ%;8>*sbC_qGfgR&~4zY>yvr%$dHuUz01yhicydEj9 zl5yWpO=gc))T%xDx?2MG-6QhYyI0^#5o(}X`xzajC|R2}Fs+D}3uF-l@-D+>}tBp*4Le7Vn)Uc?qo}e9c=q0;;~L6lbPD zl>v^b) z+datIXlJj(M`rN}166_$Q-3=|iZ>8I5>?fQl+2g_1>QfS2?pNnY|(54kj%atDgCsd zTMiQgXwPsB)hDvJzetVGz+@oY+9BmMM@v#>CX~stjBYjxdCjbhLxipZL zuH;K!n@hWG)HJMT;Gm#9EOhx}Tvf5kg;|KoGP1@Z8=sjGbtxnBO~`MPP1`JSjMHw$ z>UDL~-l%tnzo+(g+FC3eET)0&va2PLeHftD$$iPll4dDsrh3?sZ~Dliy{=Jkf3GAk>l+mEi4H6)IP<=A90-D*Ol)@kq zyQ4jKPr#OQYun&FIMURBTkAabkSMdik5#HHp*AEOwYL!UmA9gwKPQ8@VtXjaVdhVD zOlpE|7g#zf&_f!=S|p^o5Hi@{8sUiOD5C&0jk)@q|)!y_j-Nd!y!% z8?&Ztdb2HGOa*rqF_aABRpSFCITU)aM;_^&aVdTjgvSZ%86%6LXa+Ye+zvNpX~`nO znRRtS2@fW(GvJon#+^G5@_Qf_T?A!3C$kqTMtzi$u$DFWp7C!0(kywL8gIYlvU*vo zbW*(F>4d$q)Ygtk_j&+tB^gSuZ=K7EkhHE)P!@_E_TzpvIh;I8Fx%2OK4tqXY(%B5>mlr~LYbXY>US?)9rJ^X4!?%lCsAL)C=|Q|aSu|fej~}P!q1U`R^e>np!cQ_p z^3kF!jxuFEN2;In?~vUf8hTJ>PugUvGQ;nTLNluuZiZ+;!7*HAa^?mp;>Is3@eWF# z*=DQuJS^XehPVzV!k3Uo69DILZ)FfY>_P(d?SMvh=i@isHtyBv2V~%kf%^9B3HIdy z)r~$W~EV?l4$ zm0Jeh$nOJfkylUFdl(n71=A?5MrY;2o;u#$4y@cF3Q_mNvjAC~@2`vVhQ ze)zLkubM6cs;H2CIMFvc1c4}$_!b`yqbP{jL?}!i^er2ny`}kw(ch(L>&%{|@ z1=`T!Gn)Bed;jk^t0_a#h8ogy zLHo?7s6;PUL?9kY?w|D_Xl}w^)=Bj)j8fm3t-;$UUV23D}0av4p=*H=U@(J$>(Z-ktdwEbB<5F*lrB9Y=YCqy}yOm6_Yf zRjJ%<9I08&nI%@%u6$*SccjSvhfwE?{pu}-4SzT7-m2_X%th!px9CE$g#~%_G#O=w zq9_7ToG@V2{f#4|jO;7Qi=S6*^Ql{dNz@^H$_f7|pkc;Fq_O zCkNnqGWy13=s2}4P$5%R|9EzD&_o$5_KBb(I-V{`3fJ^^e091U_Mhxn2Up^5>h~T6 zL1JvVkC75TVk;2K2xZQh*OWlnG2VrOLB%wnIH8CLdGnZ)lP6fQ_)#8;wzf6|5Spt9L~|2?Xzncw|Jppw{NH9<8;!KfmDK@Ge$$Lw zxBnC;v~UB(2}+K8iL60>fQ4GW)VUPZa#Pj#E>uKUGSXlSN6HDhQq36(1K{YZ{Act< zR^fE#0*$^#%5$Mw$24DEso5=N?d6Im4-wPuv_WcHir!#4klJ>L9#yRjiUy>%O-c;J z2dQln$;UGbssE+6RfjN&K(&RsfZ18;Gx>bSZ^#t6?tS(ESWQ!YDSFN5fB|&5KbAuS z0F{5#woTyGZ#3xubN^P8qNYT-DmJ?V(L+chvE!RL`HAC{AFV@ZN(1?PX*(?qu&Ul(rTd^o@S;gRx`ONSatW$5Gi?1_VVBx@31VSuWp!-c@O8OxizWE%94i4zq(_I(7m>^aesHmhDJRSiXiNqLf$CI z=^4~q%egE|M>;G^ud4wQr85{q-VEhMVknlefX1e~d#y(s6Z?ZBh_~ks51RDp$fc@a zu!kDMvh8ej=?~ijg7Et^CyK+QT;IEs<`A5_;c#n(SZjsj8&f=<=GHS4%X&zI-;$68 z^6`F*MRYsvuxvUj{DOS5z=A#5F5~@N%3%Y`K$>ned*sf_^(QYI z2hh}UpABfqn#AEOG#Z8EW6yI3kVb}+r zsE40s7aTY<$UQs7?daYIB6c5m-n#T6U(zro_;z-0M@b1nEc$FLm7wKOSyp~-i@a%~ zXkW?`)V=8nly#iG@pE#yJnqOlV1JqhZNBSX^KV@pEw4m?jZu?|sANpM;`C}}<@z8R z`RI)jt#JfjWMyJF#s1ILD^f6Okqkhwtx$*prGE<~P@J%c{mCrV&VRNTx)D4&ca&#{n_;p1EHFD(y8o~27=nTtU6dpn z&6ZEYe`LoBQS|UY*|Czo#!VDjH9VgRl31nwd;7$=<94HF{hzyaGj^ctSS911>=^G9 z09W9q7(%{KS86O=m_8(p+{Av@-(3PXl70x&zq?eHxUk;EvJ3Ua~lj=j- zJ3EA4B&EOsA7Tt*TJ;``5=T=wX+U%~ghY=0Hz`9g0iQ&5R~Zk*?75!LoGSS5hH3}L z$rg8EKUjc4bD$HF0Fc*gP;b=f$pimn$LQ~&Eaj(z97P;aQptCtm;Gnxw!Z+gV|b20 zcS2<5sBq`Tu-foB%!WFzr%h6EwyC=bpe2B>(kN`<;~^JzJxa}`N3SYO6*%$Do)Re= zm<*O|L$CBH+q_psMr53fs_j(0P*F>m{zgyz1zzpPa<`5+WaXMJ%Q4fQ$gvz@r2ZDH z6I&_NYV1H!n6Gmo!^%Y=#n8A(rAA@hQBHhQPcjlalCa!R$eE-93=T}aD>e!3rY z?=;lp&+BdXM7i7#_mn@sSU~NswY}k)O@7Gle-_qriZ zXg$;z>qw zOLvdBfGnWx zQ0wZ!{vj8NdAf&_qgJ{2dv2Ua2`LOAqnpCVcpliEJ*E7Qs&tTS9e9Dg0Gr?5 z@}*D$b7$4JG|Z{HouaIDz14$WM~oyUi3Hq!zZ?3_s25Cb-M_!MT{^f1bR)&rzYDdo zb!Jw8S#J5zK(5MEwJy3G{P+-aQO5+VtS2)$**1s zBl`Gp-BQ8~41A5NH>YT!O_ND~UG&fFJL^ms37mcFvxjnB1s~CfizH%UBA|x4Pt89M zPgv#j9al`2cKEQT0mTWuC0mDoW?%9-bmtUEx>D>G2%3F0qwE#OYBfP-+hZN2 z33CPG86;~|QaKtD4Az=9p?Z+ncJ*IoTa5Q}m_V~_RfCD^AA7{fc5>T` zP?ituBCm7LvUu)`gi9|tlQZX+jDPLEd=zFpxgzgzaJXpHdkDqIU}dpcoS+PtHGPeG zSR27?qH@?|1gpL3=l2(Ku+~=I>XzP|m7=!aavnOVI`htEjR700>$Yd!n$ORgn#gxu z&ks{{qf$qBgec6p%RcfjO zMd%MKC6N3`m6mo+=ZhBEeQ(J@zG*Bzn9o3Ev#}At#>V=L?*Z^@)I+QItZ9L4M6;u~-kqWkTEx96oTueOOMG5|pX^EUE2X%sNAhoSC zP;DzI{oy|Ln~ui5VPsszF6{`Mj*FzG6SHw`^5Y={Eu?J^j`{+qJT_>`WBBau?%t;9 z4!riX;`i?C;KYffE^si3=X2*;StYD9(e#{MTuH0A7++9is?NHKLk!rAdg`L#c|!9P z+l-1G`NoPP46qxNlKO%=zwj8OXq#aJX_2_15mWnT?)~x~bMNFe_HhpINHb7rH1Gx9 zWH4S&Mnj7{=ZXS`Jy}1=SD_AXz%Khqfkp5q3A2pZpc47vfSSW-7_VGY9kCnKbp}dp zL*S2=pzKb(4m29*vY|LZdeGeK@MrFw9AHlTkGVJ77`*?d1#s@2ang?3M#P=YpyZ|MOqD-dpo+We-YS@1H)tDGcMXf`fV_@p5He$KxW&ry6>DIvn{$c z&}@6wiSx&7Yj33Ksvq%pcq{;X&S2D5y`PRnXc!C>9zz3##~Oj*vE6N8c#ItquD(cC*R$bNITE3;QhtqRr&y;z%%Rcj=N z>TW!86!Li~X6!TGuc^hMBjFrt-F+sUh&bDE=m_`GUjzlKh?w!;H&@1j0}uuWvo;YP ze|#5Jpx{tYh_g&81j-Y1nNH0)`4OyOciJDQDq~sGG_mXtasf|jN{b+Qg32Fxg8ZR| zz^QieI8dI@STkm5SbV|mVl~4%V$uvB@=Lt?c425VofBSs?-e3&6TIqmP00X&TzZ^n z&J5an^>HyGm(N))+bT9NaOLVlRRor!4KYOzR;STFr-x&0SjYHTW0trl9HC`uct+XvRe!H(jlkzpPd+CDUU#uScvPB z4Wk$7d0-Wr@649eC}{bu;E?;A(1`uI_EGR61|(0QU%*(wF$}-|_B}>>tpp@bPy@*m zs=&U7ps5xd7WO~gU?b$jqiO`ptBMB_smMQ$$ZOv3&=nUT`nnb?Oh`@}>QPnxOC)eNU}4C_JX{S9t84_ih3gFc{Lrv?VB%3V% z$87ui>`Z0H+o|!6;Kuv@QeE-w3=Hyc&@$aH+^##|)`6p#T>kD|m6Nb4@X22#O5z-M z{d}z$49@rb1;0ENK&GDVy}OGpgf^h}6b*5!r27CVmSb!AyP9=a^3UE&dLuy;_CBTA zY0E&!qXwC6Z=NFxd7T?^h8Rmy%bmxT_b_OYu18By2;DcVL^RvBjH88v z9VCM#QWM~IVo}KRWyqgQ6h=UEFRj_GAQ!fM?4Ub3ITq$smm_|G9x`a|HNOzDSX)SN zto?{-NxL^yNjncT+rl{4u!Yd<{p8w_&+LfJxyjA02Z6b3ATW0U1m;!%=Uy&c6qXHb zD&`?cbJ*zh_#T8>>np7Ek~#RR50rFZAhRvUCmL1ZHD86joL0OooA*NYVgO+ulS*HHVkf zaw1(;&er#yN@FYkE+>z$aVaiZZ$Eqjmuj9cm@cd8ikui-mjT%mu#t}(T7?Ir3;iaN z!o)Lx_JqI_pgm!jOy!7jIM?jfi=O=K_YCih=uC=oc^S6y6%`|T0d*CxhIV|9{@*R-}T!(e? zzc$~dzx@eGCX&2&ce{}vwd6z`Zp(q2uXc6qy~Q7Yg4+AP{0YCY;dhXd7Bl?6&6(*y z{g(h)6VPt!Uf_%va``!;hJ`F>ZhHg$L!UrvvpZSD_&musR#sVo;O&XvM6gh88|65r8lz7^9QvFSco{8b=Rs40zJFDRU7{8xdjM(CFe$-$~X3Z3cN z05e>BHj?=%m#``Xv)a0F zh&;WDPf}HJe#rodkzr&tBUfO7tN>IX+cOij4$aG@D1nj~pl{?!3M=(?XT{La;+UHJ z#_`5Gp~It*JnX=h4)WVhgxw6}-R{I^0q&FUZRFOQMbHD7B6kE6o*s9{=z#??Dz$@f z%>rpcW^!ovbS7>?Io)n2%Vdk~FHyl;5p|5p{0zQ|J6(tl^t#R%l`{pB0WU(#h(Nz> zB*<^O4D#Dj{U-SIq*{N7RaYL}M6&Mu`fk@cNp{7v*u?Ch)DQ+vTdI4OgY;Zk0)7)PBMyFt=9 zs5v*(w&s;_p9hZA$jhDj>}HXU6cG@by9`2eo&TV@Hzbpykw|L8~7Jy*pjhmlt1mU!~K<=?0kXi5AN`0qJe0i@fn)YpX$e z+so{QLgkegr>E=H_`W=>=!KsWn4<-VtoIUX6Gah!1PVGCl6Er9dek{F5tI>wWMe}M zLG#gt&MDS3Ab|qGiNa3FxV*dWLKgWBIUK-2=Z`>Phwv)0Jva0QC{U>XBTx{RM7UeD zu4M-H$4Wu{u?0#qu*5kj6RQ^d{n-}Dzx!kI4V2T>w-=|IyIEo;cgOfLyou(Yhi)A` z1M-HA2;$e))&hb3u|-gSYy{XJdrHarZJucU$X1#b&OXUrG4679ww+E`KjGGqTcmO_ z=3KIs82=0Z5aUZ}>y;#qP>;8Tx_}H&Z>v%d)Z2!F^tOFKy{!r6JiS?bjSJsQ=~x-J zV=zovIxjx{A$e^r&9N|pBSvw1LR!O73+0^2O_0np!-tGOeY7p1q$DLFo?T41@_BF! z_ph4Bqa(dhOqJYQBXP!Zv*@i)%qn$AXu0LS%%Y*q;1B+`XIu6L&xCe~*8jQEu63OK z8&=w;7yy?Eh|P7nFS{hw4o3^UZX zPtGWb{al|g7=8v%ZgNmPajdp)(nfhxz*9h&aLxIxW9KMS;TY(elKNU-&WaM1mh?X3 zUU2YRpNP(W9uIy@ozM+CwV7?th{60fMdjZ{iW$ML&MJxP(r@;$JgbmBm_Q+fg?AMW zpzYoV@SQ&k-o%0Q?&ME?tdzqP^Y8rF$dl5)@?-da=f|e=|IUx?f%0Qrd!YOn1t>rE z@ctnK9he_mf$D92Fqa!Q)BZj`B3ad1`)yl=fUUZf<*E$!!IXzw8S|VW*bv5KpLL6T zlt{$Z8F_!gq*&%lkx;#r#@j^Eq3-?c)=M-6U57M7ZMz=(N#5SehDWPnBvAk7HU;=K zX%dMyTWbhq%+}u|%_plS8dOIXm|p{5CY{&)UAlG%E~}cA9LtQa-+*YCAv4CWpkBI? zjG@F;wvI!M6uYfEqU%I4gez$&f47T`Y{@uNKt=#Hg;{)TD3{31_35pC3;`OHA9EFb z^K_Bi&fgSph)wW(_+wAV5+Qt3My9~>yo`PtsjBTXGZhyjG*)yNfF%%n*$)asfh7RwR*SyLgp+02UOnx7K<;nYVrQfArwYYBGq@xH(1%n$P(`Z)s(|sa zYJgl6lFpk8y7nOZ87Mwx2?krH#pmpJ8RSpm*0=8$v=a#)~5A-=(#e;q>V)Z2_m zEfXYBV83U#c=qa}hwtum^*h%}Ij+I=Geo)O}E#jMO znGlvXjzNz)7rF(;SAa*hR6aJ$lZCMYlH9feCAaeWVa?I+uV(F*dKFh{ z5EKh(iz-hHCFPlw4UvcZgRvfX=VA756s}i|5Ddv+-$DY3c&*w43GG>GiiC zysO7)oeS%hfi{hqVZN^k$(BTr&T|0et?8^oZgA%aC8WG*qNijQ9S!if;>HQ~^so~T zQnj+V1-}HuJj7m8@F!6e(==cTh{8Q{@++`FrcRTu!LX~!!IBASF|$nrm&nf9+=5>B zJ|T6FDhXmf8ArfAw#YDbCZa@gD!k?}3Bx_p+C=CEexIAz&;o(U9#O!P(~VN;y-F;3 zpa#{UPs$OF&W9grnc+q>5I61b1|VimpajMtL!uYCG&l;*TJZ*O*$OS>02Ql#t~G4o zR!ad3^W{GfMD>;np$*-=4_bJ)Q-KAt*!;`ZpnfN0m8Z?_2Fu6k4ONpZyZ2gCchtXv zpy^jVKQ}TQUU=`1G+y<8{JTH~2UYwtX{RG+n!?WSE5oN_na1X>vBZ*Ij zqnTuPV+pe#EUJl9EI68Ts$yqD1=l*q3|K#s@1!DryiaQ3m2ASLquA`#aQZflAw>E)Kn%aO`a zTRL;68vK^pzNSrr3tAea3=e(Xvbk8v|BK6Qi3M`GvB{kF=rJQ8E*DDYxvgaIjZkTx zcHS_~BCB9kuAeTE5DI$)mSv)qQvFN`F;&O4|cU!Su+a(pCi!u^T)Ua{m%7I)ix@MT) zrCC&|r$A!8r2SgKq3}Jm70Xi_Q@|#%6wyJ9MmcT$=ON7VzD=UGR>d-i8~K`v_d~$( zbrXfMQgT}6zjC=T@B-zzSBZIzzkjNKl>%|Or$8>Z3mQou!6Ee9@sC_lvDA|?FN|c# zpwHUxhcL7*gw(B9Un=z{hk=)scE}XHFVnmv|AxNjxrE8+| z1B)UtI%+y3p3I-YMPVWz#O1p65bxyc5%$EF>ZwjW*b)SrxIXynN$rc0?CWvR_H2nH zaZDKC4Iw{@Igv9+l{Fdj`XYU)%(=uE7Zn6?xfB^(#_1Sdq@v?bNrvr)tfIkAy#BFq zs8sa@_>OFaOD+^2yM`XOEJkpQqOeB~FvJryK z`KUwlS(4!qrX$b3=MLP@M8p>vUH+f1vdF@(qtny%O>;j=18lQ1j}fvqsaT`N@slXj z;doF_v0MW9;Dlp|(H0pzEG;5N(nClo$Ia-FWL?oP?q6Jz{ttWi*j$Of_j^9Dabyty%f+y{}VqZq1FUsdLU;&mpzes&78O_lssojDaD( zWN6FDAi+w(5vW-s^|phm7h33OhD^}9_?hTk2gZ)rsv<~UmcFT?5E0OR&T`}Ye@r(X zPO5`rQ>Z21$8mLZ8V?!ybD;xgxgAxOHs99H5|0w(kC~*BS&Vp53PKuxi2`J$pD7zz zP03?*B`Hl9W<28y_WFfCTB-}t&WN9PUPR#iEvr_u>g6#$8@G5XZpG~uwntkG3tyCq z-!v_F#~Qw|r0Aoie9m%PK4-bB|IBhz$)uz#z>N=pv)nIQQt;c;J}jO>3vwU9tf|^U z{5v7!`Kvdapoe1nQDr=e<+|_dPr$~lcU7K~&x312-S)0V6Hp-Ak-Nt`Yp?VUIQgS< zU(|kzOW-#^>d%hji~9K6+oYX1v>mxhO3O3?`*}8rg$cjbns(!!1iaBbT~xEVn7- z8Xoa}E*n$Nzz}*77*M#sZ<+R5?w}?Mq~+Zu&XrI9hag*4M*ii3O4Z`{?vcTeIe5Zv zKK@60-mKo5deEL%BNdI`|I3-&l1e&+@RB2fLPz|u&F?EzVFuDoyk;_D>w_tb*RJgl z51gP>70Fx6JsnDiKsBH%4>7@t`e-?f9mW8s-?&wOOf#HeGH*qq7>k(v&R5PiQYe-K zmMGf;O_nu{Rbp@1#QFXbauZO;^+}L96mHzTgxVUU9!c5A#aDihgu!Z8QzKScq#nfh z?VS@dHf+v8^I5q~(Ska?C0QJx*$3dR1IjtC=p~W<>q^_zwSFG{y6NYu9s=;!072>w z(Qg@_yjK$xd@4%Q`S&t+oVA$1$LB^IuDX<@-FqQo0}?%30n;q{J?)zZdVJ%8oOpX{>vbLg2I^a=;Pp0BUZmNWR zU)A{(`$~6$Ai9CCk(58g8guYOD4H2VO*Q&neFDom7XM1`0Wf}CHNQDz>&(B!D?EC* z6Yc?kS7yl%jn8H7iBMHR5RP_)-*}n;jZFI=%n$A3Kq>Ib2-V7yLXTg+8mi6-0Coz3 z3{GcA9?8F--4!WdwLR)&!5GWF<8&ZQ&j-S#eN)Jqb$DWPXZdEONhYI*A6$ z_at%0ROx{D8l|v;_JebmO7nDlrlM$TKOo8Z23%c>Kx`=B_!y$l*efehXQ!-8%34U- zDVjdMxZq@yKrR#m6XDJUD=r|u0eBoVW66a-{HC}P)!c722CVvICRZyt1IAET+6-!rw7=0*m0 zB`3kDe@4@~-uf@HX>NLB&NVP|+mtuRQ0>l2#2;sF^2SL|Wv}F5p7@E7xql*L`2Qee zUBA^`ohW4rPjo&JG6VBcy7(xynq^STQ+tXTsW>&BPKjq%1ef0$-u4~cJLgcI#lEXj z1StGEyv@|HDOrE>J-e!M;GT^#}M<4#FK&Q{=m{7}+v zsYy-1u0M)2N|SU^88oG-$abL%nW0(hn~d%YkM&Bj$B0&a>PFh@6*9~2vyafUvuXtrAh7*JReeM%?>1{4t6#K3Ht1cyEY3ib81CZ7R?`l97ow$OhE z6sTK+YvJ^&8~{__9_i_5;xugQu&Ko9Ms0OG-Y)jt7+ zo|XKIjFC4OT? zbbbo@4hPm9C^ao%2ll)7>gc=x7|G0lzkgx&dKO~x?QS+N{MkQtk1uB5p`I`K|94%} zu8syU6j&q^Es+519L_J*_IloPOS2JgfS=j_YprQf{>PeDr#e3EHsJPHp8dnY=28gY zBJhLV83-?+XDlOaGCXq{VPj7wp(PE|RIbm*| z*w2sK)RD=-P}5?{58DQ00uf;W7=BM0d>OiTLjotXJ!3B=KZ)`EGUTR#nOnT;_}MKd zwj#pd5hX9`kICpg63@4QKAh)o^hv(Mqo?T-yhw{-n@eSI1!U%p@k7yXEkx}*g}mnP zJ;CZek?#S{u2(lBg-0y<&GF4on_cha?*TS0uR3_BH8RBzHWellcso>M2hqI-dzJPSaE%p&uXA?y5P$T-TexWg$yc2jS3 zrJN`{+A&zqpEz-KzIJ+p9N=mx?CZz*J z-*=Fu&%V!KH{I7fFpn1tM%4_h6epNwTqfdCBoK8vygx9p=)24YcQgaZu9f%Xn38Yx zs{9~J_7sUZcJw^Ss-`R=ot!1^bP(*9BB~|L=&$fE%7r@vw!ak%ORTJp)&2+^^o#sv z4#~tUs@23xwN>p0wF#Q>$j}y$2LYm2y`268AVezRc74R^wVWV2VkEyJE)QwQ=e@=q zhvG&piubJ}yAO4ZEQ5@LbA0jv--5R$hGE8xhdc()VIEv2J#RXvJKvH%9>NX0MuLD;@YcGRFP4WrYBkAJRx0lQRC z0Dl^FLc}KXo3H_@SZgqdLKuYWq_=(xhc7+SwxGh)~LymQ5=8|3cJ2ww5d3N0sPUkx0A<7siF%G%`b0m{^4TGUQ}EAKM0jlCM1U_l!stp=F!B zOHOueGRh)q9j!ZZ<$~AZ>fv#ZlR+akCQ=oBgWvJ5FOt7&Jw7kOOmuj>bIs(DN=7~c z8w##4bPR;q-)Cf#nyApIWWi*9fvMVeLGiq4Dw^ybQX6tYaX4_uqUwXwK$BmsNXB9* zvexMs8a6b_LYT1CSNQtrR{o@m$H!u_9|uxo)EpvNG19Hk16{9KIly;}KKl6KaQ+x3 zN_1b-i;b_jquWGRP+Yw9C5~@R6I!lbBt=iOE^upK-!R%X+LkpA!>r*ADY*)GxOsYl z2YU`tj^PEx>CgONYl|nO`V{XHZ9`U&K)r@{#x^ zIqrxTPX_nWRy3XF{rMJ|FkAE+d>G8s(7h?k^ssr#=zhUsUcWc{&w!HE_MD?@7H0%m z5{h+Hhb&myX(~*Dvy}Ny=GT!c`jIwj^X00~h=LmfxJ zh{E}QA__2HtYLu>g~gQyUh=la4_)k~p6RGb6GK{7?KSJ;qef;#C!r7mG`@GQFX-L0__i%0$S zFYUksEp{t2xMdx1Bkpja`UtpKSQz-|iT|6$L9wM1Hc;9g+IXlya)H-__x41AcQ`~& zKg2~Br=zq*j$6EA?jjZq0d&X$6{w-0IcQy2{#t~(_d)0+Ul0h3reu&@kPdVx^oopmtuRG@qGHm@?i@L#cn=31+Xa%~h?(~M{qXqk;NJ3(C$PEV|KaQ7!iJ+F zeLP9w_u$&tB4GZv`K6?$>6^}Wc2%jdp};;l?$DtYP@=8~ik$~j{`LD|>!V|h8 ziUx5T(CFXQOr?Hez;GLyw})v!P^29iXO4mJF$!J>-gyftvV!jHHpOAcTXir<0J-4f zmDzyPW<&kTKgPHmKi$}A4}y_3n}2~WZ)|$m$G4ix2CI`RqpiM*mw6cdiV8%sS5g@Cq;9{J&Nwae=U!l9^x7gc znP9yCY8nQFvr`MmDQ>LDkUBZM)=u!R0Ol5@*k3?d>5{AQ$y?SO+hQNJGaz4I*T`ZQ z*W2f&#CblY0>t3Ejn)k8ay?}vAM3vBAdao%0S~V z{LJ~6Xemxdy91GaNRwTKt59EAPEu-AJZfqw4jC0mte_e!_okd5p+JXB-xqCBGV4!O zbeqd`fFE7C%{VFtZ3TFRXmt&hYZcK0!`wkbAkwO)ISY&G6K*HR@xL50d!R#Rvu8Gm z2U&CjbjTco7C-FE>i|${_tNZ{dn={(b+J*yXOEdr>kF4rv6L%7hwMy(1-9@Xhiq~v z`X7fZdai36-X{p?kd>|0uRRz9JFzkzP#oh`I-4NR3}etVG%nn4H3J>8)G)BN3o(J3 zq?A4@i+ybM;V?2AphGs4R$%CxRcLLXNM1Fg>p{&u?I*n&^I;E1?D-qzH&+qHDU2O_ z{m?5D=kMx^xf2jS)k;?In~O!DLl#+~?D~Im$cluKD$0EK%c@?TFy{Vo$asJbSxwOQ zB``hX4DOP$>BNJVa)Y75BqKRYaA!!&H^sD7j-HAomm44;z4krQ(Z%)Kqi-f!DAIaA z8#YE`M)&~s55(;cMyaJJ_vV5sLBgq%C)s-CPHbY37(RLL8!{PN)J{A8DPn^{lEbx$ z05rBLwdIJT79`mD%f(F0gHWmcLKC(fveA6lycAaIPlrq&=#Wt_Nn91tETOac=ZtJ? z5quCWCAB3+aA8eKJ9;LP$K7H<-H3c7>P3#voK$Hke5MmDeZ?9Q6Fwa>snR%Xi_pyo zrG{>DY)0(Z>7ROk4U38(VC<|$SdZK$EU6(J+!~sO53s^x=w(f~Vu6uQ=y*g+Ej)s$ zWko!>;HrYZ4TeGu$6`VzofMYz^=`LHXVsDn6vd@H%rJ#;xNNz{UlOfZzY6MGA*-bR zWr?a_7w|>{uZ*r}M;(&|r>fuwe(+-pe%!hrkVkthVQQm};ayawd<~*fGyYixb@sb2 z%}|TNAvoRS*AG89SX7EPZ`yYS%=aJAZvg^E$0_K%G^H|SpOssM$A|J4zMeLE@WpHYjLAI&6 zf#rzt(d7XS|AWV0MJ$in&I>%aLit;oDJEamYxG{DM#{SmK5fxe+AbTxm>Q#)Tw>-T z3_wW)7Q)QXI;oLuH3oFy&$d+}qe_I&dIHU0i^DuPx-SiZht2#6(f-vWVV)eq0 ztOdV}XO~@P71(%j-wR4tV!aJwDtA0--;04N@*;Oc|I!147^1X`Qpj;atGqWmR#U#Z z5s>0~2CblrFWBk1a}8FirmQ=veLane2H*0EYu4Z+(^&JaL=Hq-6wVCC$)yRYZ$&zjKls0BBI~uAE zldC3#q4ixcKorKiaoYX0`rvCdVc^=I8L19LbO%{uco7}t?4JfQ37n^b&6IMYJC%G5WdZEsC3R=TH0;W64^Y*0y)7%E>p3ygOA zhI&jkQjWh-=*u0>wMWa>qGxdZ0N$zGeNKi5{bQ-q#MG~?Sse^l&UuE%tT8a;RbBTB zUKntW3I^H7ctjaJUaesxCOZ?z`{L^9>iqCAfBH@0GJyN(`pBh=h_jsU<*ugC00Tor z9g3b{ZlzH=ds9BZ-^bbWZfE+1bJV!4G3bCFdi*&hkvYgSV5UMvsu~)TjvOuNI%GN{ z1bca<_GS8xVOGv8;k;|fM9-SHiOc$O{H4LPlWhCPb zt5mt_OIvq!ydzuNgh@RxcTfvV+;V>=ZZm<2TY=kIy((q;O>sAu>x1W#ChVFny`0(#|(Vv_3V`(pq93cB9nQnmMz|64o#nwq7t2PGMIZrb5;L31F(`^R>4Jh&0cP zzSiIa0(=^x0C%n~|6iPF?e==Av4vLmde+~q-$pJLHXgpec@X}X{~a*)UU4wp)UIL# znWs%Z0%qkn*PkHoXH9p`KEHMjlT(s~>)}@-IaP44W%%_zTS(&!Oie-T(t{d!!E$&k z)sA}=OJUf4X$(0`((pXrYu#H3bua;l;%IlKoe7V>(#g5Go}Kfibuv17$#^vVW065_ zGY%0qZRKE|T##!l&S`68r2kr07?%d$ZnYYn@?tc_C!X8+r(%2$K_5{W57nQ9Bm|6S;pCvjgSBEms@gauud~E=tFr3FS1s zGj&b9`t0ZaNARHS_J0Z7iwH`>(U|Gv@wzkQ<(1#GSX3RGc(%T|p})lAt&{bDW6LycnJXN*KAY53eB)@{O9 zRVx3UJZ?SR?;PKJ4Z^3e0!7)}xiBq4sCOZ?mZ>(@?~46*=oWfJk^+NtECrgRATz%%?r9jSwUiv3TDR;sN9De+V~+P>%U!4>X1XS*vE2SQut}C+xVRQc{@ZPL#c!eO zwcN79NBUb>g&ktX5LUlv2t#T8sxfV=1~1rM{J3^5e)M>{$sV zirt3XPzuW@lOSTjCIl_dTPNkN3Wv|@{7~}&b>KjhC=OK_n6}y>N|KZ=qrPB))~wc` z5ga4W3>`ir9B9EiEXgoyAs8$DJKt57GhZ}Ogug~6o~J5GV`=OWZs{THFx!ks(Tt$! z&ACQ{RYt#6K&Ef=_a-IeKoBp7XG`Y`Yy?mCh?9Kv1?JpEe!iJhq~q@n8qG(4LsNB$ zj(jw)f#;;E-7Xe@C9%EE)fu|xk&W{Qa7|SrGWKVK9OWn=)y-n11k(yfI8CQbT}}J! zie@pn4q1g`Vo%d0OXIV2t6y&9b1a6$%P&&`?kTggg=#@!ANBIxWIjS171_DosCl1QOZRPRbsmEU48j7D{Zxz zEBCwss4aU$tg~C7HzbqFa9pPHRo+FIv{0ETcM#e5%D+~$SyJSm6j^ekPXLf2d+cFD zSd01hiq?bXHNeKk=g|nTIr2~M0R8{3y#rE9hMN>wl`Lj8Xm4hW^?KvKv*)%E`hC8X zA+~nJ=GDYyj1re2QGGP^MT)SH_)M&N1GHeM<1TfwW`TK_`JRH_T|{M>AlKL060oI> zdg+Cp1H-Q8$31R3OpFWWb@16!?OEt9eP8KT=K^gnFL_%ebXkFY+axyq#e}7cK50U{ z)--y7m)8?I-MApw75>oGseH4Jn&AaV{Exr7%j$Vp|LNQQ1i4>w*2Q2RpHOuE?Ax9~ zeD-bafPLGxR$$*YcKD}pMN$}@Q{P-q#%kH{TtIijBc8S|A4Nk#ixEg!w6Q5>ue#Qc}pWi>b+CdNtrWv?u=x-hbKg^!9t7L4Z5m5C$N zRJ)z$7T!5wt*yX`073ZqfQ!XmA=@AZW?6idxg$vzzxkSe<i3e}4~(N?bZY@cq~DB%cuqbxXB?TLZyn7`qUfOIljF&>?1^?XE2H(v@Z>WvsA zkYNH!KCdM5X6OwL!lQ&5r9>C|0|A(qZbJDrHolgHBu*xUZ1n`veorzF!UNQJRX zw1UI|RYp$J9JDi1Pi6Eo7#xAg-77l803_SdHOWCdI16&l&fh2_UNPX$#DL$`gJxFu z3zd{ppugGKx(k*iC83XuMv7EMVjB7#2FtWIlVZ|ihL5JIEtr&*!9trGcd_rd%^T5z zTiTbkOP+3=R!uH8tD)ak8G*pDEic=54CFZmw_+nne|Z{F_zn(soXWl zFq3CybFo5|fPLFZ*YA=|*#GL=jsg3&^I3#^QJ@P$YU|KuC7>y4KkWEd;fMfUJhw?h zyl1dg&}Il8>e3;CDKvFc3!i;knOeH!&%W*4zxuZRU8x_Xg&%*5Ks^6*rPWglqJIID z0xK-&@0*hkA0lsmyL=Z?0(?L~+nI4GmkaQijQH>otff-;dMog!=S#$rQcY%F!ybLU zSqlnp@dQBG>B z0T*@`cKmCA3t%hY?Xd$a@QVDdUC+I`1`Mp9vS|$lx&hwz8<|!f_5BiX;c4v1hdw>u zAbwZv(KohHBgfLf*l5Ch=ivfR_}XDX6~m*c?|~4eRO*FpiPfF?1hd7og8H&fKwog4 zy1`B~yvQ^>nSiAn9iSo#2X(x2k;ufM5gjr;wPu&Vq#o{%m*jxHv)XbJ1jCPxNOtv( zc$0X;Sg^l`#Zu=-P1XUku?a4^-sNvk57@*3*x7h|UTCk67iPns;(?9J{~po)_lWkt zN3{QIjcCU{!gGq(|9zp&0-PUj9DE0C0{@)?RLC^`QOI;aH3QHm1Db@^8)jF>DDNlr zHmuQV`gi}Z!W#q)=+KV6p8NG_>mTZMbof0ZySuwL5N-^v%DtvYX}#oiZcNO(lj}Rc z|5+bCt)lV#Ku=%+>&ZXONjc%6TWU+;P^{bzEjP70uYtjUsCJdqDY_q1-p zgDvV)f)(Mu|5ewxsOr)}>zHM2zjmKVA{4z~5kx%a@I|i734{NRq zOr`da(^-@}8U5|1AIF%&71DtefsrzZ~U`0JIs(C zwD7rL7yYu1bX`3a8$Bca5_181TKJIN5^|Blt^}tg$Heq!Dg~&$Go*JpX>Hxw8%?(* z)l{El)k7mdu3GW8bbv0~U$J0A;DocQsYfFg;Md*)d{VzYQreHb9`Wvt6-X%4OoNa$ zghs4SS7caS&!5U$01jm<)#V74Q%lSvN-D!}dr&Py_lk;(Hl}V<{Y*u*ZANQqIDF+r%o`0DKaPS_>QKix@p4}#mz?J) zi=@)p`uDb5Y-`l1V%cvzuRK7%FYoUoUDs28p^Xdbs-??G= z`@08GK`IB0H-aIl9uYwDEX4NKa5T_!(zjQ@_@QL*thVqC9{%`fz%~lVknKhU_RuH8?ArwZUvBnTCGN4x>-X^P1hsO!4U3y0kuw+i(dqB?Ku)6*?lYeP z&>L6q9|5D&edC1j1>;W?evLzbi}S^+&1MgRJpl0AX#RR87(5kKy(DTuk^JPEC$++h z`06JOnNd{h7j>Uwkcw$?!+G1UN++gF>G{M$SKPbgaw_(YIP<;gfiq=UV4c#Dib{p> z)9{w&+eT!N8E`%OWXag$$mO$PP*sy6q6oh`OyHG7{L{4bx(0e}(h#T33!{Fzc!DwM zQ~ymxvv4l8VV;ePZ>S6Ht-y4YcfoWP+rL?WZZ9PAjPBLICX*;#jxZw64aSR0Dk`E; zXoKAvlAuHVM)Qq+@wwX$+<3!KJThOfHzKMWcAKMYwL z)Jp*A*Gb#Td^&YsiM47&g^{p*r9XGW#;aq+xAw%|IUeB*m32ZzbjXl>+VEj#6U&(7 z#;Ah!LQ6sAwOC9=B&OuFtt3qd^g+h}WLF|;R|Z??YpSocEVMO|4lpU)trR2W;2>HH zt(kjSc*Mr^y&&N`B71`es>@}%}Q-`8G>*_$Q!edVwM=*Cqq_< zKnGhr?UMQXkq4Xh`F)G0qV)0)3ObtI<(WYG)JT);G!D2P<#!Acjy#2@lPxu(knSAo zL5lq2{$J`Dk?SQZH4P0)z!y~rS?)({8YX8v85nsY7~j=uG;V&mjdG`oH_!D!eL%+8sT^~iK?Ad27uLRN4&tt;4h|ikg=;aMbmB+!Js*qx*d65 z;(2y*q&4Em@-87?@^fXl{RpV)?etmvL3+*=oZ|W8Yo&Z?@6Jsf7u6p!t!Uw(ezMvW z8o~VqpW1yUVwo9*XjU$y|^o1 zD&CqB;)t0mLlA&q&?rd3%?TyZ41+GOT2JLh_A}VJP8vsC0mdW=inui=3T-zkw6`R^ zQ1J=y=bcfyi728Szgb^QJb7&~!dx9|VTlo6e6MoGL}IGTy_Ik1rP3cU&VVtGAs%VT zC<%k;n*Ksw{Dg?-TS4<4&B6RCl@GG@f}mNNV~nXWbAfCo5lI$wCtYp>Gyb zoM&PnV&(J)Q}5TE{lT`hL{e<@qAWOs!9nc-L-p|yR@L;lqd3hkyi{LAsfj=N~>Ophe!Lqp4>#LhdhgxIt#)kdv&2%*NA4;z=+Y(O@S zz0|9TG=*rt7^gX1AEIx!!IV3&g$#k;iDIXu?1%Seq{-zAc(%c=)(am&38|uLq0Ybv zS*%23gpi1c1Uc=~ZUjUhwaIX`p{zM=EnUVi$JQU_xe}?b3-Qe>YutAQI{!#yn2`9h zF%O7Ci}FqcazB9e*M-?CyTy-|rk>uy|vUl|M4}QJ)mb2pw)h z-c}5s1M>HI3;)zp={LG&+_h8omtQ?O`(>eaI?*hmrLF;Dk)3D->8aY&&hPDcW~-pU zEbZd^k<}etM65kJw&WO@wtXJy+u9|o`owe^dU8d`U(2jFX!0bP*4e1>^d~v1z+fo` z$!T3ssYn*}FQbyKh5pn>BVWCSV;Y2+temQ0AAUCfcriHH6oh6!p-jhoXY2XBnGX5q zDFuU$cJtES{sURA0X9&1?)w{{xxixDycJt_W>6F=Bt&n93_n4@ieno(`|UCGiJ^T# z-u;A9rB%|R5E1(IQmJ2}O{JOYno{K<=|GH)0R_Wg=Bx)6L&5S`6&Z3kRE?P0Id7)I zQg~N@61w9i;jYKbnVHeKBc1I1l7-Q8v_77VUJH4MB5&!LxYxp3k4gYQL`HC-m-&$o z6e0$>ic#vhTa{5eG41TcvI8J35dW6u0%SU-=n(>k-T=oJ5Bh%qCN{6cfPpSwBp;3X z50+GBOMSSFPdqGeax5p_GRqVbq4QhVdsKx0+ZP;h@Ru&}4QFx7uyXl6?y4(5_fvS~ zi0v3rY7o-BV0gYl2v+uG^Z^IRfY0!9qOJ5CL2nr1t<&#Y8H{RL6~CZm$P!;~)jr}M zH^)J44@Pl0P3-g)QPDYWoICN9wzi%v*<~D)5}g8L4anKR|J8p#DD}dlSvR8kQ8j&> zf|2f3*H6KP8+$W;Orw)?s{|c!WApVfo=>#gP;~aVDC&&Xg_aPrEun9^Eyox4un@8G zNQQJU**GoIM8yx#>~mWmHvbl=nmuwbhnD@o%Q@(8-L>at{Z~Q1if@&CU7EM|g9?@= zjiqcHL`?tgtc0e|!afV-UKZ5zy&R{(ed&DF)dZDK2Mh5L_H5h zFfH?9kvAQWg+bD6DH&}mI4E#ON=SC+%(S$!u?+ml2{?N`I5-eYIi|d03F)t$r>ry- zGE_uro^k=B#}(KUyD4qGE*bIiCE~)Ml|---5iDtl6}_c~UC`#t&i`N;m9IotWFil~ zw?zH%6D@)i0Xhl+#uvU+=x=ilMsB4ka8yZolo{YS1moSektRjMXZyv};g-VApnkkF z!^1{jwxsnuczmc#7W&mBYlaNfms#GE8QjZ@Gn!Eo`KST- z(Okt6ri%G2z$`DPh!-J}k9Ov0x5w z6585G{ww|ND8Y+2OO}g%W~93bJw5tDIr(TkWP^a$8>V&jzg!{3SM5iObESej+(RqKU^8kH(fHy3-Vo(;+gqh zJ=01`Gw=nHgkk(i(^(PZr(g>c6Lq;jASA=g$ok2uY*o+3~cS%D1_}QmpCSqU89<3P-C1nr* zcXMlx)xg29Wkabo{MwdQtjxzbH9DY-MnD#In~M&OVWE?2k)F2c zmf+SiH3LX#Zh7Z52^!ZaV%uBf=n{!#l!fdcWbSQ7C!UVHBGv$`JpoN*r z5)RJ@EkW@|BrxIkK4Eh%fF6#DiBoYgB;jp{N^?OmU9w2n$bnse_u*u!N5cgZO$wOr zh6)?8DrEm+wE>o^1w^e>jJ(*UJI>f=Q#zP z>~$hQJ@qFW&K#MCO{R%x2sb;+%sIGr(*G@s5v39(odz1uovWyTC}HRb>QAvcWlx4O z1DO+;3N6N^SvUke`KA7Yq7-Q3rkInem#yGBZtR6RlgLZk_DUz$oXTju+}Hhr!@ycC zg`8=X>CrBj!HpoqmXdz7y>;2dwh;4VmN70dRJdA8GVnb^CWn&K%a^~haFo_b%;lkR z8qd1*^f+C{;2Lj2))Obm2Nl1@HI)Ya)rC*1{LpZQv)NR{`Bm3o1T;^$W@KhRY(Y=Z zAo#VEcPNDI%OKUF>V8thIo*CKW(_1UYEH+&ARO)x7V)XF{uH*4%woqPwB1x# z1<`V4) zk{8_CJkuhgEx)wO3o(d&d0M0rT z8^mh!eeWDJzA97cT5}@}?kDkK1Au^Dk8btGEO4fg(Lb*wrfPg9sj;!K`g?9S$y0%8 zCH|a->Qws2&X*U|2KtO9&otv3nv`jdmW zyGD}Ug|Jw{h<*{UVcCUQqOKfkK(QFl{sQh>OPDEf9L?AB5ng#d{*kQ%RX5-X6!P6v6c2EvpbiB#SmG&-)Fz$YvDwOE!)FmkI^*((_+s(G=RC zXRHdpq>B4~6~RC`uE{_$EkOinD!oP4IC_)Lp9Y;9{fvqHit6K?B{l<4b1X7mlu5Ew zEUv6%4>)F2;~W*4sQuX8f$-*?@zv-5L(4srY*XzcmS+Y@ zP5PDm?rRd<(|zb0wHToZ+lu#dT!hAoY=MlElPlpgk_~|}5&qynFS&3|2Z9IfscVaH zAuPAZ*2+U0Bn70jt06@u%uq^~b zhVj_|x}6rJ;WIO3oH#GMHxKn-=@(w80XaBBX_B$UUxS85rX|1#owHJGF$4?BxaW@0y+h}z@NFg=Lv;= zo`kw?CqK=9Dm^*OHY@&iuQ!veq+=HTDK^zGPuo72ck_w;b(I z^&Sk?jvPuQOUY;FAitJuJ2e0oxl-;UH z0>2}O*KGyr?I%Att8ZA(=&(s|VUqB&p&FSDNd7)vHq2%cdwL{`qQNWr`= zn9Hg=k4hNS=V?nom*GB66c34iGn%Q;i1QJ-`4HqTGO4(;&!F9>#M8ndjTp@1HS8r+ zbPg@Jrk2C(#^cjflYEoU6JhFxiTb(Uz$Fd~K-DsZO<|tqj-9^_#o#1cCTV%<`I6>g zd=mVPEb=FV;GvMOHt%vHRzF)mTE)4A_ZxY)i-46!-h4Arq%YfOs!crWD+YH2UdysyK}d6)UG-h@|0Lo(38fs zq4=-!aKO-I_W~lU?G9%&; zRMVFA(Izs@DKvQY9{BCCI!PyJ5^TUMsDiH7KhY;>XM=5M%%uJH4S$ zdbIVU)I`aHjmbZdndAekSk-$m7_R|%n)* zV5l4u&K9PjlU6fDr~DG5mD#|Qe-UNV@fGm9{w8- z>MB>nTg>)amGT`}bt4#E2%{E46k;hGM)*cb304)bbVr?T-=rhv08&B7+)fQNMiJ*!`>jIn9yNGSGRb(Uf{}n0X_kAG7Ysq2_H}#A}lJo6vn#DxDR6r#u zM|^Z!{m7ROC-Ad(c*yAokmsCN(1?I-*=c_|XJdQIFP%+-U5I^sz0LaQ@NZQ8KbuzM zQ$8#Z)eDXcEeu6VyqI7WWh$*=Ryha*>&i#N2k+tkDDN3G;7!jMe8nRImgx5v=YJFR z6!x}hejHL>ZW82N=Hjgntqro>%=UR4hSwm*O(OjLaPxoo_yHx6kmnFXvpiApz%Ute zz~u?$fUrpzo2Z3ujr13aDjIS-8JVSaX*if@AXjzMW?!iw)y6R|vb|%!J&kSLx?j6@ zWdiCM)f;m6ON(w=v1YsK__H?7_l2`Qwr8ugQ>*!uqY{Vu#K+t_r3C977=%s+2H{l2 z<|L2V1I6|!Cp_&TUIF5PifO|;pv|oX2jI5(hLT#;d?VGM{?~@0GrG8RR>6z05&8>kzV!Eq(mPN;)h_jZ8{TzJuOhPIpCu`EhTX)t6ay8LscPNe39 zZ3&;zZ{vhl$zv(Nv`&M7y=#>=%OZpncvFe_<T<@gvS|vE7&NS@|bX(r4GyZre9xlH$(8so+PlM3z`1}SZ#@%?lgV+y zpLeuy5v$%ER&t!EdhE!mUPBty^tb_Jp|@{;D%&<7i2*|H>b^Jt*QoRf(~i@YlqzhlxCS#TWVicQe#S3U5M3aQiF--r0ag>-K(6AS88mn7n;sD z_vE1Mt&*z|^9gt@G0`8XD{qgz(#1|lR=!G#5tNRP(^gjT2z^B^3Hf5}3|qUGj#$X7 zIJI}E_%XE1FN_VnzCT2+j)QUduyys;UzVg+y;P)ks!K1FqDM60X9H2-;@;Cr=j_w$ zL;ppfpIQUMO*wua(nTPy&)TNg!h2d~ptBZJT)#ZR;}_?QLG&p|cP2TJBdmk?%REef z$X_Sx1mMq-HY)Sf{9o@%56|*UrI)kILK4y+%e5Fa;sR(uuKK^TEsm!f5{Eq4+YX7>cI&}{)WxWFoh z{SOU;`)kWY(EA~f4PkiMwi#|sb_RxLSNs(fu3{xBgpc|89TFvDzBWeFx#C5z^C>H% zmi_FhJQJ%NYXzqy))028nf9{g_s`Y&3IT%%M~Kf@hER-aP6wR^{M=*y*aF z0bZWv*W08N7udB|A<4RQjfRDvCBoX8 zjK4Sskt+oIksxPb#}hrl=a|XFQO6Fy`y#?12@aJaad7Z}OlpjBNq_&j6Ab198%fuo z3hP4@K0L+er%UBDfLmxQsa$_Gn_ZBo*$qgQ4H>lDrW6PMjCg`69ZL!vgb3nDZy^AS z8l~eF+{fT*r;6MLgEY5OPXEgJYlia)V;XyQ^T;-X=NFM_#-g;`eX)gQCwDZ?*?C{Y zRJ=WBYe!@h649lv^z1F%TSkV_04cW$_V+C?{HYA7L*4l+uS&gS7@d*0+}e6$syqE@ z8VMO}SZ4W2q)>%S4M))CH?sMIZEgNC6 zSBfE9G-J&4B#if~_vO=1^-N-XhnRko?gmX#q5u+sO;C)UbZ)1wsLa>b$a zN#BssILgy7b(sBM0KY&$zauU%WX=;S@Uv88>aptJUiYD=E21?|w6+5B8_q2h3sZ3UFXU5APl?U!(_rFnW0fkllt!Y@Q&PfXm!pw6&h1zpJ2 z02~!Jo~slb7iQ)!iehypBd=?37$uliW^Q^ZnI81dThDSIrwpG*bT$(MdzIVHAcQ`C zl%$va{IeycL9bAMaRalYBm!Du2QD?Q(C+rGdXX`F&RC?IRZOkeP3Jsf=#@1m2r(9& zvrCekUqJ-e($@)z!}Bl}oo6I`^%u55vsZ$;u#GTywYZ__O#C684hoy&^xc_bbClNm zMyJKj7W`q>xoD^-{uw{qf)vd)FUZ=pXN+3<;;(+$prx;WDYXv?ao}rH&45M_j4sb~ zun-)j#Fq&e4Tjlp?!t;?%AZ4JH<2-L`5Z40(XqEvENVlZDtRqsy*$wYWYUYU&$!ua z&jprD=9a*ZSGg5=bcTWbl~xjY3Wn;%Z^M?QK~vUkkI9jbm#`VTB-dn?lF+++$vjm* zHyj%cMq7ielG#|BZ*0Y`zGzrqHkHpUvA}*$N?;4N^|HqEN`>c}%G^tA%d?2d(9F`U zP6lO$)A5odNNi`=xB4UozlUss1&08}2dvtXIrZe0`Vfbz1)UwM{5R}%ZbzkyRj23=+skXXg(q)QI&HkFws&UB)(CL!B$e7l72cT~q zqd1Eq)v#Reny4o_5Ulcun$sv${X{C#qSeD%7Dt#dbfIof-$PqR{=!5dUGLeVo*`c( zwm>6iv2{#(1&x>!2nAaTP@YXx0f=KOL&nQD7t$;z<2HP9P$?J>aqLT6R$wil<8Yc2 z5*Yt6(84tnQCM4A@vY9mxY2 zf;?(K`Krp>lu(t?NbC>g<*@hmt@Jkqa0PD=MR|u3^YY_S?%ZghA+Kl_*oIM~r*KhM zhc zha&Ocr*t6*06PVBbC%)@IQsyo!p;IBUx0_{Dg$eQ=MK>YTpEc<;k=aFEW(_bTdXpy zgd7dUO`@B~@1@$5!?v~C(7RSF6`*gbxKiNCNzk;*G)2=H0i~A3f#l|vJtMu9f_Pmk zryKdwwYFXki4>T++O#CVx>c|?EDftykq+z9ws=@FF5(QAv_f|4fj{8{&;2VxGu>37 zo=w@|LIoZ_Ag_QN8(P3oBz-16?}tNG6Y6~+AGDyu)vD$nl+_eORj>$&Syi%m;8b*^ z%N${jg=-&QmU6D<{OWL2SzJk%vq~3V`mieY(|%elL!NcpPxRTM&z9=yuB*c|(PeEI zMc}gYrz<|qo|!#yC()^VR3;x|-Dr9T4Q@I2m=S9qnMnGAu~V_iAbAduByq(P4QTbs z4@BIcZj?`s3gEN{M%fI5?Xb8zEhxwGBB3qs?0{<8%u0q*I#C7WUGyNA|Hw!}j{4}Y z#)sIkUhR-?g^SWkxy3^TpuRt~U#Ch@oxEa$O}%h`mfyR!2b+UYQ)xE$i!pVIem(A5 z`JJue{IeHb`!`HEuhse%s4y^4`-ii$@83N!G`5wQt@O`97$M zc^$AAJ29F{0%3x>sm|w|C#xOm>a0M53guo6acGU!iWm2C^W{jb{z4QHX_9pqqrhkC zHg~R597)Lukadhhr-^Ziz=&)9#1AfWmC;Gg)CeYE6% zc>a7;j{iN{e*TpI{ZXFL0KLIny5y`{2^);~i^iFV|U0huBP)#&VJN)IQ^+pA}RIjG_?;hx;m1nPv^~Ep`{G_jbtptie#v_#)lKQ?F!C@Tf1G9VaCmz6@1Cq z9E(LEm!ZkG-9Mrs1hDE?_7cebJPj%S1bge~{p*AChRAp&$QX&-)rVgUa zeBAsQ@?8m_zVuBPuP$42y$b5#aS2eFE$hDE5{?%DDdRrR1Tj_?%i^8-@ujcf3FcJK z^fLw3_?f|^nd-v4*zqu%=SFI>4>?-+H;6-WRy4)eXhGtP<2=n+A;RY2vF7J>Jnn%K zXd)xNzc$JKy!CzOW2TWXC>oFM`tkJbwQgf<~2)0|9ZDpPvZz{Uj-6 zQ4pnG)z+6)H>%ZuAjbhz9oYG)(U&j%+Wob_+y^#7v~6~j9@^3)0{z33rq_NNqGuXe zGWKeL_?ka^+XM8L&PbdalNmM(cnQXFf<`9Tj$p*3Zl{J<>p|;e3I?_&`*t3<$Yu#v z9{N!&B7}b0J2^T$dNa-gQpuP}N|F@*$AA0>5CWwhWLR=bVEYSxZwQrIG>?5yB{Y<- z#OZ>>;7g1e9=pYd9JMu{zc)L-^s~(U&o=5?rjO?P-)Qs2XjHoYZEbD8c)I^R# zR8BszilsTf4k)5Ms?K$k|Gqj&Jo~O8Gf3%lfX>WOrdpDcm`_pvFKpPqQv+g~mH+Oo zpr1e_&CqFBuqbXRS5h}B>xvh6 zI>iAW3oiRq0U%!M5HDlYhln}-BDQM4(6R9fbIkDK3a9&Yk@zV_{eO%GqaAOvj|TgG z;!j9KIKgc2&ph4W;0@vGPiV)HCMnMr31A7HM3ihS(M7v+0z4LVd6A9z}0on>!h!s4R+ZkeEDa-{>dOHD}QK3Cq@@JQsb4Q7|;Y0YpV& zbb;-d*HS7$aHPz`Kq#x%DPd?$8E-2I2H1ZlI9MO_4yQ;Z)|8DHu2Dufhj)Y*bg9x$ z8k{F2w6&-2&((BKfSV(lL_OZ{5I>_uAsq}A{U?|nE9gdA{`M0JTw!_))h@Il>a^D>fe%BD~g84(yePmW19aT~9ykj5_rL zlHcWM<~Ujm*j!#V;5J)X7>a}_(Pi~}F`92bmvNFQqN%1UdnVs=E-YR6Gd$q_OjM|f z5=>%W>x!LMxh)?VRtLA}-x=k&bjPpuAk98QZ*n6$(O6g6P*8Q7SxJf%Iyn88zliD! zRHP00bm>6ztrJ$pu;(0&kw;W!D3{ncs%eQ$5d}vMdbQLdE7%-8^pYz!{-(JQ%(GPLH2fqE}D~0|(;+uk)hC!?JK)+B-f} zh1lQ+pXsW~Z&qd`k&&>5SED|%IjFX>^{ixbO>s>dHFJ#;MQI-D_r4w4; z!E@Mx+x0e{WW9L&>hA1w6OlN?pUkIz=ySi1`bFh*zv<*%OZ_<9i;}s2lr7NC<~q7X zlieL02WC?@pTu{R|12f{OK7;P?C<|;mH+KL-`pz8|3=%pqbK>_V?53+MngBRZ%48g zbg7(9)z&|i%J%I8$z|Q?RIs=%VgmKR3uX0Y=Q|U8 zg=Hh^=*2GGwTFt`s3_wwCbbamtWxb^4LFkqy^#K9dA=BYNlW^H9XPIBO_#|dh?Pq? zlJ~3&07)^Qj}vxrLUaMXkomxTU6<-i9j{6h@&ZxH6C*ODxL`+Pw=izKmN6OaAeHvAMtXe7CKzgt~7AX<2`K6~nL~i^Bq7wySbW zQ@KgJZozGuRLa+D`)yUMmb6I{`q+oH(%(RR??n7t(6$%48JJc|<9C(=3n+nt4b(3O z<>~)ia0_t~m?9=j(VW=qYHVEDp*_`rO|Vy)oW_`GSV1zb?X zcx%57CnO%Sx!OaJNDX~NeJ>C@ZE+cr6nROPD1qp&e?_XXV#FK`R_?sdAdN|fU0WSd zOpD;UK$*>Z_*Yu!hKLL_$! zb{WcE!@x|ul&&0X-TC$4(`70pO10p_bK zNA#kV3Xb83&*rCHCJ)Ojis)Z9D6M3_iT^B|11;ub9t%7>JhJ16&|N(&%U5i*mUb44 z)gA&a7=HuOe-EISCi8_xjw`gi(|UMV0@U8ez_Er6#V+ohcL!%bynkJ$w{H(m&q@W~ z?tORg)-efIYIA$t=#9ny3qlK^B?!#emE#Y^7*q8NiExU2}OBl-@kwR`rxE8 z;@ZHIL#wBLsjZWP)At`v_U{I@$&y!q*?~r9P@(F;J{%qXpAQF+9SHI@d?M=kzL|CR^09%dXn;vTzpTKUE+*{paEF`Ptjk^B)gR4!{3b7x>C8)bVF*P!i%hITPzTf7c6~9WL?dsQNPaG(~H3 zpZycx=(7D^7>)bumDf`e;r{x16}frC-sjIb#5F6Sf^S=|U8+CKwZV{0%dw#Ql_K>j zJBQ;z?KD_f!U||zyTmuFx%@3+H05A3+lsBh9kDcUsle-&Rvy~80!>%4Rww-(mXo!* zG|{CZ4Y1|`eIEu=)84R{In)7Vu|SutYLaI>7+Q1t4tMTLCvu%7J87%kvJUhZyk84I zd0vYam`ah^?|^E%xmIkO!2LFkEApmgOam$-`x-Pe=(m?TqOZ%&qjHcpu_E2fRqTA_ zUnRfPZ5RiOgx|a-=|c{r)H4J?D>K|RF{6%3T^Uwi2KRN;%47f9^^%lw8qjEr&i0S% zyS9SyHuMUClgcj``7v2>vxAo=O0cFPS%?X zzCJwN`|j<*`Qg#w+2P(>RdN6103;3${=?l%Q8Zy2r676dN-_T@zA0Izpen+^wP;XG zw`Hx*7MCUq#o~c@BbCNg+Ae$5ONS=N;?-~)SPuEed#9&Ay+3)~G6BWH=OEAf?dMGQ z_eYvHE4f;A?s8|e*7-AgQ|5(rqU-SJ^lb0#+w(7byirrILrRWV>E zuI(UWge-f-32?52cW1{ByJs7FcF!nOacsoW7A%AP;LG-|px3O$ZmX~&jWk}wwOrJj z@6Yob1g8flKOUT%e>kZqgz~_sZL6*1W!xz|Z$)-!c|R8d2@hqnO=H;Kd;9jgz5RdQ zZxl;|T?VvvM8!z_h1qjTh~9jEe!O?~!|D0!y|caYfIfdlYcp&Jy5&P2lm7Yul3xRh z-_Y*c_irjHo=)vXbmpdUvRx;I>)3P?1y!w|y#Mj=^zi-B;nADBbz$8Es+?w>y8w=_ ze$f9DY2^DBYw!5y%I(Tr~ z7UO}9hPxRESAmeb>V9Cf(K8%hxqykt6^=1u$0?m)mwKyEz@gd_w;s~iLa~Iii3asr zom#D;#MW~3l2MJA9`vlp(mU{@&=ZUW6LRF%bP<^yPiUcMuVQh@cikN z#Dv4`QvY4RSAAPnq`}$|7NQZh4bl#b=p3V6pcX7C?0}1@L#}6-M!np-Gm6XTSn96X z_1zE5r;3WJQRz^m%yn{ZhjhC|vVAv13G(RGwCGYKwhXW+&R2}Uvy@T@&oOYEOqSv$ zRx$b7o9(C)X+ViMN}xXp+_EFC>JKZrLrJH{?n{WQU&Bw!niUWK#yVwvc%_w&*QyE| z4zaTHqecZMH5uovGbpKOKC8mT4K4TC~0R9os!ZjgWP5i;&`Jk278xg6;ViYcFyc-AYORsgVagoTN73i zM~$Hc4oS8cBU!pri;Vn=A?1~|?DVTzJiBX`wT1R#Hjtvv&0#I?U}{>Yda3leoF=7R zi*oma%~J_7Eid;@8p_W8ll2Oc#+g{&C8bX3(b!D~RfdKpr-992J9el;;$G zM?+P}dQm0`;&S$jOr_okg()^hwy{lK+htax`v@3m;ba&owkvAX8|pZ(Y%PkHx~}zf z6e+A8^%7Lu*+2mebIJ-T5dB*>m>6wIxnv{JL5)7j9o0E?=;^wtiZ>gHttO{|O3}t! z#ve6~pJ_gvw00!3z+i*MinB>sp9h(4CPlz;u+ zTlr4U9qIo>%xpaCb_}%9|LvX468+!VdGY*-{y)ZZFZ%By?%&CkaW@)&Cz`6(;#YS> zuxujkZA!2$5p`Nlbl*7U+VH2k9!x}oyR4<%?Fm#Vtx@$v)@JIR4)pt+efbTmVq@Uy zuX5_@W2RwIJw#aK|2EH3^k1LQ4v|*VNzg+7x3+i7@t=3Mx3-_?|6@E$Nlk5@aNe z7BH1*IwMtUIr|`Jsx6%k*!L-2d`}|GPI;OIJWDN6sVvfcG{!%DwWyOa4f30$HAsMI zt&ql6=O2BIBh1SwHkw+o>sihDQADplkPnbHopo-lSS@c(re8mdIZm(q=oAMu4!gJN ztZnJBwm0*hXri`{R^HXlW9RNWtOQ&9+Um#hknsur=(n`r?zz+Xzm)W^_59y?vAb2y z|N8v-)BW#Jo+Xa-Wh}IpJutsEhCz7h+j%j?ry{Eu_pR zWmAz(Nf!3-RMHk>J)F4YSnftc9f3H>J=NMf_tvREUDcxwc_HNPl23HX@FW| z4!g5%8ynS`F|@eqwgXwIPzJFEy5+#C^Um#p#JZZlEuaj^itd2jqEE4yR{mp{u@r*6 z5g{Q(4n)*m!7SuLN{4^b=AJEFl|^vnQQgq-TQoYImyNi?;K6=B?u2Rp%pXkDK89 zee0!k7gCMngjyUTw}{~otqwg84ZcC1H~bI8hW)%ue?0hRqxix~f>3O%zcHMx8dMes zWGx#Hx}Eq8@9rQkw5gSvkZ&I(LWfQHDyyZ7fyXlZzh!MJVDP%$2U_+2&&&M(^WCl8 zC;tC2o<>u3vFN7aE)OIhZuRJ1VRIh(w&Ac|FByR^aS?g898Wo$4YvKSw>|*oXo|^)vrd>t=G#* ztoY*a>nWPCy1*@J@z>OH9lXKjEEg}(y2U=W#w*Hu1eTzL21!}#Dtew*xrBVxhILEP zf0M|3IRQ`${oj7EQ?~!wdhufOiT*#vBiSaP61K?S;kmHh#W`cWOy&I~VM9aeUz-*5 zhmkDVPCE_x*VVULfzoecV36Qo+;ggI{ESl;_z{U`Ma%mX!)>9cRnRXhY@;YI+3_C; z<21dgdUm)9$g0{|QeuAL^I-ngnu?mqs3ui+*r*pUnUkecp86cmROB6|ewDGwQ*iI8 zRTb(rrQo*Ksd%Eo5biLDm(D>XG<2r-&jEc|0TeV)_Nvh^1#=u+vTUIw_6288?H)Zi zQ^Op5=Q9k3@coj6zrPOs%W$kLTi7B6(}nv|(7ns%OGPIToIW;71JY{U;DW_6p8^_M ziFxCS_ww+OZc34K)+HcLXT?H04wu69^@ob8W6zNEujxD&vV0@f-7ZcwPV^37JRDyw z3y`SO6{zy=-Ye4k&Rbj)`C3{7*}9!nvJ2z64F5OBei&iKJRKdRBNy0q|KHr&E!%%? zKHdKx=W*D7I=xnFnM2zntBpl0c(>Mx1C)v69qmH(8vPUKAob2yCX|QAV{}AgT;Z&i z=0KFNLYmR+>(;;iyXw>P@Xu28Kk=8e{E$x@{oi_Cw*Mb(@4R@T|BvyM_@|nCW8p@h z7a3k{O)&R0<^F-Dp(+GrKlEj94!WH zE*Ex975HY=srI+POhmu;OY!wsG8VL zE| zUkrulbruIV(|nzz_7F?|U zfL8~nw71w>QTE#^?k!h-SmAFuTI#Z*;9~u+P%zwmfNn8yvHl-LXxu)G`$@;#G1f}B z4(2$_BI6{WWBu5#i>cz8>vv6Q=L`UBd30K!RK7LB<7%nj5Dl){`0_rd%MaI?Tg;JN z%-EN#eg<Vk`fBzjC{t5tEBR&fjl=fvm87% z>41@)`_5z&&f9b36z=U{8IJ_0ky3zSN2<@e3*@X(>Yd!`a#K`SJUcvrK!KE2TC`@TGMju!GC|dow@C_VI zk5h6*B0R$fEbt>`dJYDKg|a$r(Fvs-Og&+zkHPBCD(Fhysc~fGBO3BWQUX(Aup~s_ zi)3nN?r2~W^9bMtw7H{(TT$qnPT_k*{eIc;>}-exUgB+QU~IcCS^>e;tT%@RZ|dt_ zA;P<2q&{qTHz2Km;d^T;*H z&O0<$&Wzr{e7iemwo^QsmOZ4FqW|*BwzLg!oBU^Y^F`VJcWZa+iT*#vQ{K>OiZw0Q z(UqPFYJ8;f^EKr|%WJ6B56j+CwG{T4DXjVhixOKeqricHMy|r*9#B^SzL`pp1VB__ zuJYDbQzORLd&h@Rdf(E%4EBx>)#1hlKllvwT{q96l63U#L_WGnuXIE@udbi%v_{JV z0EXE)6dih$rrfqJ*sg&;aU9DqK82!^*vJ!JOLv?ne7=N!Z$EB5>5WHpu}p(iSWV;2 z$1v)qmaJ>57%fdl)|2(0l~s-vXx;APKyKBH&3)ez@Ne$$1t++)Q!+tjD9 z-0TmfyxC42v6n~CEzr!;y|qMdN?$c`tTc00h?QKq0Nbx8esGD4_7CkH8#A|Rn zq&Doc&YQ8a0KBiny=58xKc12JlZvab%q5_W|9@W5|88$>j-L4c$9R^G$flNsCl^DK z(oZ*@N!R|EOq~Hs00PO_O@al%+T!#)Nojx?!%Xf&KjZZ8@ExZqP0u4bD-eNUh_8l> zhcx5p+D~IyHX&h^@F57@82G^)%UvP=9V8_DyR=5fS2*Sjeb$sffuur{0w*`x+}e?S ze35ko^*1#%B2<5v2dbw9SxA3+_IFh@qOO|Glo;~#9ocY zTj&zsu=8JOj9)Eo;Q!;%=H>#C*bg|l!mmalTKJ#N8Tl2z8g0%DI>ecR(|nRq1n~~? zu3v8E!$rss#B$8n9l&qC&VD6HVRZ4|3*XKcBtDODJmYgTx-5MQ=ps3X5uvTpCs-=- zH^-m&Fp0zhDMXF+uY4AyB;keEpFHaWR1Fv_mRLmcgH;eDSHoWtJX3$p$W;B6#Iq7? zSAKd^H(Zr+L;UW)J3Tx=A4lHq&;K>(TR788h@a1~AL11KKp98R1dDE!5}QE4i%QXI zt%=i3B|ek50#0l=g#7~?|MuplHI-lLT4&f#gZUj=wkoh}ay}&y$EljUN{C-~VHyY6 z-W0{pXcYn{kNd-L)%+cS-Nnu!uslL&YjYEAZ*HMc*j93TbA+}x zTZ{Se4SK$)D>b>1_?CoBz6)r~QySS-{4mrj$2|Y(9mAov55s(xC5)%oU#LbT9c^m^ z>U#UKL)1^QNkoFaU2DnpF>GESunFgU5#4oV_(^h_O+LVy=&zPu4En2WODbPcgJEsq zaewGv`P@%M@o``OT^JgfqBVUEiHaC<8~r~t_~yR`YyWfn3%d;%yZt4Z-3k(OJ0sKE zB%a-pfZhgKdOQ2|mR-%nf4|-?lAT*Ro88jc)$KK&EY_c`7gjSu_)|hsO&rzpx8ly&Ve{_pVerAdd$hJ$a0Fo$b{Z`RT9*$7Qi>|a{L()WQc>a_p8nLg`ThW}4! z7!sCd5M_Rng)`hO5NK=skKMBW_s)yWC;9)QJXI@-*Jg^pgDEZxf~5hD5dzB_!*R9V zf42yqQk>e3&%uJkdsjY*fVA&_-YPI>dpBDPRwfUkf|Jm7o@f82*QJxaXfTX$!OAg$&Jax4HR4t49 zSlIr)lwS{guc~UZ6?YCxLRU>kUnQkmqMh=>+!wFiTTd{?B*o$DlqUNXkH8i5TBUkq zm`neI*EG1q>4vl$dcC)Q{{F{TOqk)-q&9B>?(HvuE&Zy7q({0!-JeC?;<-tl4HfQ}T&e}vv4n56hB?mxpVdvdY=yBKhv|+`F|Ds7V#gqcDBps|7iQgQ~u9Kc|Jd8{9i~B zQD+`}>^cPg5Uhm5McW>`ZN0OUMXp12T-(W%#C}A6#i{Nif6=)M&6`L)#XA~GpL!2H zJ4fSJhWS8!aRTX_<;dqK!an1O##mKF3mRfHr76l!cFkCzjNuSXZqOTv*1j8OIS878 z`fY(&o062dm$(JXx@}Wcv=(ZB9_3L!noP5-Kn7CS2trVEvNKLo2*~pJa~&2K`SpHi zhXx8TmPHD7VF^&l%B%dgC{Adt{<)CQu5rm1MFy?H2j?c(t!x4tfZv-qKf<%j`Jd9L zbIgDHX*>T%&&&CrM$dP)pU(fscpT?HTxf$7i}SK@?!$+S;RAK%pU?=eSB#kp$1POJ zzpBGl9{8gAAL4wkP@xBKu~B%ZX|3pGtuiNOOfuPwv8X2@4*b+gwV1PQ&SEBswJBHV z224`Lm>lMs=?Dv00E2!TW3xouMzQSESpeaUs$A|L1UPRW% zz6rI-`WvV(B`d6NVd`UlhPn85Esj3%M?@I!S4Lh~&W>3}b#ZxY(`5aZvelGJ1bwV@ z_9QL%dY@&_|A|qubx;56?~z|lHrs8J7m9jiu-OmyvKOgW|&Ao{>?>Ll0| zMF$i=_8GgTX=pc`sCU)IP3ig$a^~C7SanJ0&t^q5`x2LOz&rMaT34Z;c$_Yx+>PC? zB85!gSzkMjC*jVYPcg9Dql9w%eGNUk#Amy6 zM79Ty!KOt)f;F>DYfNM@Fsm^E+WPBg4XiVr1=rO9*&5YtsW@&ek=yJjMzsTYOa1UW zKl0-Mr+phpM?c)ejHsJft1%5t@tw0>SGA@%KdySGps6_lgUo8j_E%Rv)Yca3On1DB zXs;D}^-d#(1bpH+js58GSPjK`(FDC+uOT!~b3DH#BKX}qW}iDspQMZOI#j!Ek7x)1 zMf!?Qt=W9BDz?79o8X4n8H6L1C5`az#xlmtJo(H+zUA^MA^a zxqqtX4*Z`l#rNIWz;^j>ng83~9qm5xe~n?ZHaGZyvWpT-55QYJ zwvy^Arhj+X|ElPN?fXZD+Gdv>c+pbGbK0ce9YDkLWWF3rh6m&(`lQ?l5{ahOn|GV%$yIZm(q zs0k0cOgHFRkopNeQ(>A^mBP!WzMQp7G56*)){LZ;bFh)!w{Hd}5?>7ni4~ZS1#|4a zaO41s65UY4BPQde>Ehkpw{=maKB zrK&!`5%w7#Sox?QJ|4i!(sp+wzmaC4#@n$BnjrvxfD`(+eU>`^xzF)5i`bG%;Fj}$ zXLmFzpZ}wsC;tCYo=5fnvldXr5718%X0Z>d!WH9xUcc zHR5ioZO9PtaYZk>5l`=!!?G&gwh}mhN>NCq$0{&K_vx_H~B{VEWL+QMqH0i3{ z*a;1t^yVse{nn#VcbYQ&kSBq1BDFew@>h2GD;J%*>s)dje#`fE=tZdF+3fOeepC-< z1K863#Q7z~l|KdfN|KHht@g)Cyl&2(5 z5R?0T>M!s$O)p!`K$_yjcVQMqZ@*L2_%w?LY;GdP|1SXw>Ys^!f53jk=Y10^HcO*d zeHE3r!>Aw(^jx-~L%;?!#IK&MUC%H_o+rbGdnslKjTshi62ToI&(nd>N1NhDN-#qs z^z3t%Mqkj@w|^a>TjXC~qSfL5Md*jKv*Y1sb@*?6SzTA1eMJ3dqQgFV^$PX3HaGj| zXBBw1N^kDC|Cb5{*s}jeqsso@eLi}M|N1D8`NS31L>_j( zYfKZs$j^5ttoPXeokKyi@qe4ocgy+Tx1Q|39_RVJ_W!-&L;Nme;2r@TmLA$ehglH! z+CQ@u+tYK`=Z^G$DO2D!{%@xe|L^&W?Wg$vkMb-{|GxqY;V0tvaL?WL|AWSV*?PWP zmj7+N*m~ms9_6{0{QsDS_haDhLjx)n8~r(s76UdP&MCd@kC8m6GSF$>VdrbfUzMQT zjq)^NTHh4+Y0U8_u8nUBFI~w;np<(kDX()UgB+cMB#Rw=01rbYI_-d zCEHrPhr|QuS0=d5l>r65d>Pjk;Qmb6>zek&q)TyqYs-1jyp4b^7QUboANxa^@ZrSg zY&an?{L$Y)eGdYas#8Vku7p?bF4A#^}fWQxuYv^#(J-hw!fizc-ltnhxP#{bD{FihuM^b`=lvh9-V+ znI&jSBFuW<4A^zj`(`llFMHn%_#)|j^Z$A)=tn;#G-K%S^#SV*u2?`r+#4ueS8qT< z>X9t|I^XI$?4a&)tyiK{y#a`d;RWUun6zmN8|nHNA%(x##GAQ{qo*-k)D@cOO2!=kYx<9We^B8?J(sVXl@AXzz z&>PIr2~H?FjHk5MySTUrXv}DYd*WC@srclFAyPFV`!%y#nh`$FCIdo;qP!>9rd2mf zLZ4&NZm)NKiZS|VzDcM=WBOtc(tyDa_~%>{8m@ymp<-50NP`TN=OD{Hhao6b=xk~V zMQ0Qd`9a2Q7jGpggOqEMR|EC|T`X=q_2Ob&#er@nFQu`eu^@-HvVuOuqz;%&e;S53 z!W_eAtH}^25xo&(bAX_#{|imgmAr@cdVA`H>_EL1 zzr@XCEh3i~U5y4?gKgw}i>|f?n}f~uLb!dO3s6#w2t$6{Be58X&&edhGKaT-LbVrT z3;-_tIP)Xq2f*3`_$%m)q8-sZTHA|5v^^MY4Myt%e}oyhltn9(8|~XyXiF5^%v*Ra zTIluuMKd(_ujH`95P9B|rUCrCp;?Mx!ZJWuK0Cfds&X2oQw#CXmK;QwceX1#Yld)p zFj4?2Q@>2!XnMU{bnJ^O0JpQ=*F3lAHD*CdAct^kX<1&Tv0V1K?cI9apJmG4rMy+M zcZ)8x$IeCj_>Z#11gByeW3a_;D}OO+ZL|(w=%Ovh^hMs!F%40k0Uj+#OcvP!<+-5C zaK$9L3uN_h6;e-M)WPL{0=Tl+3E4g2$_eQyPkoMOH#JR(b*zgbrph+8jxIi#{HMsHP71Z5G!oP)D(6I|jfeS>*_j6S2j zVC@Bvwyo<1>Wf=Je~h*_H#gB2)F(0F#E)L%$iF$o0gXe}AEVvP4b)e5uKC+-@pkHy zC`<9#JjHBIqp&{)!}$xOHjp?XI*jlZo#>*SMtIi&ez^d+N>aCaz={i^B&(}|t8eV| z`eU^7Vrv7*H=uwvucr2Iu~g&^N(qH7v`0oAXtxMtN_2{jRTTtv;0R)j%wm+#klBFU zX9r1Pq2RulxO3F)AJNaDD2no;Ev=)A66e$vMhhziM{5*_p&wPCDZsTgdA>W{9c}K0VX*yTcQV=84gdCH zXKQ;ie7?Q;;`z>Gy8GPU-PsJMli>N*&hydVM&XOCaC@@zH#`k?FKiGKBL-}pQc+YH z3%3mE;&6II`EiOFjvF>twPq16C6}(>0v22(!Vm;6G;qD# zy#GAva3l@uUXxhCnFC-nhQHktnzy|yaK(8vK@Dq}l*3pCY_w4X@YR&R5U1aL*O!iP z*nls``qH)BaNXxfas+O5w{@#c8c-pvZ++_zLnq|Lu94^2&lsl*eFbc7{bAq=+V=FV z3`Qi@mnv&!^YGXW*F(%>F`BERxm(e_ABHI|usNJU$W}B_b1$5yl0bI6OxChp$hVbUneLb`usLP8@K3{P`Yq)r#6$x9;_{>7o__9aq#l0A#~e zj#k=0C-%aSNKVIqD76z)nj)2x(bB8l88CorP8r{eh|h4#J^ohUhJjlROqrzm;VMHz z%!8q5hZW1;3tuFjiHYdWPcU>StF*O_F2F76uB@wqs{>ut@Yr;9?Fv-R$WO6Rz=rGS z{`5=3^|jGe4VSoow(vOyUqOHqjzg($Yk+Hb4fulRB8dd;4*aP95SvsGw_~5r>mbg7g`$8$pdv|% z6C8))Pke>b8yJH!T2Qjt0s6r3G>fDXSAQb$41EmbN>-w4DWKo`=@jj~{myi_Ph+0a zD8gy3KDjiUn8(PBSvnd2nt6US@zlt?z|9V?zdk@GTHsusM^2^K zn#LH>6fJ0q3Mq1($InYQO65AAcCW!wZ_;7{?(K zRbv>D1t}ab_oPd<;Z+M=I-;RbL_nkt8Y=DzhGgGt+boZP`ZBo`j z*uST3(TtF?1+M$x3+TyVO!&TGi0aQ{!Y#f@tD_Vzqs0*d&WD1l4JO&oX@#Y00_{QJ z`cayWxthC0>Z4RE27ZhtSemQh5RuryiQaLI<#4@iV_qEmi&$HrZ1!U^#jGOay6?R( znBy>uaM~ygsmMbvUovE>qBY9rI2DMDQ7Bb`ce;65a5-Wc)~)*w3|FHIiM7SJIEF%> z`-SrN;*ZNQ5*zrcGtE!sRnXc+aur;NBl5zEt$48xaKWeLp9)-z{MrQ9DfzVsm%&*O z`D9Tke=*v8Lmp%v?a-6u2IV~3)&$2t?gI-YTX4+dy_A&=aj-6ma8>594POrhmlfTs z+TJZXw$_yuk*r>4_VEP!;ZG^y_Fus>__BR z_i)|Z|qiN(LmQ7GdQX_J% zEH@3;L#;0oOLo*rU~kc3k#rFT$qH534RKwORG-RIQ`)nLE0>N7he+%#B*V)oB8w!Y zS1_(AO&7js^X|mBX*h!Zy%qfQg*}{8{T7Z?0c;Ll5$p#*vtSVS=kz*$?Q_5B00T4w z4mMCo<5e#123S!$dM((FIZ2Su5m>2b3AzQl_y>WjL9cs@L{TpgWjz4K@Ilhqprqry zMHiEd-Aw4xa)Da7oO<1MxVS$nl)o4awnu~I4Q^`Ta_V*4;VSBQZ_!1+f1m4c6)vYT zw;iscV)wr4+X7q-m*Xm2g8Q%Bi_u?^x*6a3oLH94-HSk6&auVdf>mfu`Fqg`9A9;- zdy5W0vV`L+l2Uocyz)~bMZ<~D7>4_lHv72mH7dRW=b`UYTH(~na5*8GrgVY)9F=k% z4A3c-hOT?ZhbW{0Lo`Mo4@7TDz2cH$iL)0>fm1xisUY^l8IE!4a~#^jE(hlZXurs`R+UkfrTGx9gB!RD43#-nE4?F_Ffn z(G8Mr*Kn}}9kQrw92nR2rW9ic1c%{|$g`vKaQ7gi%=M~b58Vc5Cw8*k@0 zW?(s_UcE=h3zhI zDK727;o8@sTN^-Yg3Gwbl_0#YG~+-;k!!+O6I?n9-GhLo*uf~9kv7SqgzH!qRr@TW zzSwAfMB|y1vuiI4UH)G4C=R$za^hQKx1Ec{tjcIj@5gycv)LT+BwD{4tyfZFPNt+$ zepe5dsq8F&uj9w~t{kg4^!17t7rsSu9gG(4 zD=;f0iD)#WIHqAoqq&EHtBZO>!`0Ec<3Zp$ZnG6t{n!eUT&I;Aj%wALfon;d_X1o> zJ=G+`(fw!zoJ(%w8pp-IGyg{1xh}~ynWZEgUcO|W>ac0WRN-o{%`d}Ml-oGr8VyF9 zgBN#WS&MKr*yfkvYO~G1C;ckGb=+W&UxusAApf3{91T~ifkO_LDcaonJr$M;E_r%? zh{?Y*{5^>3BB00&1+bNLO3Roy_+cnC2!9~*J`nb-Mb2w!$@~Q9jID^p?&@;73Tl7Ar)8qmed) zpvWaQ{|+>)6|Rslv7%nXdc8omXfNR8%IDHm`ihcJqDXvK>rGyia9DzFDW9@jFFetc1di^%J=~%6!3&Gj{7W+{y zB=&tu7lPEXQ=Vo4&r%y$i9szj;Z$cqB2{U4-QS5eDr5=AJa$XDOAI%7l1 zmQLRu92_IUWjXL4@T17Onv3fhjuDG6PT)A$-4qu)8i&%75?Z||4vbxr5BFic{>JSc0yMsXm#@`4breuZ| zexmGMtMpUHTCnM;B5miUbh{m26O5qys09=x^!Ea{3pVQjED(DOw(kwK*LMwoP(wi@ zNo)feMUd{p26ZiqBg~kyKV{G*o0r!h!VtrJeITPtfxS4ae%VVuNzfdisI7bFPKJuTI`q09_M zebZ0~re?#C0u`JWY(Z3kEQS+cjvE();1QFI+jA-xLW&_=4fgN7?j&<+l5rbu<8TUz z9Lbd6aHBdwE}mA+lm}BqVkT#auv{ZHK<@?c*M!OWGaqtp#_owQlx8tVyYxcLm{^5} ze3c3)p=pmVNBnLE=oJ~RBlOo0Ad*nQ~)&K z%e-MPXPTl3<#X6o;*UgmNJe^JkUHs0- za~=)d4uwvj-eIlfz&W?)a=SAJ@=vutYf+vNa=rWN|(rcSe3$6|mc{jL<6Di?p zn@&5#fKC`vuVB3`WeaIj7Tz}CzWH&%CGSdZLC3zlN9phaD(g*c>kkrwN5d7@Y6`7T zBnlwd15(bkA^m^BD9W4-ObTqY@u03ornT6RS963TDY?2(*Ubwt$ctKd&oFar)kb)w z6+LGB5dep?O}g7o{Gegx9cw^vLjv5B@Amc^G*tIo0|1vfkQ>7}NVpgz8UyG~^3;6h zuCDY7T3DbWF_|jzx0RNS8K(x#+(B^JIKZ~#GzT?f_&^a6(Mk=OR`Nn0rBo`|^xPW) zBt9SyB#DXnE%it740&jham2WkhDri&r=fzeSeXg6p{wamtcW>IC2cLOf;^>NJGQF{ zjnNu#sf7i#A&?hy=$@ejrwhUu5Hp{lYaB^aJNGgv!1aOQy(HO77j?eZf~A*1Vs$wr zPdL~u4q#2B*UH$}o7Zj*7ualy$v(-VI&E&jT+@U?v0Qaw1={65{#=Xv#-{|AwZL8A zwZdg@ko&`>g7ntm=rx{_I1lA3?=<)m4l*%&lN+-Kb5{$?f9G!EM(I57O7`PE0e{N9 zvy@O#rUAv$SiD3C?@9d}2}bI02W7pfE__ijN*R>O%Pb^*bFh$3a5dVZ)WF64nM*Zw zi!QE4gVA95uxfSqa$A1X!etqM42tFNWAo9NoTvq^#_*{3HE*TYaYX&_wQXDBa-6C2 zMv+@I_hkTax^C68RTTM_ZHBo4E{6lj*X=Fh7>3*G=N6q9x?%SsFn>HWYs@Wm-@NSB1d1;A%2+gRrwNw(m+->fovvySd~(W-UkNUOueA$11DF&|HU#%Yr3>Xd znc=13oR={ZRB@FMMp{-RDP0H#AY+IoIQ7Mcdt0ZM;EK!gRtqjOU@0ywfk>Fnp&@D9 z!w3d6ToAwV%6Cevf1uZB3f34gk8aR$jwU6gWyTn4WC5OKHY*ynSQ z@Y>ziw~j7`3(QjzEXfr);bOrYyG0ha=oG%$SANy6gjAeBMY!giC-)SjXt;Q!yjdLU zs~X#D64Bt&+=6i&CX{HA&%?w{)o|5Y_A8A@ei<*V`7T)`Oe@Yoy7g*i%DAvxI z4Afsbx7AzZPeFH->m}rRBTQgShge1sGkDphRSTE6b4+kV;#u`t_YPLmi7X*!TVCyw zB!Z|B3_|%aG{I8}whS}OWYoN+eDYMRHfhxN17U)BD2Ir!;mQ+w&?rPF(v(fw6H}C8 z!Qd3iUySY%lNt^>>932M$i3x`1mP=0H7`~5>{IElZ9&INjkcZ&4ltYi4sOe^EteIb z7R*wv0I%4~MLn4At6vS6ZH@@7U_$ccCa3E|$myMWn7v>jkp^ABHGE!J=EYQ64Y z-eJ<4(xo(m*_tq=7R)Cy(~s^D=OFxmoU)x4((%#2Bq@`Unv zuFr(jd}e95!F;*-veCQ50j4@vPhIiKj9V|nDNEFSMc)dv%tZ|$@S|wr2bV}(=UcG3 z{Mu}C$-FJN36(Hg?~K{}bhy_zz-(eSZ&7SG%o32wZvrvJZC+xWbOy7H4RwGSV}4E3 zOL<5SAlj0OpnQ?~DxNCnfDhI(Qv z_j=&SqQ}2G*p^m=6M6-iMQ{8?)U$#)jC)8$agk})L%Q%uJVtp^;(-pr9?%68Nh#&$ zSsIN||1WDvN;wT^w9dxE;a}Ed^>vfNSZ1V$4$j4bI%nDBJb@(gkP}|PFZx#JlSvj2 z@yK;5{=OR?(Y$P}pZBOTw&qBpQ&b5H)a(7IB7Z7*`b}a7YP91@(iC6;!OkS(5IYfw zxX-0LpOXb1^bV&erg5%OuU7Wc8DzK>m-HFA!ZOlgEc+H0cNIow&@(gTRUx;t=c_0= zfFwIV|COH(BQi0Gr0sGlhUHjEU6`{_VGv{U)6@4gh?go?gGuraJIn$uS0%K)IZ5bS##;Sx&-yYL46I*}bv=P>!=gEGnE{)OQVqLlPIv@4F;B&~jo81x zVHe6sD2n)#ARKLN?-W0(47dF;8kyH$;4hgIp*mKT>Ygy<8}7uH&>F+tf;VnRQizU! zV}F+!c+Dr(wrIs(nZq&=1A!VSoD1GP#(hnS1b8QSI<92P4(P&KnZqqrdKP1T7><$t ztyziuO>W0NwuFiB5rUak5d^eX_n-RLDl0_Ba2kjkTFe0&@q3s{YK9A+ah%#fmPW02 z&UbsK2fI6konys73bgC9iXKN}WCDSK0eMKV3^1Ewo~1GR->2`7)I>x#uw^XUD58sr z+5XOFcy|ZkIG`a8<&>}C!EAuu;4~$Cy|)L+s1uU_dG0eb!8k4|Oa-qhHecW~v11XL zq8pkS8*Cp%M*q<3?1pCP3>uMhJ@kj4la&5~1MUfW|7AEy{WzFo zHvBCA@<{k)2<;C)i~qrIh4yb%Zopy_VsZ3LS(GuULl@Ak4p)^9oupb-4j~KyCpYNb zhto5$CnfeftTz1$+uu!5pEKOsp+!;qv~`PS*_RU#J> zVT~vg9sgzPdq{t8@TE4UM3v~`FI(S>PQ?FoHwJOALv@^vVtk37Txi(ZAC18*q@m`9 z*uLcq3F4c)m*%z$IwO8UL**};7Y7Gym7?DAA}D!X6x?1Ek~vP9;OS-bg&0d-w&%;Z zK;l3R!AJ|hsCPvkfMvB@%~l0Ir(z4_5Q#JVIwhRrxF^pQ>6{5nGK5|)7=8`VzH|`R zo3GTAVoPxd4akeC413VC<9?(nGy)ElD^ED+_4ZJT1G-q?IFyPn!Zg=FW2+~@mgcj( zAyDF@6o*-$LoF<_h!er-7Mw-}u6o6m#GGYmDpjU}%p@sIa2nm91xZsFNA6WL==C%Q zUH131SQ$SdKguJ1jIKt#OA?3U-2c6|z}y!noH)BATPXEFhLg-U5>la{)G=3a1RtaR zsNd6#UA|ydbRrpweFv?$EJG&_2dT9pjx{Jb=WVXZI;J_DK%XW^`2aK8> zl%x>T1lAae$Yt&lA`ctwbOF(ib2!8ZAWxQ`i2aljpXbwLL!MhlFV$jQObUBQmh^cnFb{wWx1E)7cPwLkJ|iCo~?K;3p)W4Oi5y#mk%b zl!u&{iS@$u#NcS$voSUhpJ9L6+a4JEVjaaP|ATRHW#2%`>N)(jAk@q2n1p1Zy6{U{ z@h0_?IpMgeK?_^rB3)_;!OO8&QLQamsW%3KGJd)d44ULz(b}nGacPRaOX)Ss12lX% zT(5L0n;Oej@;-^+d}umDBpj&FBFZm-Q}O;VL?gkk0Dq|69aVMsoZq6%2)-5ENBL$j z9uDF1Aa2s*mzys)tF;8)CSqskRlOm4&Y0;?zpqTERafkfay{{`sg4SiP^hCnTJy-DDBkd;AQiT`&6R30(iRevxT^a~#%f@9wJ@t^pn z`0c7d0PR`xWe_T+GNj><@WR1kg`d(ui!x%tl*L#!17kdWo7fkJ7y6%!c`5s||E{cy z1V%+%3g&(sFm!?wm0|BUb-u^={ zOn!t@UNg)R1JzRu6v`PW@K1geF3REqR0x9x=BXmNqd_hRmsUT`%oJe7v$5i7tk|5C znJrst@2cfV8X}n$7Wu&?{LV-?Hd8K(tRPJI9H%|S6r2+yUR*&me=YlZC-~a;=}eLt z!p^m@Ij6P^$KiR37bFgGYQ0z1wZY98jpT8w&a`te8_^X$Utq@k8O}xj0)$hH(Z#9G zkB&}NYEAGfF=5F}!cCn>T@pC#2XoboW7z?Fr$Cm~$406ekVMevFE<*A++RQ20SA z7(lFKwE2p3g2+69#Lj3voa^{n&o!wh&b4!s$+#2=NoXj7B}hAN>gR8N28&m|h@>S~ewq`1NGuXqEZ!E2 z#eNpg_RGhUAHQb$STe*nPSXjiIXW9POP!)vwLL7^0ro|efQ&tB8*Lb2k>mmTP z!dUhk5);RP6$1LXVP$DqaOocO!J4Y5?n@B>kSWWS3s|n2i)D)L z;nT>Up}mfm%Ip^}wKL1&MWIQf3c}Nc9c#k~ z(@qVQx}Y4iQy=NOlF^mC{_rBsa60t^jP}m1F81}bu9E^jI=i|+VM^daA8+QN6lW>H zH)b5EqTZkWmZuo~3*Vt1VS!TNZ7pdb?y2X(0urn0y0Eo$14dj?lokrE&(rO9?zSR9 z5=SJ)6+eSCk5$P|O{4Nx0V7I_5FC|AdjTUJm+ypXWurm_$(xT(vn(Z(JTo>hHFQ)H zoyk>fai?ppwv#ap@nt@V2%C#azr|BSMh@1GH*S#PkXddHyr-4V5?qGlUc|D8#UZ%V zv6zrr(1R&n&Op0+ z%>U8B$#H4^k6xUNw)1}zPify9_?aKknHTt37Gb^}os%%cvEGZ;C82DLA`<7Htgmuh z@y`KH!2%JEk$hX9P6NQlNYJ(hr7Pn4*Jn%xEZ!B`i5k(>@mt(j95{ZG=${AP&>K1- zWNEyxYe{^_!cvzDE2L}hkt^D7_GmGfNkEH0&B6;>Lq^&%{eT!#=W$E1* z^?HueNAk5YnyCvuietrdjBvVwr~nFV0Y+~JS@3Nwvj@rntVVd($#aAD zS6I+1Mv5RJuC9`|2pzCBou)G}JROP8HE_gg&IOJ6iy4ikI<~$cm2lRP!p-0`EXMstA*#%-2nzwDZssnbSOq#88r9 z>y$FfGn~$H65@dbx44p|D@nox@#fhgsuL4`ljfq1~mjHIO{|&&Et$Lup#K!lR|)WwE|HHnNsKXkmm6zdqd;5lxD@3 z-=;KA#^~hu`0z-*15Z``YFbQV&n;E5@v-5P$~qq8iBH8*hq_r!Up1ptJ`s(G30)=? z?xA~^G~6%8g6T39n`N&aM}eTo2WRGHbL^JCxKoFB(Ajn!^_n(uINZ1h(HVS z;s=f|%hL?JqY+Le8u?L+<}IDMejK`)E@I%AzvaO1BkNN7x@fiu4V~iE^``NFPrfvi zL+kL&uni-ikUS!a`ccjK$PPTvaL&9`q-ICzdB3YGz3zzz6nPi8S3O^ORhwZt$!oaR+Z z<6r2+ya;`~pfST%HWPKmyi>6jnH7W~CBN}m79})jj8=v^!Beg&3yBkDTPx12JOvyAz3Etpjjp9u)D>sp_5#0!I-l%m@t zs@1ppXi~(2!{m}w`HHODZp_&_ql<;_GMxBg=MhOGhIO%)jO{P|wx-~=4l@mQuxc(= zW~@blPg8y8s^{1P6eLf-J+?4cI4iM=MRv`C)Gzz!C#?Oewc|GI!K~}V6swjn5%(BG zSU}NZi^W&xqO*kS~8%C{XVxG7)cq_02hcuC9^ZHB>tBo452B!L^x5RL7C?Zhs088%c^ciJNh*2}VEwzMsdqg|bU}o7Q6Hfo$;W6k94^Gq z1zv!i^yKI@k@b@TxRAV*`taa2fgvINevpqoe$5nOMBGFTS5No}`Bq%wE*I<4eIe3D z02Ty~6a1%bT;q-U4jf$NX_^^RBX4x%{gn^6hD2h;lo6L0j;1;&aLJ?2-mAu;zD-C5 zhOM_uXE?%~++B&7H0Vj)GsLmOOMY!OpEc4z)B29GY>bB9P}-fXPnXJ2H~Mp&Qa$MW zM;T7o;LQ*3&ab@eQ`V)7w)6kP!%^w{=kVzGczgb{iKoWS0WohF0k2Fo-vId&fy$zz z5Lh=)oL*ii&u2a}mGzD3ne0y#zzWJzrapnFW1jO4uAxgP!=ah|6`Q-WzRmsZ`RS|I z=iVah%i{Er0q~&tO$9%I9+4sbzI*rX(nJDR5!2OI(Kvh^=ea!RA{IyluAx0gpFeA> zBkI-Y=*l+PLms-n_u7){p}_X z;Y(Q(@qHHl1i@h-y4ob4a%BPwYq_lRX~6er5=`nDdLir+u)52LFZ=nz6fh}7$|o7f zdgddR)MhlFIR#f$JDQ0`#0o&!2t zl9D)^qTXNFptlkMzWXTu?ex)4Bo65Jrrci2PTnV*PbeuA0D6#=Q$d*2eJ-~*i+qqgxD1h(Lm^#0yyOjOtF zyo=EdS&ZR0kZ;Gcy9B>n@ChBv@fbm?!$3IylqfF@`=Aj7o#)7Ord5_KxTa;)`0<28 zEZ7FsXyz&P7W{XVrFk5nlSBBEEUxnDlzc)xw^v^wM_n_j%ix;99pe26K9tB$5~zgd z{DcK{NT2aCc!ik8Ohc4NOG$&O%lHetJ7L4AhAd%dZz96izIt=T)54*7f`fes9VdM( z1rcdMQP2)?=$aL-AQu~c&b;KdODh{Ks7B7HkGgSHnxzRkwZ0mE{KpQ|Wc;#w2U~pV zMiEpz`?4m(YvJvK88q_K{R``rsEKkPGUOWPmKuuXSyR3RS)9*z>fh>31GPO}d!;WV zLA7lscTy6sTHFCvS&s8 zU#e7=2UUYtaGU+-=*3A%|35j|`u}d`krIHbN80Dq++kgOSM(Nx*=i#yAdR1Aa9jrp zt%R%&Oh`tPUEVZa0Cd}-7yTqDDUQNbw~J{+SVe>n5RMien~OmWx$QOm{@yijl-??H zRv8d6UqW|sCkQFgrVPSqi~?XUy{i^ca29)@t?dh2tX7o&Mj7dV25G^69KU!` z#{V6UMqB*fMjl&$`$@vMtS*TK+jn1ubK?_1&PW4wD9nEG^_3nc_PnkJ@z~@9-o!f7 z>$cGJS{IC7&5E%sm%Tpq>KCYGSvA1UV*FIYBOzmHRM=1eAr?_a|Kl&B`V_w-5{Ed> z&{0{&CpZw%iKG*oh@atS!TftW67%D9l);(Ui=}*=DCTNerEE(}1L&I^k4Rnt zqrolKfU({i9;(KT_NK2hh*%v_v5OQOOpD_YshFche_!!vPu;??V3C?kV-Ew{54a(x zNmj`$9ERKS@>G?q+9|m$w@g@UHmgU=W2oZRsWaBNb6SNj%~&cA84oi(J6%hKE-VY( z1&(-dd}F#*QN8@()%Bax*XJg%tvD?BXG#}VkX*QW21j8bq>uGp#4A!_#0IcIa!y{ZlvstoZQ-W9W4-0Bv8AG1 zS37*YT%M_GsU~7-Ln%5@SE|xsw~3}qQl?l>&^Y`ykTi)pvT55v8_1ee9qDSn;|8ia zO-Gu`JeM1aSeB(@iP{yqp$MI(Bh8jUQ8yr#P_jI+8wgsdI?`?Q=58pdF<-~BE$7_j z1(`%$sTSSLn@AT^cBN0lW~y*--HlegvwH*a`V1?U_K<=)mr>(|-&9OZ^6n+IQ0_{} z!UHrAv{F5cZV6M+UPLKF=hAG5LSrd*!j9AxmUlT>6{xW*J%N;HBq)+}rD#Ddny6aI zI#ags8jZB=gdM53z&;v^YsuNQ{8~6kQ?a!fx|UW3r!*B*PTQb7S!+p&p84{UZz_|h zF3%479sNQ{jC#*|lDOVSKV*}^3ruMEa%WGe`}^f@h9N5zYzp?57Hi-(%L+9qUJhuI z4L*L&29Qlc8q> zHgUCNy^((G$g;&IvJ#b|!`AGlbTk1KFUM*L_~w~lI+c9F2xKf9OWg(e?y5rA1pYzy z_v6av%%5pPC4V4ltlcpbCOrQ;bgCX!sNmRtro18EN;bT0c<_{f^=?L3=T?$kp3`3n^NdD`32r@K$i8 zZDY^&>aFF@PSCYus^VT(Kp}m*iFt)9wP&my|NUVn4%WhIGr#)zuc0U7r8OM`xB34J z501+IKZnDU?fLH}o_2Mm?B>&cBg5)rb9=74^0{u|vJ2H865NhvrdQrar<>Yv)|8M50%Ku{Q z7u$T+Wf3UmevBpHzY`SD+An_D53bz@u7N_Uz)wga(t(mzRr#o2&r-lFko`#kxx>iW+T*TMic?*-fOe--=R@ML@c+eV%m z{NHjNpbjCp9tv;^|I>;QpHdHn0OpZ6QghKxCBR-WjzNcb9kzk6HdG&48W`m7XylEK zy`eko)o}trO>~gKF?zo%)W_Wq1;|h-4gQqjnCEA^C0v9RrjnB?Zbb;@=^?=AgpFZ= zdcT`93@=qq5#QU9PQWX|6Q6qSKF0Gn^1m4a-fI6l9+u?)i=*Mz{5sPx?JQq~cB;$J&Wh{M&Wa1s&LhMl*|By8oja&3*~=1JZ*Dl% zorhuXDw~O(omh^l-iN|g0+z1^XrA6tyzfPXWxeO9ck5@ty!SzQ2fNxWxt3i6+N-ix z%ZmZGkLxn_(8=^D6UjzT zb{i}#`{OY0qh06$}1czG@>!r<-drn>Cku*ct!`UAM#~P|O!A`5p2;*t}9IAz)J_28z8-<4J zmuEv+S6!oRpz9;?Q-;8HYmp^z*!6iT0A;)KQUJ}a%L6l@mkxz1Xzlu?O3-cBVkH1~ z?Q(5sZq0hPWFQuxy6f{$0P$A2kO>;s*%H8aU7p&YzmK6Bw1I@zu0sXTyIRv$!MZCPewI($`5*sQivM{q+S-3N@|5hqO$OkydAQE7 z*I)$Rc?>JCvFiS@Cx`zfHrrYo?25;Uc0_47EU1`)i>C$aS(C- zs#_JW;3`Jda^^j+gSe)#h%BzjxvNW99*|YZk_w_hq%2jlF0~2taD=KcSrvpqAf$UW zH)HZIvcGh+85NzOH_x)9r&=JR0gcA!-PxshL(_7A+QMC%)hl*Xf|!Q*QYR9zH!hb^ zD<&?rW(Ka7mv%Il<*|_p!EkgHdR$i+vJDi3w`dTOa}p7qv$c?VdF8ql`?J2)!izmH!W zZ2dns@^rp>tw~W(O7qr>^QkVRS>A;Y#R)cKU#e7eiFH+?yFB#O7RSBGXFd5ZbFC-; z4-O71_y4>&IoitqO*~7Le{WG$8SOQ|3>YtNiIxou#OR{Y;l8UJ^3G}_+(x{;>_|5qCw{E?u4 z70kDgzJ=lRrD+EL7x$?WTw%MAfI+a=YjNp=H#3}7v-$}D71l>sck`gqj0itxCjJ1I zmF*JJ{dp|;-{cI^CjXBr{vR)19B<|SMxG~-|8<@l+hyQsmVq@~JszXew%GBfejX(M zJwBw#ET$=bNEt2ie|S79+y4$mTmO&EJbiTOXBkdohBAso-=f<&j?pA15k!GY{NSTM z!_0H~=-r$!h-*jFj3GA1QG{j@od{D4iD%DIiX%TGHyAD*vEKV}==4#HXCPA0UXtP| z`GiAsOR_oofBPQ#A&%}4jUgvz2_-m15s9(qc(1OmuQHlqr;pC)VnJi{YO=Vl2R_V9FK(9ABc1*{pHUnC>}Kb-=3eodVTIK!iSa7GXIZ; zqw@Lh=x}(vo&TG7`l#B^=sO%O5NIZjbHNpeC}I!{@_kKWe}?1i!`?j05;h(TW+a>E z6F3Yonn=xH+V>o%-$&o#486q(MHlguI?m5O{~XYmas7g?H7Mnu{4lhNA=D=*OxI93*>e!A8M;w(}3vxH1cQcgI$9HD(1sp zzwmn>O>jhSId4{dB@?Yxmgzdw`rk2Wu6G{S*Id*DmY5VT=nZCwC*lL|UwSCo;cSqh*lG)?IOv5fBp>v-Z68fUxX{DD z-~aHfw+KZiE&N}2SIq_VpTs{WqlP}>J9O*w&%DV)-j>>g z=R7mJu)2g6${u>;%obUW1LOM)&H%}8swZJ$p>Ob%E2~n-l6bac=#w~0=>W#THB5tk zVCcEo9E(xpPJo_EG`)Qfy`#{{TnuShI*Bl%iExPlu@mCVClPOQx&YAMxH{?CoZgB{ z@>$oJE@n8NHw*s``4OWi&13X)ncmN0L=Yyre3zm3Ax>}{;y56fec0>UKgEbLhqkIJ g-k(u>-9FoA`)r@>v+DD|0RRC1|E)V68vsl*0PkcViPa~AiQow!N27NCuJFf+{w zG4XGSF^IF|DyIW6rQ=rwTXEm1*W(lK%iG0;pdfg~X_ z7HgPdcuvZ=4LaI*hr&dC63-2{%ONvp!r~{zFkdxFP9_z+<-RuxNQDx7Q=vQ&VC?U9Kfzu&WgJ=Z@gk^PlkK#h5D%KI>5o88j-2s#ZD8Ljcv2bY0 zLU3%*@p2_3)X^3q=0xd2z%)vwAiSH~Xe8GB@C{*3zzZfIjf~^E)?g|ntqHZUtE*{9 ziEC63g{c58rpaiXpc0yN908CSCl9>0aNv2~4{svecGYhDieBV=_XL%MP=a@9rJ~Vj z`r`k1|4V=R_N80|67umyx5n&rSo}Ie-*+zwM=~0CzSi^PY{R}iJAcuuJOA~dehw5f zx$Z$naeML#+-$dwUS=9^CrI4<634%^WBGCIvAg{}K*X4_J-Ng)p2?5}Gp6vq?Hl?KQpotibt)npWR6yoLv#^S*&qEJ~ z_iq1YX$W(cBH=WKX#x1&>F}NAx&d~XF8@6a;Xf`8S%`v83{wOY&PIvG15#)Pv#B|m z>L1^8ME$Z_NG&T1Su>vnpIk|)aW3TiGw*}Y@@u>7 zmr9ViihS?do2U{W1d~GMsSZ5xfN_}1%;FrMGOCrQ_QEkx&zFen>z0Uev@AS zk`Mo!T1aE)xh7|xr=-XRyK(x;T`pbC)9^U)vzZJZZww!7+s$r1>913f4 z-HfZtJlk3C((#6ur-+O%`m#643le{#u_IJ&KO27YwjZj^iDy5F?(*JJC>fH~LvGV8 zIGOqXFq&@c{YEnFOqT!ZMukQ2cY`gtr35Vz^GuqmEK={+7s|fMs%o>hKK$Yzxh`<) zw|en^Ke?GJbAJ8$J)7r`aq!h;q1xqXp|QJr?{S=V^BnR{&$uBe_&43k%Ei_i4|lC? zt6-T0{PwKwLjrVhhl>Mj`@XZ$jr(zEEQ}B(=?{Q(qVkz#5=U$UU@}812)z86q{{~_P2?7fOX^SHjC-F?6hS^UFaVwQ(uH4*CgAL8Nw9L z1pK}?s{wR#mJ|!AAn#6_?$X15m?%=UkBbmzz>n;Ct*8 zu>96skIz*;H%#(L(mG$LPK;i(_a%Y9&!qY!im487Bo7ty@DQ;1Rg%}5{8ZlV`l$Vp zjY5J_2lKEpHc0Z`W#oE^P5iG}rN7sNgNpI?Q;8Q-zENeQl4LBIp|^G+7JZjlz$WVLq}@JIR~&->hwIfW ztT9K#R}aYWjA@x4&#R?D%413`L>qHIZ{t~CgSU|1`^esV$hlm+ySE9Zehf`cDn?SA zEF!J5Pk_R1xCq4i{q5e{Z0)2u`fMpStF*;W)Wl(;>1(kP=J=88JfxFNegBV#GBLQg zl|hoKyKFPfpi^YIb;@EgA$cH0-_E|idsfF{4LP z0atgg5T|pgdq2+Vq)%RilZ7_j-pXX_mfadHl@kxBx|wj2xGG%fpIkWiIWGZ$qxK$5 zO);LAV+%2!k`D*PQm5RXvc}35eZ1S(byU($Cu2LrVb;esf}@HuU30k1MYbmkCb2gw*qBLE2>qk6G{dy?jiQPi6(Vd-S7ES2rlXV<*;A*gTBBJlKYG)xUT zc^*!?!Q07ozWG~hUvX! zLgwoPx1l|?{XHB#)%+biZwh@BxU!K%hE(K$TdAI26XxFBA(S4LF%^e>$C_yZFgkyW z4}?XR)jQ@_d}sMsqeMskNMZ8>#zM(b=ig9oM~?ISA72mvB&JW3X<>J*=c!0Is;DlA zDdpwZfxeCESYFFnuF!q{@3%Q-n& zw~|sNnLGU~k`Y)hH;gqR$Z$>((EHEtwu=+q(njQSsccQ-WX;Wb_)`gbqX2OBvd;jYQG99(t?;qGIiISBnLQlLl<~o&T!`$8Fy*60)&MrF79lCh~Jk zKd-XK>E)0*^;telpKDC10d@zv75(6v+!0r9M1|ENt^cCm&_#2aw=yN^)oE?@uO^&R3Xdi3r! zwph&rbB6Qi7-aiI%6o*e08^>b0S_GrHZ$*dc(6n|((H5nai-H2}pGm@*-V z&-Zm3ZT>tfQ7pFn&;O=ue>VQ>zHGLa;~#RWIBMGu4>id!g(L_}rV>e}A!Xd#)^VQO z%w6p!oJp^4{PX*9)fsrQo|;f6G;6COhAB6ukTnT7Rju+%!CjEn;Ch_I^bbKw3Wz?s zw5E(fbQ2XN__Xv*&4DzD4t#8Hd@lt8Bj1O8d3#(1^MZAR%fg>ox`>sDf_2Lkq)9f6&ZkDx>>0D??0N@cS9y-tz)_5?gF0~ zG`8SkkxcAo^A)PdICkVzrWWA*{au&maOyU_l*vU%kZOr)cbnPPv)W7sBeNiN|F zUJz>$@* z;BJ61S8w&X7B?+uo@H7NYL@Y0<8?XH>@UaFASYWZ!NQT;4Arqg3C^fc<9yNI0L%9g zql0G9NlonW1cs76-T7TIXGajtBMXBwq(b7v0ca|n@P>yNns^Vw zcn025Nw$KeK2wsNo-=DYsNNXa^2KM3?4U_7)=bUaKQURat2;(q1kzZ_MWk~QFeMV1 z6q%;bDRnfM#EC`y7I%vzUtSg{V{$_sPa4COem!FA*3G>A+SX7^e$4m9MnRo3a?< z5a&p96l0%})Z?|C62<1Bhpp?ud$w{!&zqT2^Y1`t1RmNeateci>9;gdCR!3;`{?B8 zZ>PWz5O3_Yo>xk-;G!||F^vYFXqGqj@5?aM=IBiZ;I>$%GuhVYDTr;NfH|o#J{k!p zgEBlQ z+y{`zT_!^AXV1L<+Uj_di+-|^l;mt{|J^(t(s&+QVir_0moC|m)nI9uNeGhdZZRi; zFnLy&L+z`GLXbt`GCQ!eQ4m&OCIMgxa~lem)}1F(WmvNgdDhyo6>^VPQxagDa;Re!h_9j)MNPMTZ% zHA~g$w$hJZMwrxOIjoQMM8>P3YXACk!>ZEOrzP|NlGG-GAQ2?A)kQ@k_lZY6wITuW zA&FENCr7f;qYIp=oqv32c-W@v^FJcng+a&itp;d+c~9iD)4lC^p)|vz*P{2aD;k5$ z+{S06F@2&uYsgnpq{`NSVY~>!{GZzMo!|Xog2sjSw3&XwcC>Dqz1w68 z+sb)6@<%BFDE8ra#4cyVzK`AZx_<1hh@o7)xxrjLaMzW;u)1j%C#hh+{8fd1+Gt68 z-_$5d(!SbPs_1oqMB!_w;l}J_8x-aaBIQ?)y%r;t->$*Y|rq29?Lx4gp&@v5Yo~y;tR&V+% z`G~On`m%yLN1co3!;BZMEj2SU0u{C&}_Oe!LBw3)c zzFj`uzyj;5vDxTntI)TVYOS^?A;hxFUa4(94RwrmSC2kri&Ns8o)0o@rvDZkv1jXrZ^22&z+$e7`7 zovIt`2#Wcj4R}YFEl%K*pE1nRWAr&|Hu^#}XEWmG#}$UbLA2=AfKCsc9Fa#GZjpEqi}K~RgHe#;c$b$?z1jpD zot7kP1)A%5Vh&fMn$kwlUH5d?b~Uz|NQ*RA`Bj(_phKkbH}G+jAxr40mMFmOybR-1 zo;*Tw z*=3Fn_x3xzd)eU-4WAJUT#aHn5Rz8};53ky3)5;TgoB1_M-Sv9&{_-P!<;G@Uz~;N%uGs+>l*HUNmqwgbl|zi8#?tZ-FM#_~Duet9H*J zOnxO4YdsCV4GDSP?!WHb8=rROI;_EN_Y}vW%TBkPJJhmoho7Fx3+}ziTYtc9N}rlT z94@?oE^e3ev{#n`r7H{+1B$<=TVNN{2t@doK?L}_gb@hy! zYR7P^kpSE5SM|OPf?>=Dw71>nfu(z}zAS<*_$r7kOw2!GDA0eLp$sbQBm7s3qwtjZ5a;x3F#yp}m zpCQhscUsU?;TlBp)Z7r~W`{V8nYqmMrP(67~+$#!g*^Qw?~>C<4u(&J`p*eBK7bU!{A z8$Kb88oO${0;a{|ImmD;dWxG)rMW8lin}ajxx@;R+>s)swwU)lAR$O2Jxbo?$FBwj{&Flv)VVRyCKEq}e9vh!9W> zMA+2B;G@K1^!pW?kf6v#($Hq3@c;DQO?hTa*ZWOMc3U1PRZOGl5)-Af&In%euU&dX zjmM&uYz-xi$+p4qeHD4jUYcanBVzyp^+?D)h$b$B`@In}KmDlD!$t9ft(e5d4~}u>T_-($n(uxmUTzYXc%>b+OMcLH z@v~U74~)Aw_z;6u)h$1Ps4=fxC~$knwtkXpOC>g^y`wv@mGxAw_0D>m3Yw=KcjTm5 z;lhm&$%Nj5*JMw3C7EOTwe=J&al@t<5&7+nsfcwmje;v_554GrpDQ*EvyoXBVlxAd z>MV^a9atmG9XsWGI}O&Xyq}r&je`x{B|p<@b)l#VHw{PtqRm4p!O46aC%6n)+4r%u z#SyJJRy#C-bu0!9*Qw#I2vmgtQI_I}FtoYU@5&i>_-_Cca6sG)`f68A-ZujEoG?}0FEe>hFr=I}}t|4=|>GyXlLeb_N zq}~f0{(R@8a*@JO7A2C2)}v$EeW2A-eFi#1D><*}y>ITQJEZDi+qv?A)}fdnvi!VQ z3C>5r6soQ>hMw7xCm-0Rww61GyuBxu*~y^`BO3DShWbZ`u5?@NF5PosDa>Ch^TrKw zgex4gY*oL|n;P7tFPpnkV$-Vm>gW2!z;Hj>SIZUUxm8=*-RgLxN_FX$f2~a5lC*hC z9R1Tjcv-QHff(tKTit!a(5I*85lDmzx6sq zaT-hdNk+5J$)QOuC=HRWx0tmXyg#7;q zQm?J}?(+X3s8*-MwNLKGRe0y^pEhKq)9qSKz&?oy4ek zAa@fpa6av4D*V5Zfa_a}z9<9t2f11S1SyPKNl+Eb+tozF{h+b+4*5M{DHRmXE6^h3 zq|Y_30oaP5Ad2lE$0*y7T{9C!gHIRJS{j;hp=Fo-o^D z1WFiNbvw=!<2tTvrK8*^N#cL@RK^>$5f_!qfsYYd6u{*eh|DK9B-37tiB%tUtLe zL9`MDXVWf8$jesGC**zZ3?+YYylCa7Aft%mX%i|fM>!I+-O7lK z3Is=%t2oH5uNxJ>A^M}zqD+L5Pc9$A(2?_u`q>Irn3+vL1(7&$E!5Ge&z?SzO-P-$ zY3R$Q0}dt)0}Rf&27W2#r#!E4iX{!98)h55k!YzckAgJR8ps2y+7Ph#kJuwtL$v~E z#xjFfkZeIdIN)YR2jdVrbv$NR2HR;SBU3=eC?b8(ZwR~Kbm?VSnPeTW`^cU=awLf{ zsYsip99cE9q~5IrYng~DXz@v6jO;Yt8DpraoQb{9E$f%qGPs}&b1GAb-A?ZVqpf*e zZM*Nnu50)J_m)T(HqROBzgY3BJ^4!#GcA|%0~tH-?m0^%soAxH>a4SNGDDuDhvAhM z-l6)X%MF96rDZyItd@_QaayRZczwOU75lq`o!rTmqn)}O+k;3gUPJhB6ha$De$ov5 z!7tcTv+)D(q@;zCOvQ5-BbkV;B0eky*}}`zvX`{M2KSCHQL?Vdjx?rOG3W_U9jW7S zc$clrSeG%7E4gy^{`RG1tWjy&xve1vG(&eAJdGcYMVy`@<*K&cYR^v!PS3WvQ(hsj z_-5Q#Tt+;thKf_SeB6}}pHi~lUOk>0GPsNh6t3WOhj#HtJI~)kHgHj~oQp`f8DUrU zCM5j*{ijAcfPf41;#NVjn%L+u6-sRy|9D6dNZmOD8(aG9`L0C_aUqKp1RA)O-p)ZW zp_)1bW%#)?c?~N6ACE%Krrhy*pZ4mnz;rlKvQt{LREtd^#mN6z`UT}8CA>9-DBtZACQoS{CgYQ} zAzExSzXgH9BxunpRMxkYZt2a`Dt|zii{wW`z>$m08>VtBe^9mjh4RjW{$-*K-N;f@ z!`p1dttK^AUo(I*YCr8&XEDVW$$^BaY$r~5j0SSL_Xonwxrp#{RGWyncaj-Ec(B0@#t zT8A+(UNj34I=9u9b|Bg8yi3k>+wN#};FY7SHRJcUFTl1)d;t}IKfR-!h8wiPOyztxfqXo&R9|L zSxsBiwsa$b!}R@msH~!{z0NFQjFzpyp{10mAVc}u4>cwn@&r56Wcw6o3lBLmTnG73 zpZ*8h12BmA^W=qHf`Fc#L|?dg8z7_&_u_w8wd^<8p+P*uy9E*EGXO%uy#&x`10l1o zaK3>ZPbeOH@cXghSHg&KBo94%z;(APY~Zmq1vZxKoY0QvH?RG735Zw=jb5-DxBCZa zg0$L8L0aGHUcUv~pqav?5TAiE>`TD6Mklp# zFQIdo0M>%pCST{Ldq;cc_ongh4qgwhdk^fqPB*V-?2y{fr!EbAG4b{x|8QjVdS#lC zB2BZ_B51-92G1Wdv_Vv(beQ=r(?p!3xS8FX)8?y#G-;v8aQ?aVza=z&PT}-4N;gZ^ zI}$&q_xq+P*vSJ3X-_?1HEl2bx@4W!-WNUAXD!|eU=~h&*rZ1L1sfwIA_8Ow^up*F zT;b;~2d4i0LT2%^*vi7SBN!YJZufw~)L#{9fA(4a2KJJKbd+fF`N@~Q1Z2Y6i@jhSC2O=Jq_w!m z`z@j{_L8VCEJw&f9d7c|7PWWM2r1g&tX3Pp|L3FB6bl zL{K2Pr(e+iyNEO%pch-4m_W5i5#soGgK>4*0^rsJjSk9Wgb??9G>8N*Q|xuc@F6ej&q2PEJyuAx){}Dc8nEO2RE@=ZBOiCYD{89 zP%GIbab7@X@Ql~JW`LR?^QS4u>vy}JL=fQGo$nTKI{MujJ+HLxAk!?LWdjBkM1*HRC<2q$U2qLVMAc;pi00 zYs~Zf@E#C-#iE-}$X|A=46OUvJ0CF6uTHSUN%}AJXHP;tCd$29YeGKzHtRPaag7AM z1@kXH@_`>I8GzEgB}D3RhCw{AEXTxNo<*k*t0}!MyH+{fpKO7sU4c2O{25))lK-I;1JbKG6xv~v{!1HTQC0p{q5i}l_q=&wLItN_r6NC zIkQP?dzJn2Y{xLSmn79A#?+kMioxzOJ)nD*_-*)UV^|1A)lg$h;hV?}BUJNqeR(Pd zx`Khw0r#v(!+ggt5!LW~Iu907PA&Ep5rp|VVs`vLul%c+I*kSB#7L9#1I`ExGdCJY z1*r(e(%>`PZ}!kC0k!^JetS~r1t!DA^B+G;6Eyx{jJvd)8l{kp-jU%p5ER)|WHAsJ zo4^ucIz>3SvnEc;-4~@%D!wRSlMk^f+N7t8>kQ{Z91H>i$=zK_;pk#Qe*cQIO^;3U z9FM>}T1WaMRtxK^Uav5wx;?j-cC#?vQxOVJFpxp)l@60et54-rwr*QK^$phV-N89< z$#7Cc48e4NWFw^o;+u-;VqvpR)hjizr6lu2C;qIm)B>w=-K*rHCOn2t{dozmh^rda z{c%(NRhIWzpI7-+{#E>yf!9s;MkS3>N`%6rHvGkI%Cnpg6gg0$?LfDI*K%0nS7;s9 z`p06*jK8tK;yLduCLlmpP~16qA-T|JT(lNNQ5TwfUi=WFeya(O|G*$Y zQDOuarOZQaH;3r}eWxjd{>vPrlFShHHYF?&66@)$?J(Si@dI}eV=Sy9l|MJ3uRXtQ zZ_dBx!5BW1^&xfLrj{Wvbli&DO!4yE)Y_~h)Y#ISKzI@@fUR_wtEgf|9f^=2LDfrq z;#qpfn3oeURyFL6I~RMlfFoANtvaXr>+Lgw90mbu9`Z8P&$R9wH>~#-rQdC0A%%Q$ zSPiTnqvG2vx6sRqA*ORm7)xhZR-mdkXQ0#THTg^x8aGpj&P zH3>&5gUz@Tq`LhISkSf>w;vuNH4%8gI7r0@HeH2Ke-wMN8+E}S^JUeOx^1%mA-{Yp zfh>tXEzK6*gvD-(C_AZuJftZ__Z$nyW2hE-r!iiquQ_MWY zJC-eiVuEidun&*W9^Lg`voA_Xjx92I%h^4>N?eo=WKwB{sSiA7`C?e-n>Dxa7C2DUTvHX!G7(Ge6SuON&|DP9=V ziDEs$b-oo{wNsM&9<`-s8!r}*&#{3yz{Xz|>HG>r6m?1KU(Nq5E!~7Xa!I-6z)2oFS!P_vt|{(Z zS?J^>oGG~T!;`GAU^UAFeCGo;VZtl59-dc#EB2UvOl#h;sf+n-Q;Cjf77yES{?Q?Z z)pb2X@L`A_M`bR&kRm{hRCX^#71SXK#iY+eQLpbm7fj`wd#FbaTK!ypq7ge zy!gVlJjUEtDg5#^ezk?r#iGBufB|`WdOlyPt`|4m{;j8=QPI(DRC&$_WF7Mgj$SP5 zWU27l$y=^na{`BI>$u{b#Xll8MXI$dnTTS33`h4`>bUNT z1xnSe>t-58Ge4R|+nb`IYb!;X1d;bi9AG{rqR_-a2+V^Vb$QWLUl>fa7SB?00GOlq zY-gZ239xcA7BJ)3s@MM{*j7}0gS*`|rmEB)&v5 z+%UlY2onME%ARmMi&;CrffGpLE~Pk%|K7w4Oa@1jO~n4CH2yS3#CXoImxj+vZC!Rs z4vSMjx4eE{D)nO&S~DbpXmAZOCEij7cJ1NeuO;qCNl$qEwVbnJN5*8#rUN$tNyiMu zVxY%RE(ayK`>C?aK0Aye?A!B1J(TPPeG|Q5@Ywl0Jdz&0ck{w4(xHb$BW)f))!;@+ z8b<0!I4A)56bz!h8r*@EeW#>2ox)v4d!(CrSE)nh&0?UD-|!vWm2N%Aayw>090Dpt z`|7Ykg-Yoju_F*dTCqA}m!}@qHr{<`Et9B1scSUOBZx@_DZYlS4jss7(`pU-L*KG?k#~ zpx4gL?>m%MeoXp{s$i6iFjWs7CFtksUWiG2Z|l>g=_YPFUZd2-n(APP42-6Ml14^K z45c(2+GNYNrGtp`eIw?cvV`kbVs5Mi&bc*# zD6ZV|iM40aAxD8yUZGSJm%L#hd}Lv5wWhzofD9A=Y2PaKRlkf7)?GR|y%m!8Vnh6Ju%R)K6Vc35DLWO+R66 z9rN2*8|YsXc+xh%%)am{i=}iU@q1ww_VT5iOWH9A*7a&t4ljN93I3~&ovNdMN|9J?q z(b^Jr*;w(`x2$ntNAPRldTbF_gHJ8V3X^Em;(v7uI?sdWOH7Oj#J!D)i=R_LM4}=bf?;MB=R+^DnnOw# zTvut4AIJf^*%`=#xbu<<;s(r+L=L462d5;NED zNViDaiZ$EGzf;uiW>vYe-!>cV-L0AAl0rl;owP!U1v5{9s%d+kF}Cy${9UGhhv#G` zMvcUptxO;639jXOqH75}UF*`-pDkc}u2cganyLXji=i0fkz zxkRRDTDYM^;COHC2L{BzGipM5k+pfrP;Yv0zkoO(I7W_)rBM_>B z|BiR4KQJ$8EWSmf3)8MJKgh!2EfjvG24}CHb-~6qNuWBEVaOy#P)~-fm1F2$1j_P6 z!lGsp4r_@@wg5$&u$Om&Xm#so0Vm~RthK|*EEhm;>Tyd0R}_==B?3>0U0|)+_TVse z2?fFU&tcYD&A=;AR$bbD@L`U>kp(Yzfh)oBHra`?a4d~4IBx6Nsb06@TY6HCHTV zQ03w3uM~1IomDWiGCa&w@0lvE$Ian%yw>ar#f%K%t~Q4C3)=IEP1s)Rk+ng-UncoG z<1y!Z_Fd~p2e=vUv|X620i9h%lj^WtGq?z;c`%lqJ(Psweu<}yZ0Ua?{d2kN#8j!k zC(u_P9v}2d9@j73de-qzIwn6CF3aE7-Kc@tuKPT&rr;Ta7f8vzbx(xPjnOTH9cCYm z;)c-q8S1bYm32w(Mrat`9i?V{0o4Qj6R&A1$QjPR(0{eF?_WSPb+pegG*P1s8q-Tq zUMn|nSIGJt&^ZY@h#MS9Do!p7*ub$flc@Rl3d|&iRDv;wJ`bQxy1mtbi8iNleo#wX zF$SF1I{#SBZg>qGiC+vv6f_~!M#BEI=$Ke48V4ex3TXWfD3`huX{zSoQG8U6R9zLH zq0-vsJ+fxWoI)jz3lFD-c}aKXnJ0B@Fx2a7+fr@iEn9_E4=ZFiNeI5g70XL6Vf^JC z8d9IOixve_WdqZVhWd88)2}_IjjkV0?Dwg(JN~sO_G32$23e)B4oyJ&8o|w}tOr$n zjT?T{+y1iY+i8|tzkaSOCc;x#b-oEH#$)-k(uEKMMb{9Dv4^hKJQi1CeRa9EvAF2i z6BJ#QTz??|sOf5TxAt|Qt4Z4^os4~;ebRx%RCCbp@qbd4hOs#2wLETIi_$I@Wx!mv zxeKVJ7Nw0oEmR&bN;+HvUkw4)N|~s`2LigQR6UlNvO}@zkoH@w<^iKL!yYvjfKls$ zZ)h}<*OFohOaaxXTPQ|-o&7tDxbX@?U_kjV;E?n`uQmUtDOO#k_Q?mhmn$TRhi^;tI~(7~K;pxC?4#C=@q^tF^MJUG z&cDdHzyCW@mvV|dq=>gtS# zm;TYb6#0FMY$2Q2ADpJ+8@L=b?$%hwyOinQYRNkGg+Gf-dRr9Ww4y>D>CR2_v`yuz zS&6hT+;t$fwVLvy0reQhf~)!@)U6aV+EO>7oST$0Ee^PoGJJ!69ob#B8|ChT4v+)* zKi!cw{+5iy#3r z46|_gX!xGo+nZx>i@;FFGXG`^MFUq7Amvmdm^-R0EDIyIzw&F83pkspe+LSFxmk0+ zz{^f^^@gM6n1`RR{G;L9KtNUc%WVxBGh4^k*X_M*pFfE(-k6XofVg|vr*>lNuyea=Kfc~nF`)F!qiT2c1nb2%HAhR!*a+qKB&Pa zm38<*aR^mh9|bu^Qp~Q;zxTF%!FK#<3#}?*bjFW=Pi6r%(Go*kU0l^pPTkuBQFOZw z)_tIof)&ktf5Xq|*4x_00f!oi-eB6Ky{jcdvwWr zen$s(@V*%lkj0<^=O{tOLE>N)5vvwz%-W;<(|tsAAWo7g%uR|qxyB9uC^HLqW9U>-9eoRRq>6}B^o6*XNU{^!7SX+;w>_6BM9dbCK9vmTR)_zXtoCX`BTj^5^(z1vlBJa3sV0jW&ojMiGeO;Yt~Sx zT&BcrH*Uhv_h|~T#{`)r3g71smS}@|%8azjCr;eO6C;b#4pI7suxqU6OS}$X_I??5 z8;Fi<)GU{9@`NKdnAep`oO6{WXDhVMB=#utnrob>i!~5P%@CE{ zhczU}#3d6$cWl?EdXW5aC12;~=lgp4{$m{Ol6fMQIC-^vTSpxkN>Tnb1c@ z@|V-yjXd88G6cmz@k#R5~!k94cGI;7nKUb%B|Vp*#A zw}nKZK8>&;^UM4?`DneECrkbBAR-L*;Y?dYZCGZEr*}Kr4VG&L$MoP&Eq}9WSad?11oSw~ammd2^}9LzeVuO} zMqUKto5pR-7%EbU*-B&HHay8tBpMm+twlNF>{0M4c)+t9ukcn zEO!UOxy|b_>h@Bf=IRSQ{w-h}$ zlrRB;$=E%bcr8!S@ZYOcU4$%)9XQ{&4KRO?xizq1;0)QCo>Gz?5W^HUlc%Q# zE*R}2lh2!$p(}44`Q2GM=<|DQqnmEynZc%B4igNZL%Wk2QaO)Z){0~kzdh~}P2A?5 zF-QQ=oz&i;SAQxcu$<7)lHv>3d2IHoy_@P+`x@NXR&{XE8#CSMfbP{?4TGZAv8R-o zvts^}6l5*;kQGfT%l8UBZ&-YLUMM#>RV>z-DwS!OCN1)LECts@#x>kzy7IlrL5LKA zH~QVdfR}hSm780_X0w@N0ux&4lgOmC?>J^F<%pD|SR;6gdh7rA^+fpjm;d?f^D|!j zga6|`{Nsza-~at{rw;P##{YeH$H4z<%wFHu+1c|GmHT-%o=4vPLjP;^3wg%hiW4|6 zpwDj!zUAAuF!~yE)|=oPy?|P1ia-l-1GN@1>MPopoRo;B^MV}F4!i&G!#4S9?QfZ_ zCPk&&Kepe}cg1jN#Jk_tH_hxOl2CyAHp$`cbBPS}YF2w7`A2Xn))#*{Zm+ zf-{oU+8dC%cPUuHYiex z+Nyq#ZfW_T#Y3o;-kl1N-I-MS3IaVE<50=i4l|9dVJFpNd*kk3PD;Q};)UvlDI1~G zM*|X;%&kIpmLMz!wOw!A(xYRpVUkB@KH80_4qmZ(xF*k-F{h#|)4s>WELeLkr*okW z`a+vYiQkZ~v#|D?T88aJ%2J4ux@k7!@hfryJ}H9*!3GxeXj~rMoiIU?>xuQq zoRa4)Xqj<}oOgaJxdW=MKe_-{=~fG21l_<{2ht(D^KINBmjB+5n2*zwC&4AJm_!;5 zveSX)SLX*+6&j7KsWFd+NF!D8S*+}>3?5wx3p5uxu`Xh7n{iz0y01g3ZcZabLQN}0 z!u{aPK<1j)$gL^O68Dgn)G?uxrHn^SFcHz*W4Y1thi5XyLw7oR7d_m1M;8@(1q~Tp zaN$oyi`Hojy6~iD!zL&0R3$ymB*VZ0*xmRg{j@v4 zISBQR;7X-q>{`u7-Fyzh1oa?=>l#8@DJ+$2FoZmKCn%Hx$F7cuJcv!qzi%zT88$;D zJ|lTdo4J_kJr-WuWFR%fb5DuhBZ4A{65>0!2hx>u2n~GF;N{j(wUp z@2}ONE>{F#&W<Hm8HuHrXGrTPx zfbC+56~be%)PVye^Is%y%5Kop7rc@|J&AjtO$X_2(PER`#U-Q6PFCq~lvh>a{rp7pq%4g!#0#4aCa z-jIoAZw}p}(K>96)q7~_;Yz?bW}$7|Mw?DewsQO541-gNs1!NEuvdPOb`eNzk^Db~ zRzf@Qry1j=Etc&TW|~IM6y!?PeBII<_`y94l_tvijaX&dO&W{Vr$+jzF$ZDD7S(q3 zPQK&yQd2-1_%DPrXFKP4&jU=g-~GB7o#G?>O^H#LB9Wo zvUi9Qt!bh*%eHOXwr#s^*|zU3+qP}nwr$%+*Y|e+gC6vt2Pe;oSUbljS3D6rPx7qW zP|`H2z(1DX2|7O*-A{yXgWZiKe-Wl&a-OmhJyHFBlb=n8mzz)*LAS?4#IL`=7o|q$t8ppNGYfGa_qWS zhh87edh;VXuE`2f`&DV*w3E-gddhmtpQpt_pD*IBP$n%rOTN%|k3dmCQ4r z%L}zFCdd^nW86;e=OEJVEW*gZK#vo-ADkJ7q_ObA&Ap z4^vhRXP6@-PgAg1BIhoq+);15R-aHeCRZ z<{Sj-O*}~G(`aFi2OJc~xMuEyI&Hv(8W?_XH7mefpz!H}Hg6kBmj-QwSh9G>N3e7) z;Ig40DcbgJQ!TrW&~zfUq&v#h&NnS%h%YZeAN<2wG9^HVNxv2o98^IH#kEAp)rMS6BVw!$#4kDu=|a z>384IUfqz~LW3(AabRmQ!L>mtFF7@^l)b{mk-k|iTXfX#kv3Ce7oQJao6F#io4%Zr1rs5c(Kh;CuR10<%v=2(~loMu3 zM%~@+K3@+L3q4sqII&JzdiVd>Ust&$XmEe4xe%nBWYwH|JYQN z&HLT$Y62wx8ADWtkJXsOrlvznn&miXxCxD9r}g|m-onWYP2ncNPDH?3k#i8&{& zi`1guW|LD!wQA7|EP0`~9O5P~#9lnFAe!`W3vgg>7Alq75w)b$Z+gQ)&-0!sjQf{g znOfw5aP1~Fg4#HTz-gh$1*!Hf+*dH6@E^`v>!;Ku@JozP!4Ruy^&YHm{`EqM%x9Cq zMo?2P6Eu*bnktzihOxT%;q34-x(azY>$TT8m@f0(nXbFh(|MUPRJJ(!xH@sVtqo4C z9i{)>t~y>R9yg5Ar&~e9*ON1s!)EKR%9*e9gKj8->B4pY`h%(Mw+fUoUwH=$$zrM< z34Gg9iE_XO4pR6Bst$GjsEdYi+oMP*Q6LlvLJ^2iia-Q1kRkwq6d@l(Yno65vK1{K zL@3eUicrb`l1?bGxBfSl_)i-XHHbhuYdQVjp8v`C+{4sv?dIT}j1sO`dcayMr}qns@44qKAK-s3>?^?UW&;(rKjjlCp~sLrWpzUZ}?cG0}c zp;OL#3$jmjgWz|?U6i~nY6xh%$eWkHd9RJq!#9^}90!%!I#9ZJZW7QWQz8ZhK;u6Z zB<{!cgSf>Lxso)naT@t1183a_>swEj5?xI9w`r{TtY6 z+be%UU8jh5+0nN+ru+2U*EY66H+qsNHZ%Kc)v8~vI;|gSt?&5KUn(@_0{)Nb1S4e@ zllQqeTo@i@AMpCgaKeE_wS_b~&rT&0DG9oOPXvW1rZdrc90_BfE!_OC)w&)lw=UD) z9&mBg7c50!#PU(ZBV!p%^0GehWBuU{6^`w@|VBR30P2ZtqT*zYSA}vO>M7f z16wnuETUqNxacAK?%>;>E`Nt+rOExp|8XK%+I3oV#@`0w;1gsih=w!%xjzH+w4Iit z_v`*1d73Gq*VFCP>j7Qf+CZ6$gwyO_uKNbvaeopu26ynrkd9m99LqHFHo$aJS;?*t z{CCaOx9)Ew+4dZ6h|0@!B1X6~T!tRift#E&%s9x(fWK#bG6~O5eSkc6lyMR9;|6!o zP+1k>7g5p|m`Zvb*hG!ad!I3^JyG7_Thp=~s?J#>uAE{Nt1`$ykdjQg_AyA+qxKiD z4CGI{{Z#FD#T;2Ni-TK|;iVXDbX|LlIEx}RyAd~?F~$jX!ER%=#~oN$0Q6NO=>sdw zKq3*5no&6p)*?q(#qLEKg0in(%FyUCaxAsNluYSj-sCBgd8C6N<`VKnhfG;}&?=w( z{qULPxaxyTPCKK0jQ_dL-z4Vc0;o*5grmBdLZ43DsGVD5SJJ@mc8C^>s7w5CZIB8! zu5e;!;bEUlj(927^b^srO-^zr5)-)|H@QP#bo>fE}bP&wX zbmhmU6m}QE3Dl#1XFjtKGHEAMFGt(pLQwfM2LVQhr5_#?FQF4|tPI*t#Ws@;nKDE7 zZF_M`Zn-*e%LA;>-De-2gHG7WU+j3xE;MwW;fg3~_RXYJar&YKFA6b9Lct@b!Y)9$ zV*|to8@@o0M%7^k$8<~VY*TvA!gdV~S_u0jqc>}#b#o+W3Zv0dq8;5%0&(LV?+btw zBN5E)V{^OEjD=}2UkDILivS3Vu@3RpTGVk|8L@*0r~+_tECIQpb>9)eE3@P=srREl*zWg(98$LU=l(%ebxcK0iZWjdHj7DaaC&4-;ZjL zK}~H?pCxmK2s80>En3`{vblJb4L@SfV(a%NMdD%31D!Pub%SDdy#!*mv|>$Fyzx$9 zII(KI1ey${T`?5ve!DiXH38aU#Eal=g0ypp+6FmCQJ^{yUO1{_ z=`3lmFA65T{MEi|Gb{%A3aCoMSY$0Jh(hWnBg z8=@6BwZ3fuRuy+e|I4g8#dU$|Poq+Q73YVw5s&8krNy~LL;;J-Lf69V*1~S0B%=vK zVp@Rs`T%S+tthEHd&=KH(L0fDt@IhH;Ag0WI6T)7?NBT^K8!4l7Z@*c%XpVewfz)> zLQB$Cz(krT!jhi5Ce0b<6sAdsWzKU!ZL?@Ha630ovzHT-(R)Ji5t3`MXXZFfIzwwE zt@9)rwAmHgf$sPsbgehKWfhS0U!W$4`oGL}xhKu!c~)AKOmz2SdzIAF)po5aJUh>65hv;oCvf=Ei^mkNPmN))2M0|YeG zV8l?j2FrN<=*VIvv>ND?!Rx5{P6lC?wT$D>c*jshY1ybDYyx63RI>Sjd8GsN>$N~Q zH6iH%!z6%#Dx3-)kvPl?<9Gpy!0mZ|iZfZ1c!hl2t3?|_P!w?w41AqmN||&>SMqs? zslt#B?05;EEQ=xjrQEYWp^^01Lh!P1zb#rbLkD7k_sP>Vm9 z2xFGL!bEhMK}dby3Y{Ns%FfLsEqkh~;o zTtQU>U`YQVVlwg|3gG+91gk4mL{plm5cYL#tPQXd@N@JwPI`z?hmq(E3ao}k&W+Gt z)vZ4i@cRe`GY@RdxfBK!OEQjuysqw!+ZK6(NCp7P{51LF`+0I#Mq~_N6o;UGJ|Q#O zO4;j?;VhSv!;%E7{izD=A32N&;j#-S8)a)JcDXO)d7jIy;Glx9@3du>Y;S~ip{-4ja4+?n3;p&Aw= z9(BBu|Cd1)*^y^p8*QR07T~3G!)+?@51C=7Wl+LXG3$H{ zHiTz@VKi$Kmg*a+C|L6D^pW-D=EjH4V?KNM*WmWjN^~AL)j&=iO z^*_fRfXc2-ORXmM&o_&Gs4sYA#I5+%FO9pwnUZ{)0si^Z{(CuQ^-V%;%FM00Mh<#w8f}g)EC3&Ir20`=`D*U%@7yZ*Z^!o0bImjF(iQ>V?lWeJ%(bEt~ zMC{4D>(W6EZ$9TdFu#oHcVJ2E_Y>DH1+7ikAf zn1QX>t*0!#IW}R=~A38QTPzxoKeC`)QKQ-Z4YDDz}bk_`;SsMPZnZAXOn_X1=n5 z#^06$@g6VSJ-y3T8ariha5Dv9Z(kz+*vZk$qkrff^5dd#>J+iSiyybQQoPz@a2LYc z+hf|1bjsQgIr*R%L(Q-?VsDB&2*PoX`LhZ7)ny=kR`NDn$lHWLA4-Qz$D*0C*HjV? zvTk`C$n2vdP{|uueeXL^ySyHm9nr&zAm? z>ozyO4~L+QWMFLP+Q5E9(O>3B^nJXIoscDoLj8JScjc<*V>I5GLnM3yGJAP{0S1Tjr#|v=N-Mc>Pc1-dq zSh7z%N{DlZu#RoiG2k;{Q8;LC?n)gU3efTX!>d*&NcD`#*ITP~la@4|xFNDK-dQ$F z@6qF3=cGw+6kBhpGndJf|2l-p!9Gm+U#uzX|UPfsT9AXY>zAu8OcVI=44rI{leYU{XI!d3O_v%@qVXIa`%7?)WcsY)pltGvl zv>ajY7ZJ^Q;_J0xxT1WNIgxGHYP6*^zgGK)N(e%*rX^??p!8R9puA8{d|XH4$eqVU=p?1gj41-P zk;)O}QU+_tiNs@oBXaj>3UF^YX{ULaQDQ~cTEgMydQT2!eRz5OQg+BP1IHaEkeW*z zGfUii_fG34&76+{MVv1@KDV=p%xd)9+5hp{P{4QTnriY8?C>vgq_;%ViMbaPVmD1f zB;<-PJz09*vC^+#%s5_Y$d;Aqe(W_}>b}F*0N2 zsp#QG+b*=z?2k^JHRM{%L`aex{>HHs!0R4P9giyazn)P@e(kG!uFGO}HgYSn|1;n?&8y;;3al zoV}KJ_y8S*~;9V06wH3~^S$Xc6g2)Ja)l&BTP!+ZI4rD7) z;3CgRZQK&cHlOOuI(LovGwo!xfz9K?XCnb48CBjPn(4BQ+cCHfy2vJL-YwcP4jHSE z`RQVBu=g@R2OiBlZ<_sp@d*5e*DXP$N6jjjh7;bv`Zs-P^r{4*juZa&HHKA)MI}FM zW0iFLF>R$>Jjs?Ly~9-d&1#q9#JcbqQ5^x_omvM~`3?-s+T*!jzH-$)%!GH@f7GyR zLm2+fKLSJVK;pF|L8C;G#Ibq{9wV1M6{3iqE`pyKaptFJ`8d$ogobp@I!c#^<7SP7E&+mMmoULy1g+78INIb7=^& z_v|R>rJcWDr2Vq-&-lis-FI?m4Swg%rv$X3HF>kIjK^DW*XxLAW=944^VNW0;t}tP zVXP3k37R7#C>+(~I>5cU`YY#=U{8 z1l?8@McjmRZsh(E(6HxG7>wH2p>o0Bs>y6h?U5<;21?~WHmsr>T17c)%e0VH-*Q&F z*hAGdT>JU4SDdnj1zTpR@QMnzI5FJYHcxBhp13h~@Z*jxQ^e-TSUvZdwZb@XE z*ZuCi0vm@N&kBFEm&3UCDGID#R6LYk3t`Y|6g2#$+qmP2o)A+{Uwb`wyLV_St1wKo z8SMFJfJcI{KgB9DmQ!Y{BEr2cL)mv1RHJjn_-oa#%g3aybbNtlaHRANJxu?Q3a($m zla^@QPuD}?jc}nqz1>?{s7-8xd~^&U!fxjhm%I2?>{TP-PYNECr^PC5Xc?``dl`Aq`P3+vs z)b;tHlP6K%U}Ds~e(5iBD@84oW{aRnW%YK=6v9x@tyORN9Q8md!UK`N;~?q^^7qse zMtSEIT;`EB817_=!}}*!7x238>b1uZvPhwj(#oMx-!?_OOnE$V z0%{d2EAJomAfmj;`mZr!aj|t3Ip#95_@!D3G>&6X&FGGGj9EIW;rY9uxS~y8A+b7| z_oW&wd}w0al`6vh;2RXq&D9{E{p(#ZOt-pZBI_yt^i#DdAb;`_1Ie!@#1pQ4tD0H; zxLdun76r*;)S$DRH~DSK@#%yeaZ;ytM?lJl4>U z8$7n0=d-|LZJ!oafH%5>-^FH|-Ha2SpB5!U($5Pw($LQa%{G?Q$+c_hJen{Co(ri`Yq?llC8@`7rR?^^fY%@tybu#N@lW|2Y7in1GHU5#FlWF zUcna;Y47=OA=L)HM_L0qLNk*9N`cktU?^=`8LtS=#!)sm%8ss0;C|a*$dct`&2Xff z%va~xQn^z0R`=>sf0#s>%2ho2T0TO3#ZZj-z0Y{`Y6wAy|AeR8RY`L?hL5tAJI&uJ50zwBFlJ@*i+& zgaz|^26{XDHePcflGe??6E@wT|06rJS=RP#zh6$jcxTt~V+ymm?`SzRsZnJ z`?SO?95pvbytwINRn_V0Y?HoAYaHqrJz?u^+5gjdOnAMtHXcRN^3wKA+zWbYYGGyLrh0Nm^`O2u!aZGWmRx{odu3I3v9Ehwc#g;wC4ao@awW8L#_CWAZp0#j-%jvDPbNX0qdp+EL&Ef$F znPqeJe*F&l5!mkS8tOCa-}0Cl+M6$q7XM<}5m!}V$i|XOt@J~89g1PGYnS2cqp5sQ z|0{!6*+G?~8JFs~=_bw;p8uHL{B#hvMDZGaerKr%6ddA6x-C^TlK;8-s`N8w?BMxSYH^zV)~dkpMuahaQOFlOE<3{I@Hm}Bu&>0NT|s46VCHdXO7 zfj$YlDXzZaSc8iO#uNjjXwqG|S`qt>{&wuk&JK_yw*nGP+3-%DW~$WWJl-EYf>*>7 z_(F5_bU`)tif){|zPSj>Pd8&N$|&E5>P_Q|TtHTW9FqVRn+^Q1y-|Euos8qaH=xeh zyu4A~AWavzvsz(=KxaSo6}iI&0$f{xB5?YHVH zw_>lV&?W9VFmx?^^%Y=}+XT$)*s<4hEEpwQCyWmqH8m#iy>Ui-E_?JnxMxc}`47&@ zgvpEHXHPqD%Pd@BJ7aa%7`d@WDjXb77z zWK*9%bQoQwjq0iMMAnU6z#o~UJC}b4J7zu(9|~-*spj1_FZM;VXw9YDxXuc%MzM@-3b^;!G-a zSX2LxbW|5gFI%1yZ7f#gk4%*Cy%T0Uz7Ex9l%NHAO10qGB835nH>VC_-M-caPaO+S z`(C?g=-L?oxrYjIMJE36_ z)%aB4=xh8GbU|mF6+DH!wTiw&Cc%D@3&*WtxxZ}mUvTxcQ_gA9Q ze=NN6MHIEN^^<`38ivv5%T5qjjb|WMpmZctP0TRDccV<~U~hzSUFKYuwVyn4 zTvWj{!xCl3Sj$N!$z~S zG(3S5KDy!ABGX>xc%${%$G}Y>wh}Htvfu2Sb^cDimbRdP_k~-eE6HAER?Vj7(hh4cp2S_+1hxf6y9d9*s-GDbJcZ4>PIwttwk~l)$-sl8Jg1FAQ_}Az)^vDd<}$ z4<;;Q;^8Qn)h=7QfOR}jUg$iVuT^njH|f+cpH7ujI4z=`2Aq_+D|D0==iI8Y%Of*y zvCg1VsmQZTSaSQ5eI4Ss@sT-b)4z&#sVrZ-r=2AaNzJXq7qy;rP=XbgygqbfM7&>^ zn)3?SmsupeWz9MdB>^FaP7y4Pggwa9wdy4|SP-cNR5<3p3T15|GBC38kn+s9<5~9* zXe^|I-o_2C00o*CbX2aGccf#?3~9P@nBO&1?1&Tm@fw7DY81pIq{*$DG6%+$3*x4> zwdd|lZ=g?)yDUEBTh8)0tfT2XVYUNzo)wg1Lr`WV2)!h8|95+(yV)dxsDA38j}Ql^ zA@&VlLP9N?0nH-=1sFn?5H|w^G7Xl3OF^?n2693b$;JJEy7s4@m)MWlOZxolos~-$ zUJ4jID(Z^H=DAoX+$)Ey93Y<6P~kIEA%$UVfMa@=ahg^0 zZU`v^JdXtV?Qd%q)!};xA}xtWuA?Z0q7x%-Izao6Uiy9G~h=n-=l;;PJQ;sT8vXw+j2W%tg}@$Jj)PGZ290NMNFgC~p| zqbzU%#JY}2iYadvI09BWnPnzTTel6Y!gg3gPNdKAan$Quvz%2nS^1%86Y_UlQH7L> z7E?FRpF~?RS`;x|A`e9~DeX9jK9T|qyulsd8XHDVJD5(%fBmgy%`yzZ8pi4aa}cTu zs_Qv~EpoC=C7lE_qzJA%v=)fs28IS0RuD)**`y-9B$pAo>K3AqY8EZY(L|ltMXdDS zNq(-btl%Og%CS^S%isOK8WHD_rC5pnJubj!m14R&?kubvaV^0#&H~fdQy2!2%%kN6e04aPw`PvAE2@m5AA zPC>a=x7s%Q64C6@(A#Z7}qE0fDMo?j!ZCScq z#fRkDjIoOtQ0t8DKtaCe^0SJ+qtl) zMHEe2n?9!_F=7SER@uY~95VZlC(!D~uwq6St`qw4CN{1@LynWxdV#3oWqdgoWd0NtFuf*#$mt_5T6Rq?^xlov*f3IZ*2U4 zUhu7in>;Xs=)Wq27%4=LxT<9|9mPUFca4stdJXt{ah7W~v2VUvn1+3urAb^%So*>6 z+-2mMhY%FPTPbnFYs}@}Dga61TP`^cEeoRg9d0)0oBb!flh!K2+( z32a%cLopu`46Xr}4LS9U2<<;2{DPal!oND;@8YLrE0{;rN)F*S`g<5;mr~QX@GjZ( zIR2#AAygvNLsRuuaqB4tScWWW|1=d^pzug<24YmVE*d5`?-pQkJOjr-b1*qt4AekD zo|jn4F>NSz4Lq8kR}yper$^_zrK0t5@r{EGoeC*V^VzGt3RE*{;uH7wCs0!HZ@JrR zp+6Fd@!U>8mMM<{4be?O5_o4>^OO=z&EP*sd)mBP?)F}YLXL0&I{{+*6NIV}NQRv5 z9pCSVN)#kpu-kBCKDND*0t+4qo*WeefX|<&(_d6)@!bM6?I$oEXm-Om0*1C$xd8

G{%l?*251{k|zK zE5d=BpS7C{UtsL@cnX-bGfa03z6iJxCvMtMINdvM$_|~A*D^6_*qfJboJ12!5S25!A;2+-gO5%Nm5Uws0PzU;9H>V7S)LucLF zrSKF_cv2&+Bg`}<*-Y|Ds`=xy3$>1>E=v5`LO1s(Td<9#Aq1^K5r;Z5kD@w~&Ve4a zmB+5Duf*abkwI17WGI%}2Bt^TBGblSjGZyywC-;f0SBujys-F2o##zmKl%DGXc}vX$xb4`wC8}Tq71mHP-&#mX)sOU zu^yAulOj{yw+nzHbkvmygJK>&hd~{;{u%08Ym@cOivOJyJ~ozrNXZS~p1bC^(O@nN za=h@e&8^jYN6BNy1uahZm|AYa=@iExL}xzz6M!UJY6?v_l|xR27?i|J(YPRx>TJW# zIDXD$4=b%^?D}P&sEsKyFM!DwvA&xvAbGtAdBxor<#ci@(w%J*EkszJ3z-pL;lF_b zrbUDaD*unXo|~9uL0XY6StLwV;-uy8X_E{O!g+LeW9jUHDWPc_?0W#Op`5wlW8k5R z_6;g+lZN6HGSr?DT{gocnq`a@Kpc1zGUpzpHmVTz2Tlj);URJF%?RUiX-;-iOAm(# z<1}Z&c?&^Db+r}dsxEXwY&&P5gK&m)glj;69_fd)0}tKcZ_moIiFmOKdZ0lnI2(5T zGkQF9D9U815~FJ4Ou}HNK&g^geC-N!y*wE#JH6&xBWD7dG~RSmbl+&-9vy}VZ1?1;A< zt=XpbQIFm746EF}i89z$1!s-<*WTdG>}Ge1y!6sgw^ST50b4sdqwA8-cM~;wG%<*K zjeET*){3SoSYy&6`f>V~?mA_D<$l%QZ9HE=nU(Iz4j~rKKl*o_i}pfFQcJty*IE~% zWou2wPTzGkd&Tj`77gO*4>3>8(#^Y2`CEj&W|9vmG|!y*c(V~IRBZGO%(+GY=+{MC z6JNJ`wEG>CRId(Etrg&7eMG@PdlTb$ZU+c20*nng?9T!kSn47cMq0aT1HYZEEz^vz z`n7WZoC0PELiw%F61~Y~MiiJg4VjXlrabQ>Fz3RiYqxt~kh=ba8OvI>*qZDqV`Sej zKzx(EizU{{eO>>Z1*;*5_Bc@(iqqn}s4!Ytmo_LRs7d)EXdM}Fn@*FP78btQWV`r` zd5sAxTghn#UGU_=Hk@XEQ}7yVWiQe?*w+ZBQ3c6u+nsePLM(4OWXAAn-O;Q%rx2GW zS~PeJK^ca2WV4q^ucCVoXCpBLlYN3zF?d^Fw)I?G&G@qR^+`^|rK!oY zYtQv{!7kim-CST6HMN$!X#*gZI{==UYPracWJH(G3ICVk;xc^6uW-VMYeTm;V zps=Pgo3Eie8kJT772uZs$Wh9-5c4IQk=Zx88+>`eO{eeO7i0!s7l7f*{6nF#nDx_$ zn}hrP%#I)N?y96%yHO9j{DXn}L%z#*eIxFcE%^3X89wd!ZZ3rR%&^rbd9yi3YhIp% z(6@FGVTYm5sN>hxS z+y*|#+!Y(_i<*JM&}jm6Pf*BK>U!bu@GM74Jw(_nTk#L($8Hx>kiq3vS3t%j+wN^%d|+m|H?&b!C-P z7iGSl0kFogYGSw7cOmWBY?){|rx#^`Nj6KbuP5o+EJ6=r!C~}RrU~jmp>7qA`7*GHx^c#Nyt?T*%U;h@q=8%M%exM~ENH&(i_3 zzMZ%LP6aLS-kYMqi~K*r#+4qt{)0x#QUJ##FlrxF}_&Dn_+rOH&jdZi`;?)GW_WFLe1gNz=X)bd3*Q#OU0WdI4y zxUeVFT*;+?KXSfpX7lE``o)J}155%h$g=25glTVo>;WQ&sCaI5ldu#Lv|B&$>kKf& zTbu)Ej3RIpvb^C;@@KXerz4TeHQ%9(J-lH|aPYk>6@VI`Huwz-W z)-z?7sgUjV92wFwW-)wH#tVh)HmM*g@Z_NBkFIpWru6#OcDtUX$@9fF8&cA9Eqtz! zJ|n-C+Ncb(O*BHpW0g(d#=#NXoe?`9EFeZ7A26@(L~07e9ufS6Pu8s)p4(KS(IB}G z^SMogkle0A^|s+pdk#$;Ttf)|`3D$VtlP-DX~f=YJpMaCLOgBX$dGmvr|#Y-#%Dg%W<4y-)-XZkc@!tD7 z)Q;y1U_yEG3bfF;JTn03UW1ty>mPBo<9&Ly#&dePDe+z`E+9lm7~-L?Zk;7;sMTfk z#8PAtWrgU7#je3ahPIK-_67CsdRI)0GbV; z!7A#$=fnePS`o|N+TGza_Hg*M)jrJIIoh^lB3@|1?)~(qddONFW$FWTE_~X zP?D?h_V&x_Hj%t>dr@G40Ow~9n32_Ug|8?z<{WT*el}%ggvRsq4VK^(sIV=y-i)h; zJn$Slq`t2?BqF~oz|45-XJXzuY*diW%L?$wzl~9zr0+vVRyat4R z3}4c$>)Ds!sc7e&gFrYY+C7|8u~8y1IKl8lbXn^EC+j$A3K=9dozBtT&>mi;R(nAu z5iC$7KpENa&=l1W9>R-_i z8NmVV;9S2R5FQx#HKvC_;V6ZHXeNQ0X?O^0J%ry!8p354r9}f3(P>Y}DnH*63avZ1 zX`2g?o{m1@`$qc_V{acIXQxeMtH(}UCC(XkG_Exx^RZQH*x(D&$HV3k7)5qDl z)edJJWCUN?;+_p&qFCd&jAwgInA%!F;aqlNQxjTioiTREA{+su1XpvYSonG!*3S~w zVu(x}6%d%|nt?p>CH5{?Nt}`1jC;>}tOW4-ZWzAqQNV8xSffVfKjfJjaq#78AImfc$quAMA|B*2Zj`Xq4=#quH0O`u(TKCcG79{waC~cj!|#Y~C-m#%WPqM!RM; zzoyJnnCa3fsq}-qt%N|z%qf8Y#)h`9$`(7HR3Jpf_r~tcy8A^f%FLaoz{DtACmM$0 zsdcS~phWWok@nZ}WQ@bhr~wDpRQ$v@L2N%ApQE@t^VofhUU_@d1&}}$O$iv4Blz;3 zy@IHj(5=T>Hv#CF>Zkq=S5LWoCK2}Bi#mtMy=W}ShC?LAvQoH1Yx%tgK|Q+;E?|Ht z7L<$=dGqm>&AX7AjBWlb@HP(c8|saEy;k=6LnR!;)O;4qmtPt(X~;XUi16?XSRswD zi{Bfe%8d0PQJkf2&FZ8RapN}O$jr>&F^W4396$7w6e*TcbT|oGuNhBMfkUZCkwXtJ z@jDBVZ^|a73)bOp%UbSYc*#P0mb;KYG1sf_r`A?%xVlH;sF1QY-><3=sW8#IEd^i6 zGyk-CT19VmF|4o34_*lQxF|}vtepszFpnyPJ>mWLYHuhA9TD0iNzY=N)#=|JN<$Ec zEwacvRnhp&&$x4zK$J477*J07ii&nU;*%)zrS?=AR^a1F04_Lc7yKUSIgJLjnvyQ2 zkmYPM#Q{W6^4Mbk&W!F^L}L&dX*?1VAER&F#*r3*h*2x=2rB?$c-*^n35BX2r?R{cQ->_HhHZr)~Q+vZkE)1JR8OSi~^Yha6_eO z$tG0XZ=DquJ@S78#B3YjEoI{#BmGDi=$P-~Kq0Nx@13(+mvx%(It+ zYxH8OzH5bJb{sL5=ww)AmRd^Eq*8z}bH2kE2eJ{|}NR(dAKylTk?IDr1+$mNX*C z$ZUW&2{V7+A}q`vgq2 zINwnOOwm35-sV^VaHu`G)-4QBUmP(K&bLg|@Vdu`wd>hfMq19PW(Wz);o1@k0~MD~ z)bn%{Al7^MDIp)&10ZEBD?@LA?wZRO@Dqk-FzFMgB4Eu1~Y56b!R>uQZ^-`&XH z?#Fry@{*zd8bm?$dr#8WA>bKNgKV95u9m@9F-D5HI&$FR0!;;Pr8UxAt`W^60ST}V zy{+|mC9@-Jb^JLT2mDUNL<|k3i+uP+blRpvtxAZuD!Alo^tzxDYhr&vp&aLCor{Zx zVNBWX=x*h?j@$1)AO7dsF{s8=Rm=q&N$1y&B1IU<;d8RO|BSn#T=Mh-&`d?|hb2c2 zR9q>=kKRH}UGF*B$9zKatG9tA4{7Gb1|Vl*J4E6c1R#rpv;xn8kCKX2-d}zjEV|Nd z2J|Lm2zGu-9P-}vp=ye>+8{mx<*{S~30bUHue^*IQ6<^{bW!e$tQW4zuPLW{Nq{TC%+8T>2W4)>G8`qMK7}^ zH$n{&{U~Io*sJA`k{s*Aa>=xywX#l2=nKQ8Wfq7w?4cH`OF+eyn7YRkJy$f26%Uhd z&8|w&&1g^BcQGG2Q1m#i_;qv}M-znz8QMig|K+S+gpLIyv(*VG)&wyW6o^hJt-}du zM^Sh;P%1U{KH_eM@6b@8Dz%~dpN5}tA6Pd{FTj}D?Be>od%FR4onV{Mdl-R>+T!Gp z8YU+De7jx2$ZA<@DInVNz&!{wI(23+23K>gY(z&RGpR8Z!drlW7ey+y#Fpz?qfY_h zT+SS{MC3hluWx}&_Z1zK*W)@vcHrjzJB5rB_iiKee9gHScDGByaV<{Y5O_O*7Ukwxm`>$Z zGk}BsdHTfP5>{~;r8=9N0vDSM{N%q?7M;uM z8r$Un0ZYotSi$s9-+TBt<`m_J$kyWZMJ}z_l+~gjGvQ^rHI=DrCsQ)j!=tx}2lSdz z{xHh-qOTwI=bs+(ACe!EKpkYI5B`83d5D}47k7*Dw9q6Qc58P-h^c<#L#@^PK4l1R z=VCbepDkV^y_59NO}@8#kaB0svtsY|IcSbiR($?9%lrMr(9Z8yUi4uR2UZ>r53a59 zdv#dV>?P$A?Q|REQfw3!gB>6uwH(IlZJRzlA^uML4psEsc`%z(IS(wk1UVvGZvStr zGu`&8Y&X{gMchAdICjY~M(0iw%293ZrA^hB00-mP{-e^dvoy{noI1SEKBx(h1M_w! zqw-4$qd9PNk~F9Csq#nWYGiIQ++Cyr-0c*sX>*asri|O`yygKxdl|C=VCY?SY8deEO4uK1};>73IT%nTKUv~PEHWUtjOLe{p*Qw)B@+t628 z$*7F95ngMZb`#^#QpQ z&JdQbt%r=S+?+!e+G*cF5}9z>p5r@QoQKbCEQNT$ppE#?ja4J0*= zifKpRUQn^X=A=lA3x{UL!u!!NMQrl$@8ZLQqTBg|H_xl7Ub+w08O^D-*6?-=d6j8& zN|4#rtP=KBa{Q_l6V|(CV&$bM=mN%4R2w#5s+@+nVy^61l>owmryLx~v~4MrwjqA5 z>2~8|wH;j(Dn*&6_JGizFudFN@O!hoSRZID3nHLXG&Mu><@Du?oyF6|wXksr%++Q} z;wsC>kDU<4-ddQo@B2K9Gb7(wU#@iUX$W40Om}eWL2}K4GlLVzG)IICS@BQnr)}^^ zclFyzrHSLJ-f4c=i2#GAnjT@|jP|J#HsR=qoZyqkia=_0tW2$p>=Os(Y%jzTo<75mm}`k*c| zsx(i&%|vo%+8Mc1y!h#6>&;rLa&qz04SB=W-3GPj1{R2tJ4`rgOmA2Y9oo~bgt<@i zYk?9#w7n-yJAF_Lt3NZ<2RhR>Ge72FXs&L1z?60I1p!+w+AGk4Ag8q`$%Cb@g&900 zx4d{oE`yA#K+UyLl-b4kJYyCP0CGhqt5Ikc9Y8K|i>h9cBlb~$eRM{SKF*c-U#{nn zUU=mR9)P5{a+Tl<+X-Y2-!0_!`#0ae0%Ix_2xbRvGQy-3(wp3Y7+?`e#Hx^D#RIGu z46Cjfo+t-90AjlA!|mP%Se$!pBdd5@Uti4~F~^zp6MI&9_mJsbTZ&O3VSj!noPHzc zDZ4*cDSdecpK-i`x>hHu$kEFqpUEX#*J$Lb=jKBC0>N4T;)t9G2_>6tc*f{Gb3AXD zMGX$APCE(SVw{X5%F#$7OvLT}xv?@iGPdCnSb0Jwju#iF*#}!{)i9pd_kP9zfC4%@ z?+6UYqbJp1B+4`;e)+z76E8c&?vtxGp5U*-$EP*z&v8jOxmeMEh@4!0dt*O$`iX?G zXW~95t6dL|=s!xy%mNv;;$FC?H&R&p zuMqS;rol)#K@Ujof1>x4XLQChuGeOrJDt|}z7$k>?@2g#Io|TNkP}nJIe2SMr`1Xf zsd`|4hs$+snYM{ZH&^NYVbHxq_Ad)g>2yBu!-uQAmJKuK;+GBcbmOuCKiI5u5a#S+O{azwVYDCC~S*EevE*gGy&pvxBtE0gJy=5wKXwR>hIOzuII1`S3!Mt0=4 z`)5!k(e_7N^>>{`2`iTKxcGzDtXO_`Q+L^zd*r*DhB*Tr3Dr~R$T?Od<8#&#HXH>8 z7CF~K#)E)?DiY*O-r08%0G5a>V~O*$K|@^OO=h?~##W9>-X#x20iJ)jym<5Oa=J=? zyA%%-EheR66Rx{fjR;&}B+@MgjaPJd+qZ>=*|2H$iu|C^4+yRUca9*0J|mJ^Zf@$h z(X$NYs3l`(;byOsee!Wu&!7p9t2m!#unf_`U5jFuoNoNv4r~Oc6IuX#2tc%RAt6I^ zy?2>TplOf+Wok9~6N;rz$3ulauudA6ZlQc&bHo&H&@$0dFA-4%io`a(QA!r1{3K$D z#qh`Q#<$ayS!w9OZVPd5OfB|s{vhNX&li&iu9p*gqHqrRa?UYrj&*uoq^UiuC>5KR z86N4XX^=?p3^pcbq~z&;^l{w|QmZ{!Xfxz@)T`1>Gf7jSFiW{@CgZI@_Wny=y6x^6M}h_K-`Qt+3;&2st^Gi+F-X&!#J~dpAHyQb|`#Gg(C>CL+%* zC&2dw%WpJI?mGRO<4V?f9dacbe&*qh>QmppHt*d!JT>FFRmz`K6FmMo2BJ6K(bk+x z_1(04dSm(Wx9tWRP(C(!m<`Lvite%8So31op+zo&}#W!DnJtc2!-h0ke2#+cpWC&t5fWN>kXo%W2n%2VpR(!E^ zDW;5AGoENfl;Z>x&>)9*^d9uIOLv$RIeRhu24^AyeRCsGT(aJW`wiT4?aj;jB{q^0pF;6Fe`=>-!q?GJjC^yj~q{@ z$2bv$BuZ0hN42?s$msNUvoG{P!|~tGu1y9Okq%7IN$nab10WX=H2TJ zBQKf(w3~H0NCnwEXT7i)#(Kc(kB9bkP z1tc*6LJ+gIHzwp@NSQ92%iJ1Z;-05&Aq1y-71Ui&6#%5EQX=87EeYg_<{T`Sbz&pu zbPXM60=Q^enckuWl#7&Im$Qtk<;`Hf%ln3x@eFh8JfhVXqZknW-m@_20$5E{dFsz_ z)CoWiXUy`onV*7sSol72EvD>;yr|tzXqKtX=qsnV(2j7Be(XVRI@i^nZzSn!ZJ5HO z%Wwh-q}K2dP)52Jg6I~AJ%a(#)t#fmsq;Fd!)dT<_QsR3(IA$s9yQ~XpHq@OKHR zPuJ-TYa`G_k@7}Lgy?U!kA2iJn|R6%(*nm*)fa&|;wA?yMh9{pL0LU^RYR)+fEaR% zpuaM3d=?^og;XCj&jso_b!ORj&a8Qzr|=I|(1gLr_KGmV88R&GX|;04Jl#TBVcVvX zC0kMW=Xa*f5R=OlG0UT77^KDIN)a(XtD&Ng?q43orK22}U2^WKu|wmoYpxs9g<4oz zNl$9z{kkwwP#TZWkoc6Bld8#){+_5jmZR(PSK+!0)R&vPwxOXrGxRMupXQ9Y)qYwL zh?qWg-b^9u=MKly>G84iaoPb;>iOgkgyo4yvGYv%QfXLRs@+almzDcgcyva_!Ol3~j`AV6>dgB9;4aJW$vu@FsTRX);4+f( zd#+;BYDXpc!)sWozxq1^GAy_3djskR)Ix4dI&J_z7B^Pwmq$^beYV*K@!BirAYM*D zyNvNl)mBsv&c1krK|I8Sa1}b71rd8<^mOMzy#;|U@ePkek6zlR>i`_hR)vsMu1RXQ zuIq+amLQmA@1Sj{b;{*F0MZppdAW*r0{j%_S9V7xScqp9qRAbad|nW^zK22lM;jSF zz*L0843RP;CHF9v9e5FP>-n|EofQG5kmMaKevd9#5*~|#$wG$CK8(Y-mNXj(64?1IA5vhUDH-HQ^3EFDLew<36MpZchNNQJ$f4u zFqe>a5fTsu&r~0JaGX^TO~i9}slJ0SzuY)^2fH^B^o0laocs(_zE!S+2J`uCl%Ad7eZm=I>tDHS%|S zCK-9XqR5nWvvK{mxSb z9_$}GfMWgWr}qQmaGUz&LC7q9;3|>)=V|d;(KubL~ z4rZQ-Q>0~@F*B`Xndj}oj9Qzi zrfMKj(Iyw3Vj59ZK#j6ungYGpu6KxSOd+2d!j|r#ReXUcaf46aV@3kq6Dk&7`tyy3Os+T0L|!%-{M z5MnGfPat2tWazV*k~f#vA1+^C++MzUMO;ZdG@Pd7R#Z-&Fol!L)91c*W>pl;tD`B7 zc_hhI&UJ-lK|0Dz=cxnl)gvW?PUZsB2Zl}&1&RooxM#&ad3pS3#5 zMqRv>FRCGuoER;CJUw;`cD4oK^MyJ9pN0hZVSi2u`QD`!Iy0+rGa3*I2(e}xqrzb~ z%USqQ8!(HxS)pP3s}T3eXbFF)YWc&5xBFKBM{o4!UyId>YqF$j=|f+tLsLI{_N!OF z7O4ccvnIh%#7HjE<3GE{Hw=1zJBE?855>_&vF7V~81^rgr^u%?fL7bR@;+eGaOL3Q z4$V!OraV)DT&jGo`!)Eth#j5KiIL>~cIyy!QU`Q3jjmee?Lok&KBLAR*f7~@G46OA zyB+AoDmo5wVq^C4Sc~QH1hucR;%7>`In$0t>s3KUOGGE7gCq_x5NiskkZi&}as?J6 zAgzTAR?1KxIVXa1Ip9-}1+C^xsB8!ClEDmJS++*vEr`3r?Im46MTE3&%tG>ep0R}~ zZprgS5bI}CUL%B&ZPm*R4W&ak4UEJ0-`|p)VR6kIc0&wa^FaWGPbL%COP~DB*jj0J zN`7MYJH}u%Gc3{MVJToIS1McAO0q7&WS+XG&drm?$ibzc_B_OpDpH+N>}8kjpuL>4 zt!ZRtQO-c!0a+ZGOJ$YE@yWJ!yQQZL_dm56&b zz)*MeC)W8$xDyYSLtg*o;(CM6dGCWqSKAw=23hsZb+x5DN=-)x@j)EKFw&o!Qy8*> zQZ0I8d+IyOQfaZWL+{EJ0Y_o5K-Eg!V9evNZY7F)j-Cy0(izFwgDso;XZ~nmVW#hC z_NP~W3>?UR@?HiXqV8#KfKzt=Z7w1F@9}fgx>m3a|FfhSw*CDf{1A27MOVr7m6PXt zzYi=GgEax4(30lL2)Vu^IJR#5V{)RCB7z&^fUr%hn3d^U57+Ff!-4(iFy`X7;I#^0 z!^`9?R~qq3SQ^m&Bf!tB$Jao%Rs2lTRK7yJ?gGputjeNFsNqgjPV~Cq37Gn~udm@r zMgH&&#@YVO1CXe1-rxNE z_Tt;ix0d}Ejy*#PnjJ72@gu)&4EJ_T9_s;rzmbb8C+{N@aRqMgeeKA!_!3)x; zR-;szQf^IqR-<4q@6g1yV^;_W$RWXf*R@wR&Q|SjJ0*8}!jXLghgd}N&MZ;$iWW8_Pe@t1$MoEV1^3Y&( z=k~5II=)ntt&PB}GE31+YiULpXj*YlR~h9XMy*Pe z)LZy42EhoSH`aR0N%kwwNw(AQd8|BT)irG7;}w;=tfdLNWHGC*!Q_%8njW~Nz9Ug^ z6j5+>4WkUMuHjsxB$`IJy1tBDXq!?SG$G=-Hu37ulomeQ%aK`K0~o%;7rIa8t1ITn z7_Tqz;5Zam^yrAmx7H%H$H=_4*^a)QZ2jq|aTSphrKQ2m7HCl3bG1RY^J#1)yXecN zu~RLcLxzp&+QsaN&$`jl=I4-qV?Pm)9ddHC2;=Fqb5z$(W+WM&v7@EwkDI$=?`94) z5XivH9-9>$U;&WPoFC2k;QAHk2iX+$z-c}_XGojWKlkh*)wS!2xI;#fHeo(`ZjtKR zc@Z3xZ=|{gWFD!mU2>3Yzr8~vKUrRq>Ux%p=}p%Ga+Orqu&gE3b?E#h)%B!iRCIQe z&H4?pqK5l`o{L{+K;d{Adysv-r5t^xTlxbXE7{PFU-_BRjU|p950u6OrIu^lfsQ*+ zcZ~;1IUfYoJu8Nzdyr$6$~Q);x}@Uep15Uj_TJ?vw_B@BiemWaGNJx@z_ zTyB=(`o%iXSW41T`XoH}G~+4PYkw+Z8R;pGJ>O}n5*ndJAq7pAOa(PYJH*1%J){w{ zEr2Nk@0fKmTN5d?JKJmd;B8PCypD^VmTNcw6k!oqD?ShZP();@i#-0r3sNwd*bxWj z7e{Wn%&gl+y|lml)z@SxN~xwHtotS0Lkr&-ZJK0^DotL#AS<4iMyW@2UtsQh^YwsX z6>sRon>gF2R(A9h$OdOE9Xme| ze($Zw-%BxD>$o75|B27mqf^|?m@T8$)UX?I*0yt5BniW0G;f03 zm;y`g?XE+Igmi{{IO!gM^0K#KeO8cU3$FAaj$nMDK428j7swB}Dl^TCtZJoy!D{}{ zO+y3U1jQI9WR(Dy)`>5RC`|O$H9r;l>m|QWm@@{XFxSEZQo2?JQ*&RbojYGNhfzFVu-gQIH;)0}(KYaV9KL0<^R4DRoCXzeyhJk_i zn55NmmL7(Jaij`72vwk*rO%Eia77nGxLVDQ2?jB|=ool*9Fo6Xiie37lTxt>?>vr- zYRes4!&z%|YyOHa)Qov8z@Y;7%}V&;+c!o{PeXg@oay8|Va4*?e)8FfU?p;{g&aUD ze?bzFWi}K}%*kt3EPXLg(XOW@tSf|wC;bYByLr!!_Fy2$*)Uez$L#uNnhWPqMDYmO zKWjNZLu_1~!q1(6*HpvR9L>#?r9|8_DS65i@wy@0Y4PkSq%^V#c3y{M6C7ml2MWc! zx2;fUy5jjWQ7I98fyM@C{nafZyPDZ5p&7gSKFZX-!Ds8%w!0b7r}WT>{M8Ryl8dz6 zQ~BkP;{;<5c|`VIh89$_2Ra~Km8v}1GhsxE4Puq>m5+B{=lm_J-1D~fjL$X z1%(Uw8F?!fJa@B6*yEZxT*F z&0BDgmbtU?z@2E-j)yPfB-(%6qdpi!UUQYFrfN*pZ~(R>%b2x zq`8*|w`vQ(=5PBdEL*+nAzQB7K)c@9=9vNrRZ1kha%gMJ>FU&P3hHU|j2 zeF*R?4)pb9pxL8`avWN$AFm#PB|8{AEDlvY97{cfnP-TjV;HS`xZAfzW0l0j9(@1|VQ zd}3w=cqeNI4;z|qN*po|1!T6p0En$8zoJ0`mc#j;pu8R0iObf;Y)QlxPRv%`x7kgM zVC}2z!ys?5hMa6^ZH25`zi9qKDs=pIxJnpVo4VL=iWws-ZZ>Jw=M`25&w7j%%_JJ1 z(jFe{end-OOvXN^CoxZ>eG_c}H`)z+KVF&GonMPEE(auIuVekAW*Zo?0qWwz}>TV7I{>T*M0)Xk-LX7);k z5qC3)m`v?!Zt1(onA9s6B$6aqsWg*l6holPl)M*aCzxbq3Z6%ny9h=AtV*$}2V|b1 zIpBY|mSSZ#zojDIgBlSM>`#m=ZM5AMTrbPnG!d)7j61jIrFwln%f#$_MNLhOQKu!J zm0C!3p0azEoh!bWP?;>bW{EB(JEsMoBqF~zgH7aWx=Md*)X#+G=>&yQx7gZsF}6Gxfb9|L6byrdr2nVs_{( zh3y1>)NHF?kt3w=E3#73%>HTgBL^Mviu~t){RTh9QoA9?oBuNSk~B}2OinDAl;?{{ zBGdCkrjr%T`J5>Ye-tA1K?`fT%7%R7#fuj&zWMrV`2UL+FE;-F-(S9b`TKu)`Spu$ zzWMJjzW%p=d+{$XzWVB`mtX%2c`>{>!>>|lD*xrh-rw46+-GwA)|(-cK1|URDHW6U zKp3o&!rL?xVQremd-pG$>2_M6{KCX?R;B;dyA zVjnfjF$~$^v|s)P=gjL;X|eiXr`j7f=Q&K5->jIXDb*BaT*Y>d^DXgNASVl!PmKXK zD|wbO35B~)o2E@)nptS}?_A`!e8rTetKt>O%Pjki_3n|d6^-rujZrA(+Zbz3njgaA zTpg)q3xHwZ-xJax*+6?-i}W3q3O6&Z^j|lAc*~WpshFVNsI_>$C^IUor;3x7uQ!m{{E(Rdn;X~tE4?3Qh|&t6i+c=elV+F zwP-clv285!8&O)^Mm19!R#KVM44u$t9)e)$W6C@z0sYi%`w2HWs!ha>8wbB~9XG6=TN_ds zejQRaqp%j@j3@72n9g@{sU`8%YLA<^B$2ro{|p+f7iXb5rYrln6T z-*Do`u`>*>MQUw$^8>hI!OSEnSBbc1a&64bYP&m)+*AHd%-)*4LZ96W(_+Rlcfg|s zkxWa@tO5HsF+-29>F>5ZQlrbndvHOs<^B6UUP@LIV3nTn~e=sCK1Pd zuoDan+s^vGwHacnBL(GE+ir4ebGKH_dj0%DMu|!!Eg0;1y;202a&R((^IhJXUJsmDD=f6BC;EK& zGpcxUQMS8E>x;v;?s1foSx_qtF2XQT21h(t{zmv{qpq&3C4V^TUHs<`Kn|~;|JHqS zA82num3j~|K5XK43xwk6$*koQqEXB?-eQ|vSUr9YZKJw44sdE6feLKI1lGYdmF@&B zNa~Pep1SAmSZ5d-8G^bR&)d7@6U&R-2M>l>ZtSo6L;PY&0mT=O{VKBJBeuh1hnuZD@XDn3~ zBjA(;bqFKOwWk~s)vFJhrXRikb?gF6+@Iv9tX00 zV8nJmR-s)1^v>+1$b|$CLmUM9FV*uTSqh=-ZXP#2$I6{-iX4cXAa++-KnyxW@PW4B z+%FKQvG*qrsCD&@b7NPh(}8A?Ocmgc08-rQogk75H;5^)eed27@L%4y55A3vYkZhc z=T5O(%^<+qR%_R-J{I_aK?m`C5hvPr;aiwm7_>DliVPy16cWXd8JnZ_STNOPs`W&E zZE{8h-*q5L%ezS=dypLbGFFkHhfFbjX2Aufk{l6et<@w~m2cpeKcbL+miXPDaXYO3 z^vgt5oMpjas%@8JciYvib98lY?7BDh;LTNP*Nt&@Faj(FMBrUu`?YXb3^D_VnaGJ` z3-%FRT$>D3$C4EpO*)waqbZZpj96j97YlL(I_oArlAY7eR8@3{QV!bq~O=|^s~@I8!QaRC)0mDJxK4^ zo?fwT3f^rfk$cNlwB8hIN0%+#RM}&J9AUiNmIpRfO^vMBN0QJ&my+QrBf5P(T%s^fpK?HvUJ8r9YNwGMTW-Q+K~x7Xx{ z4{xzaOtalN@VcUv>jt;^rX#RLyA*~)$N5N<910=hd=KINwGb)1h=)i1lmxc5c%=QV z)FsfgvyVwuDt^zxEz7l#t%3UeHJ0Mz`Ue?jfncP4BP0W67<&oasTCbbw zZMMX?2^u#+o7cDr8aF}XCTQFQjhmox6ZAxzAOPOR1w@0zkI#oB6W-R_)ec3Y?Ut{Y zDC10j`z)bz&1BG%*8D@`cy~8>wI^uZ9OmoqTM0WRQ48KAri<%V;2Ty*X4F9nnViV+ zvDxz+9}_dx8BJShu0BqxGrS4U^+d=Cem4lq*^)x0(B6#elD9W?E6@!Qh#0Moe*+lu zJ_oZ29S{{Q%f#bLTqRy#kc7z^TMC>8+2iSs!ec=uD2;ctGkxAxZC|^$!V0^bvjb~7 zq_!kJ8GIYz9WHP&sU-(6-o+<>{=!bTcaqhRw9mb#-qldtEAMkG5{3*&A{vv(Jd*dV zk7CzdO}LlOYl=P^dX0=z`ZJl*hsfjp%;$5|V`k~!(}1w?Q(!~@oyurJj3&gWZ$=ZM z{TfY(&TE{~pTm?MO$fYru2@n^c5}yzADQIy0gSXZ3y_7&8WRE|jv3CI-Z+;y`Q5Q~ zHT>8T-sZOkczi_#Tztj zeOy;hdaOmkjw{CsmlcE9)^SeyT2sfLDsDc>5uHDov*s9R$ z#xkr3gse%Rqc~d>5}?B`$Q6aajh3@)+8tek641qECN^DyL+oc(F+lm%uB>o?x!eB7`U&!62rsM+H(=t~3 z%|`l$#h4PfB1Yc#G-H&W>!a=y0OjJtEbUf~3L6yDbkHptJ52eRAE)Xn|)DOn%;-D923v8OtaituA}A3}Xm z$4?Q`=s$9L#KWfkW2SC*QoA#$$5YhJ(D*628OM1x&a*FNo^|{f!Jzm_xf5ZJu?K5n z_cU&u!cQ@Mdj@NyTKt@+Y>x!Gr|Kh3)9xwSK0TYKX2;BHr`hWv*mGNHD((DeiLr&> z4GZ77rEtlux@|HA2?gP z!017>0GffmN*tS7;FBSC)kqBT#o}l(|6Ga(%VaWRAwGj#qIb-d;^c0#t(zxj8BOkH z;v-=nAv>*X%oQ2%Nw^n&b}!U&Mp}2=biK;9XH$nja2WKd_1a$2p>pumCJEJ)x*cdW zDjz&C#mO?Y=Rb-he!Ff5E}xT(&9yyo9lS|vWBqB!+$w#AtA? zqtKITtKU*#TeeS@gKN}MD7!)>B3C@c#5t7$*>%qqk@TmrUHG_fo~!I^9h31tl9Q(` z#ZO~}K0&Gae@afT2>Fk^UiO}>ubTZU((D)%wHU_%Hh=}}Gvxsrh-2=FIqH{cd;CYE7~6LP-AO=V7xB2rkjAP# zVT6dgqNc%fju;u%Ie6_7Pkzuy5_b)ZiSCaqX{`D)i!j-#@%<4ejZGgTPl79Q$s61^ z@k`%fW8-@xRqEA?AjODlM{fj+yM__+hgFD>{2191xx@`HGkSxXS|33FZWsGx-Hmb+ zJnx+y8*o{>sS5n4s^&(09OnjB!a6lt_&NI*+pK4L44oQL(_-6PR<%<`nq^gnGJE3a z4+wgr&_}mnc#Uqu(QVj%jc!AGjc&uyZMY?n(QP=o4L2Sg-G)!@HUv927Q}5$@|r{L zhYxR6g%9h3;q7ik9V7|c&N2S&eENrH((kr)+Sv0Si8sIB@QNV1eI$z8IHR!F$GH!o zZRAYtXPWzB(98oR6UQ<4_++(laG-vtUAMa~LSy&Q(LM$d?PE@)N1}NgC*GctInc!0 zkJ|B>%(|Wj+8O5`jca~fcE{QO8O;81*?q1PXk zfBfqA-+VRlKR(6vtoR@6BkZ$ffvlSG3ArHcuW++Q2x)(4Vukb-N8KB8LsrH06GVpi zEFgw>EwXZz`?_!0SN8Qftj4Yqe^VmArh55`OpV;8_F4NY%KXRLy{#3j;fs#(PO>87 z2~`1$^!273w(H>Ds#W4c{pL2zV-l9*#^iKsJk<)lSg=}oDb;x65G0%qzf=XB*KQV> zSg%-k+%~dpj%=GF+vY&F&EqY)O&utp8C%kOE~L93!V0reX(ro*<9J}I-CQ82kpE>z znVDuyXr4~c>aNSJeTQ8s|BH-C{f_2zVOD?^Nb81@=z7^9KLe5->bB;z!F^EGB$R4c za2Y0HS)qI!%9~s?3RTs_bmqAfF)l?FB1cX(Ey#-AF``N{ z$N?+_9+WA0FSI3ObnqCXdl&_bkWoqOV<8lZrw~f<8PB+e1Cg0z^p2FpLei9}`l{|A zNi@CZcC#$mJ!cQ01SQKDRgB~UBFY3|IaCm;lMBN0M63#`p$V<6UkIqTt4~lqoonlm zu$628%a06n&)8%2t7f3v(DC&Egn>GKBYNQ=Iv&)N3#e#T@-4qUhL(@~-m}&Bn?VPl z@tZ{aD^mIG%^!7s_w*li{^zdqZy@?@u(q$gb{IWx$wxO8{7uvC(SFa*e~SVOE%%xT ze?11uRg{u5V=T=?6UA6Zg% zN6Kyow_#CCVirpL5K>m-52o6ns!S_w!b(LoSN7=Mx0?mTKGhNeYm-s1W=foqS*eXS zHflCm3ZrHziVw=Y=K}e0M9$1uU73k%r*lv|awSx+aYa@_=}JnD$;K38CNKQ4kPJQS zs$7{u9~fUOwK^kw%BIjsj3&#V*cAgN@+|YpF6h~isNuwWsjWx(%+HO@{%RE08DTn^ zo}Lk-{7Y?QV(K_s6RvIUAEK91lnWajo7oS$g9s#}0LGy-HBTR5A_lV@m4|4R^(JnuFeQmN+cYtMBjJy4oA@(l74C!Ls(-|TnJ*lNwrBgTf?u%s+ZTS zx&|-=b;|a6P=et#q-XGoqz7w|!|g%Y!SEVL#Y6@&g*CL|!(-8eoz*$Q$e%U#`P(SI zu${#b&mGnvjEm2PH>{zkKZ8a4w)JJ$+EPadWtYt}8!7IxZo`3lA(_#U6o}L;BH|IL z%J3SXj_}%Ha10?Y!z-4;46hg>Gxua9of%%yq-Npcajk>}>O0t@J@(pUcY@>EG_Fli ztr*v)acvscrq=6AUz?%}#$DT>4dPF@2j1KfIv%u!t)W?1TrQeh*iPC50ZH=(BQGZ} zU%VJVJNEmpqFUciI~FqvCc!?s^D&fU$0G;g<7x8#6AspgTtKcc zLUqmA!B@=tRZ$69Or-M$rbOh{r({OQbhjELa0r5Fpj<7)%6ygQ+Nm&81?J>IPS|uY zC27elO)G*lPqDUYtu$MKS5Zj#pQ*N%aA?EsS*}Y+?ZobRqJ8@SBg!@UZ}*Mo-JB~! zc+o%jTykyJr8Xs^+Y|l?efa%{$6!APSD292>9$>s24`3UcP)BMR{@7DJaa1wk%`4R zloZSzaMd~9TcXODwQ)>ez26Y+=&S0k(6}EM_XFd8VB8Ok`+<$?^V<)MzN&F;ioC|P zX4l4#$aDTr0mIk?8jejqhToZB6WMy%B(gJ&G!4*lULNyd)S`6I}?BYq> zYS1UhkXc;=&8W{IYi4x~-`e|VQ-DTIe)v#xpadU6c4BY{431-a4 z*?0}!ppo7CaQH@z4Bo7fK^rzQeA7mTZ`{ZZEsxIhSzWv2{M@YIpgtY*fDT^BciQqt zKAt;Hwc+mQ>Q%q5a~p@?C%;$wUmvTg{G-Eq zw;wH!Fd^C=mH%~zWZt*VvtY@`W~_2Mq~yfe{ijB5xzP0=bIm8!6MiQE+q@cBsNPG? ziQ#wbRiB#q!ep%u+)=uLuTYjbgiwpzZR2r*Av0JlX(rSMa|(F*1p7{^k%rA87ewxI z@Z~|ss;RNrxS1Al|Me-kgdr3b%oWH7BEjS4-+&PjpDQ}3(kBFvJq!krZERLQGyGV+ z@*{}sO9PR?kEm4+jwT~NEg6h;$v{-AGSj@M4o?(*DnpZfZk?j_*<-#&ljY_>g!169 zMS&i(jz^kh78~a5d-SgI!#T~~coI&#r2`FmVibL5y2hyNjuirThWE@l6BqoR<<&BA zqE1iU?)ad~*P|>ye++c;pJEmuXpmomD)Chd&;h)IgWPFP;!1l`Fy1F~pY0Bac*btC zr$j_NqO0ubff3KzJ@(YVh|wjsb&Yt1j_a|pbn))4-CbP+`)hP@4O(mmjF9L@YVU6yqPw&2p9076OlQ@^vLEIt{V6I&A-2q+Uh-yQ1(R;yDQj}VIO2HA? z<&a%90gmvlD0o+!%tnmYi1F%b^oa2qFb6MMzq&6aBhuguhEh9>qUEYrI^f&PR|$H4Qbf* zl9Xx6Gh+=bsD%Bwdw*zFNqBEXbGl%%Wn$Jh3BmK1c?$jwRm&)h(`3%2&GGG(NpqKX zYJ`YSr-2{93`Q<;Oo42dqv}bNdo3q&P$IdyR*0X8ta#j>q{^`x?b)!;yEzs%n_OI9 z;miyqUMf`HikXcU)Eu(?CNwwN>gfLEkx@=Z_g@`#&AO-=H)B*Xc`NQ%{vFRcQvlZ5 z^lkk;Og~JmqiW7GX8l}RnC2KAmlIm*CCfEWENo2FM6q{M+LQJ+)Zb<9-5O0ihu=Us zAEZi9(x7_58%>qlyFLZg%WKKz{9|;5@Nu71_Aj@$*HDa~Qj(FPR7*%fy?+IT>^wlA z`TF~L&)N{_v7f{)Np*1ushel9v4J6zcS=OwC5VrcDjW2K=XxUK1S|21Xj!(W4^hdI z4H)7#@OW(o&bjnzveQo!B^u3FOq8AdRkytGdE9suOinbF3#RL$w1r}Q&A>Wjg)@c8 z_T#Jk_J-gqPL5_G)Rvh<XrnOe_b52cv0J(LiukVpv zQ$qV{xDL!|-`1G6Ece^j5Z76(<7|*0OhGdL!87~@Ui*xvx8D;(JN#q^8+S^`JKOuz zY{hx%p1Wh~Q5}5g>cEceUz;w7el($dyGgQTS({CTJ-l}YjP;uZdt<9jFd}RRJrX^1 z%=ZsqiX|CmxyII*ZSiP~wOykzHfrAn*^S0n{Thw2(HI-m!Dx&PF~*qGdzoWfMogDo z_E-iP&lO8b$!_j=@gtLbKJ3`{4OeuQxoSaM_?$yx9MBlF&x1z>jgULGK7_~-A@PYM ze#h1~QL9bQO4HPyM>K;YSDL3^Wd>==*wy6=U0DXnYRHQ6B&*4gl_Wl7r+)>BUJ?|O z_e{Qz7-Kbg{h;8OkKBX)MScyTv>6MJq=h0{)F;3R%%#pB;l#D|i9*P>Z%1Z+YlfG! zSA0^3acuqGi95-}!}s@0X0#}HzW6p1$z6li+(2S9y+l}UmP}>3Tl0iwKmtP%k^y*c zcOP;62v_BKuu569D_2Bmo@Io6ESTggmTQ{TpCn3D6g&{i#dAO=l|>>}NN$rcsu~XE zyJj0LIF9wUgTJ~QuCH!_r%{*=eYZwCJ zY%EuVDpjs|CO<_%B1?oP5&X(r)25b2b1l|bCY#r2h)y~@-;tSEFrh6sGKnX`bj zW98gv&dxCpAl`#$aRO0 zg{(BoMtB8uko_2*C)cXqt~ukZpkDjuDJ`E!HQ#UTd~tS8q-5f3n@6^4;_R82q^eyu zOvGAWDki(f$^qx7``9=~;Tq>?+cnP7=m!G4X^c5gvsTP31RDzsF>hvdRHL=$qF}GJ zs?<=fv&X8JF)kx2^A~|Zr-7|`;U+!Cz9k}8TmjA&z|(%4CM3DKCUb$PeKK2PXeSO} z*y@nHT+LdblRee%0ocVr>tY4juV=fUbdLz4i(3F9&uSm>ls4X_7UfXe_e^$x!za!) z_Qfqm1Em!26nmQU)_9*-oJXwR9~S8ii#bt!th3aon1qk$(;g@7^PRN&`>~(tjE#7x z4}SKfz_W<%?*^MaD$Hy&S4MN?3)6g~xiXq7jn_D7pYNpoRhuil0Ies6W>w?{bV+wxrfxa zPaw01dEST@be!cGu~W8DQ3EgU7VxE^Te{U?%JLTd*FB0mq;8sjwW5oLL04Bx-%`a0 zH&50MOTzZ1tjNTA1^Vg@Dl_=m zqJ=vDqyP8BRP9gO1EiJPsBV*vda?UU^BYyYGJrSaTI2u{j8m0(aHCaOyD$OrhD^)4G?fpjBN#uk5uH0+;iH>y$ORVDWwEc z+kXjHa4Oj=@=GzfTkNuJ8(p?-+qP}nHoI)w zwr$(hWuE$b#g4Ng&OR48=9tKMbn< zBD1l2W`v?&TKJ7b2%zX>a53#J!fn1#dI9CsyWnVfK9&iPij9b-Ml=$$#lf&@wbmm^ zqk=q%QQHXRfX-#Fkcr3<3W-`~Ikjia^Jdv_SX_fC?NDJ5S1%ABWyL(jK5)qLKJ}A( z3tXZG7sZbaGX_Nt2%-WmUIb_)_d*)U{SGuM0PKS?vce9g!zdPV!a6;khV9_T5H0Gk zG-x^mL)^0J93;F7WBQqf(W5~W_Z^9Nzj;1BzV^3{D55x@>hj#j6%@)TSNxMBUg7_x z4VOPuu&0eSF9sc_yz4NK{K#K&f=Mm+U1_;~OI+~*(g{r>&)B;ZulCmJSY%ti&7A=i zBWko3LMIjeVZ!^~x|s$ytr@)uKr1<%=fPq^XMe-kWvV#NQBUcZq`sodpt782jdOR{ z(mJJZzuJg2dNZ$-t}bg=JSn9jqgZl6gzk4_k|zsStNIzTl;S}CL_MAKG=YR6o#*bq z2FWZY{QN=TYzszU=;uAxA+EO%M&C;E=G6`UH}sI!(&I!c#%wHepVaN{`Mm9^?&VGd|=Jv_mGc-R$d}aM^Z~&uYingDQw(o}atCp587bdrEWGQJV3e4pJh0y!REGt8=={78o~VPOI>QD-pnZ72)h}@AU*G?OawYng6iV^!*co ze5_k88lKn}K@ub0A)JGiwaynUxtF_xao3-Yt9r=qP^AuAK~?x0=`SNAZN<>pmoZtm zi!)4?nWJhn4klPr3(dfs0#2rN5n^j=H{mmRw5Zu=T>5dQ*XZl&~& zHf8h`@$nNo^WO96=skODI`_1(#>+-4_ADor*HFEQ(yoJ%$!e}t@KoJe4L9BN`rGivJ8fe$+Iy}hz(Ik;{I~epHnDSzt&W0* z`gWOR|zW2R$^p>6jqS?Ctr!U!4>1i)LU?~J!F^u z{CX4>9waV^dlOG`_A!Qj&{*|~XyY5D6){EqjduefbLbvW%dSE`nV>y>$z%rkaps8FqJY5C7 zv>H_GRlxLr#C&rY^e?-BW;uclK#|N#A>mLGg}wV_&mZ}@%fFx6ZRQt3x*n~sX(VH?90&4aG)P7A73x8xMs1GNRV)PgvI{Ov;A-GzXGgSYZk$&~#Tx$+w z)lE@%pN;5xhX&VFNKzMpG-DyS0ll10yo{-S2s%)xhDbrQFh$B_&jTEG| zR()8Z|8G{2itn^a&@?`Qp*E{5^1zYP;~tt)A%>!ni2E_q-TL2@vcuQ zabi>-X2j}@>yijVehHC9ofd;c3eqd;;Jx%n(YThldPd+J50Hsq-4#yP;`VxaFGvo7{BZdN$<*O`;7X>?PaNaY%>mYuM&|J2lF^||Ia`hgo#`p8Il#>J z7wb@N!>N~UeP$-8r%4D3QQt#JAhiW{Jx=tu&eWkYZyQbPN->XQoN1nw@Go_yF3&w% zn_6F^lk3fO-0rfdT4ZS%;>kCT-&QkG&6bS{SVCV1dqkHoeWUH3gX)E2uSY>2f+;Ra ziX2lafU(u-1T$8uGnd=7j-OZs6!?$y874PlI|Z%}Xy`>O3}jHOgB-JSRdXO0FYRK8 zp3i|*yX%+fbF435rl|d#joeBH{2TOO@F{jAp~+eGS0-663oQ)NJrcAqu5zpvO0BLL zJS)6i+=1D<@mpX}+1y)Z@5o~2%vdXUS3LJROUZAe>eMA$p1yB(j%XXF1{nThu1B0! zn8qVTW>n=@yxBN=pIf_K*}E`qMn{N>Dzg-m(`sZ!Moqq4nFtShYOD*ihScP>d~T}#T!(ftn)=WdmH7>-RR8QL|$?ZpR|_h)-zno zT_Hm;8jz3AF7~P$f25%BtEMf|*xWW6pm9pSSf^G`ZJ3_fl+i8Q8;vdP{V( zjouL7+ZPOj4OT?1Cq-IJw)%c)T5&3}Bt}$Wxe^*mYxLvh1MQ}K6%$$h!g$y_XHb9P zEYj1!3&bd)mJ0+OkSkjqo%TDTYnKNludgu$>MO%3tWa{bc%^6OfoZ6yIyWbr|Aq-8mEG1A zs(;3amCSK{F=H-uZYt)X=kzcDBgXx>j2lwmjS-zgJ;FzZ>CBAyNC)rC4C_n}eYHZq zn7*i8t(9G^`B|;eRjs}gb$24aQeh*KJ7aWv*2v0|CS18Js@Y}_e$WwIy9&( z4QA8KRuZ=TuW|V5*x_4Mnr7~$%54zovhE%GH%g`gp8d3MH`2mw*4X^zRqdb!YrNF~ z`+`u4<@ylRN~JvAC*_Za;QXfj&3ejM=Zrx4P0FICre;Um*TeIEU~L0}yLiSvh%f#q~P<6M}^I(xJ41 z@kG+}*dB0Go||Ao#6|h4jlV?CPm7K)txgMxNuRtB3889HDt5FHB+)$IO$KE~#om-@ zfDpMAw&IbX%g5J6db_K~pZF>+L60Bi3w9xcVWYo@J1Y*Ut{>0-+YTnV1btE1X@7!@ z$?eGt=-bo8^v3}SRlI35Fz1IDC)*H~VRJ2;v`5ayNqgnA?*Zt4N+&?I0!7!C zRn?L?mL2;yHXJIgFg!Dvj_BL};iInCYX-Z~6GHx@(>St`0iw z-TEeOymu>&a5cY0n;A!29K1ao+f=Ofk00tu@?A?_oyQ#15>q#v2S3?$1tAM&TZin?TID62+G8g{T1sgCOc@6@;P*UaZnDFt@{*)OBwwF&N2ux9N=Yjl6 z>h(iJmjeQp(Bp%ECie#DIY`}APHR_NKQr=uteTM z7TAB^{O^I=sob=xML5vAc8ou=#yUwM@fC6q49E;w)w2~14GJH?^PiJ1ol0u)c#KHV zNZ5mHQQVYc-{_1CsAZc&-pM=P^#uUe_$6;*Ww;FIR8`6^;O>#?v0+T6YKJ)xwFSoH>FGu9OHRsZzt0Ls%9ST-P zu!Hf5exvB#M@_Az%b5MLT-RpiT$>N92`muQCbAF(p>z-cO;@B9vpJK08J3e2=9`KQ zp!BqNfWelspfo=2OkFEK-(hbG{vcl6BHPF$ZHSr(hE#Y4<8*ZEMgZvq| zB@(D?WXh1eU@B<^?N8W&zqHx=G(sJPgYP2rrErxYE8=bjE`%3+rtcG(jLognWOp~% zAGc~Ke@YX*e7(PXm&v;++cRFCPhm(0Y3+ZPYqLL$+Gg0`G+e)RZMzfcB>#yiu71OB zlUfVX`XkowVK7&NfF4IFa!J&0H~MYS6izawRmIS2vuGD}$CEQBb+Z|@RTzhog{IPX z#`SkLpioNeppoRA#ZR9y9ey#5u!LVap%uDY2i*SZ#2LdwM3S#8-3C=48P?cSHLBPT zin3Ha?~0-1Ev4usnA0|^x>%b<_qiO4^BSX|SP6Otqp_5MzhuqjlJP92rQpmnzN)&A z$rfm{n6b_mQW@lclLK2+FGOmD&R#DWed=#J;dKtWaPq#;cd5}DH+z%z5#Ee0@bA>o z5h?U0pqF)%O98e4-c@H^P4f!0BmqW70yHOKv*IGvU#n5Z6wq|{mQK@i#kZ&sd7^u)=P{c-Zr zJXt-YGh_MQD+tshQ4XcYVJQ2{jScBHKp`NVe1!r}xCjLFf^ArdOD~=Mr=7xjoG-^} zB_qcldFkg(th`)$w!@-vN3m~G@emFsW)d*Yp3MS=KAwj=H`7a(G-yZM9F}hspDU)b zNyI*gd_o$?7&Qr7q9U7rG0#?zX5P6WH3zpb^Uv8yA|jNIv3@s%QdbPcN{_O(rfJuZ z$?-O)mVcsBPCMX`hmx2vau{Po@M=+XwJE$i^iZ^Q&6^*j)foNaLBjlH-SJXs7y|Yl zh0)lwp2mOkk!47$S$H{|R;5-Qi*a~-g5_93HH(8**0}(OAkC|<*dvS7u?2(Xh!aVc zVcdkpm*{mL(gB~?N`cm&uVZ2A{5fni!L{&=x=lT4L7edKs1p0KS9L57Skx7GEI1kl+T0^l0CTnmz;E$> za=$Rz_6hZ9meBA!tt{jBKvdg=du=cwD=2pTELw7+5KyLR4ClPhaJ!nJ#~d&-$Ljne zqaG5xf~_^t9EpKzxy=SD@M&jkXBJ4{wNWEZ!k_U#3e)PN<(U&OISe!tZF7Uu zQYIuxDwi?wQ3J-`FJRB?f{5cuzfWj!fT0XJavzb>-)YEt*hEZGj)D$6y7->(5)2f_ zgF8z3%e;1tN{2D!S#k-pMu00ilwul`VGi_B#T9idD%#CJcs3bJFDv#)x7=BuiY8{Y zjO+&qsVPk)G1l^em)r0itb^Aub)JHkI$-6{{~foh<^P>;SC53Oc7^17JEnaRxY&km zVHrICTo9f1__saJC2+Z^;5Z3g?W+2>joDftJ<>#Y)$aA3R>SOLDL%3?vDH%0zrlLy z2iS%^_B2IUoQwhxJ?*U4%;3xd$3HNA^|6@rxOxMg9b#t4kwv%=%Al+#I5wp*uTIFP_f zFv5=Ea3ku6%;|` zW4GT`fw`GMx{x-Xl1OoAEozd@4Ww6uSKy~A(OJr}0#bZ$YT8E&={^xFO}YH> zoAJa!n9qUKbS6+%3l416xj3*SU!xjX@okz`eVi-!A6vDvab}g#AA_&O>#zf~T;8G; zQo-D4iQTJ%cBN^wC~K5&k&}(PD-Oi$=8s?8U9iDQB5?!jRb~3o)4n)K>9NjeQ6gWM z!e+%Hcf4&0JYwF>)@~t4pA}^9SV(0Nsw4EV`yhoGME~h?l-vHB!z3zo=KI!m)I`Pb zqvd3`e1T}w4xh0SVA?!IorK;5U-HzuxQDeE%hHMG&DQ1%@Pvmo!?*z<;I}~O03i4X za7)G2TKx>LCq)B;X${7q&NWk&2GkAjl-8ebbJ9f3gmye4$qx_mbsog|5u&nJUPR3CWUB#9TQb9nv1y0lxOY7;@PE2t)gVRay2gW)P_>8jh4e#En25)k1sL@ zSO?9i!C3HXQ@JIy!{Jrbt+=Ltl3Fo(okOsobrzp&2WX>^)Ydf1OPdP%7+;ecRd)jwZ=)H>p&;bz3FNw1R5x3{pk<#J%MkG8lsY(gV-s!+k zh?9I~pv6O3HMByL>8c6%YK5B&sHtR_`NM?}YS*giO$KC!`xr%Vh3P94Mq3iQX=)<~ zIKjLX^bkX%T9I@cg}t8$_S2KNK9SG{k+X$HbNjtcJaY{N`CM)g+wkd6bD97+9cij$ zOvQO+iH)a3W?(RujI4L3qcC*FbdPt7T$21xBTqtUhl;|x zy&8vq)a^n2&6uR3LEc~Qgyf9h&vlvYSqFRAF99R1z@J^mny)2o2J`;ggHQouLSlmJ zgq^TX;CazRWSdJPfCh6A!Dr(0(g%2a-OsKN>rFbEs`_M~Es8ux>-S$}lTc0s*4>RF z4=XR7+(3?=fK&)z(blXd9g=K>!_UN1ZES5^w(d85KjtDFv@oA1qE_ohQY~StzJ{)Zxu3y(9svsVZoE%R1TdSAyrsQV&`NgB7PZ{-57{8i(5#}Q2 z3-4v(Cg=#6h>sQO#6KWCLt*6JQ-;Y?>1n`@;CNA58RDHg%PV25?yvsl96i4?k1hNmFii%?E#BB=%~M1g_{ zHNp1*%6mI!$qzKLf0>RgMnt~S)4bf>M9GvG;yQIy!w ziIx&V7n7llvV#e-tN<>JA~(p} zAe8W(g7i9rP%Xo*VknB%_y{rQ%l?c_RwM^lr?GV4Cy`@XcwDsyMAHC!!a2<-;+7~B zI@k>3J8HX!kqnAyCJN#6P9utixO*fMSYt|WixBlH%W84bo6a?I4cm^{hm`OuzJsm3 z`;N^LpJ?0C48{f1=mJ#z=(Ax;;82^&M*rq^d+7t8TpQ_w7Asvv*6El?jOQ_C_1o8d z$C_eqII%rP{WOhvmiS{lB1MyHbR^~vr6o;ZIE#@h6xU#xU{R zG?)eEcEyP+u`;>yc4DXS$-fGI-9*Qw48i9aW|<3zcEbv2RxAPKb|DDXg?}7b2+5im zC)Z0cuiH75OuuvB%B{U^_A_$vs<+>WC3MzmxrFv?FbEFnJh5bZ%g7ctzIZu@mb_Swq09GZY zKmkzM=Qq7P?XVEKxA-=ebSxh5-XLRDHxp=^2j}CBOz=P+__NN^5%2MQNcb%q80y6pOQUgoNl~A zEnhhnpeyT4u7wH0);UX$s&0dy^6TyH*-84Z+H=J0ws5*XE}k|C;5kA#6n6Fj=g{${ zjQ?342P<%Gr3G8g&kNni>X)l>+XcOsq3+c%dy0Y7h%|0yRl5^+Q-qY+6K>&3a!DYo z%<4rL^+{yLx-Icon!ji8-voozc*{(WE+)vC%7xmo>bYZ^Q?2Gt{OXPCU&bCpJC{1@ z4lb^j)PjZ`LnCbT-q4KfUpOBl1bVXbi|Xf+QzphCEUw%Hjk|d9H=>6rkxoJqIbVM=X&vhfCRoQ>VVP{LTok#grLM_hiYi3nIx11nv>3Tcd_{yhIPgA)uC^(FHieS^GT%Az6q$S`_n#1eq>i8Ht@qBV)^J^JT?K`rb z2Wdja>U){uQ<`V7l6#si;(qcH*G!bYk)$lPU-T?_!NPmFYtMN-i+}WFMJF{4Ojb2&n7vSVeT|Iq)xlx}3s+ z^%p3tWu4kJOlH*+lW`SghLEnCLB4R>SBK0nt#r*jq3ZHK8bcGpa#57N(0(R^^W}P+ z17j7kGgGPeBrEmIU2HxaM~1z!J(bXpEZJZ?ZkKONUbNJ3T}*p1F1mbvcDuXG7|;9a zB`ZEfj})IL^5(g>2M`bNxIOm?wTQ(0l)QjQ&j_79eD6ser%9_TSA%VA<+TmK+OH5j z&jjLnFMdGmUu~Mp83HK0{{x)yS9ky8&05KAG*X9Uf_!Oe*9;)c z>;7F1Xrec+jIYw2cBNLq$ul6b0iA2O5;FK;Oh1@8PvY_#(NdofyxB;uswO{$vY2Ae z;2H=>zMR7o3r*Q1$?i$D4_e7Goe!0p2_mEr$YzxeQ|thjr%ax7-` z%I`%P7nU0~d+TFz=mUR$dP+V(P^k&L@iA9viZDlI_@n7MUuI?*&#GwYDxB zy%Kst_U!+UIj;d74#{Tg>xha$328nbrGR@L%auMF0q9Q{KGM0L0AtiPoKszp3{TX}m(|Ud?1fb^D(rHAajS}a?w58> zH66m)$PZ5Uup9%OpU_?^qK148ktm3p$w%VWPe;DrNR-mGe?`7`8+#ymaxNKx9IB3{ z_E2-J?L*y&sSp%t!L*!D(Eo+#r}>r{Q;A_T8+y_3{!XbdQXQbAbkd<@Wn|iW-%mzp zKP{Q+h1>oAWsP)HkR2z(C_r*i7UAaQ``C9{i2)X9wKy2nweeIRIIL+@8FZ=xQ2;*Z z4r}~Fc2{Si^jl(PR2S%K;9hxqL0U`uV%S+U@k_(@1!}BW{*f4?k?Ow(`Uk`LG=Fu0 zL17;IJ@!}^!6qH%jqTg3Z1){Ll|sb-gNw_&fn(NmZPwYB|8U~e{~$-7A9mb#xGa|X z@0nkTnjaWaHjgtk3x~^ZVJ)uO8dY^zv^R*CBwY5zbsph@D_cR8MfU^9l(5W4QF_Vd zRS2R_!s7(42$a?;slRRP&nPiCH8g%vO|Y69pSj-fI@e`FV?GM4U8BQHRuUmf;& z;LxeEa?8YBb1e8LYQeaiNxZKLht|4`GfL|F1<{h9(#jns7hNbfcH36Yb{odMSLSbz z?LIIK7gzr&h!l8a#!TaI^n@FjH)Wx8-dxFDNL!qVd+0qq4aJJ{IIrS{7JX;HH$Y#nkuPN|>(FZB&~ACtZt~D>=*BphDX3Q6isH!~+g)fIG=C?x z?t*q%w~JfOHmOk;QC*>qC$y$$)rRt_v;fjqEWuggzJxm8UsFHl2mUHPi2)b$2qJnl zaAmD`WrofN^bUVxbr(IHq~nKeyLIB$pc)Bvsu-Wc64&8+hVxZFLQ*oQdM?Q9m|jnI zeBP~`Jcs0PWZ z=#5LWV8f6DzA{CYo*jP)VZ;P99L&p*RinX&!6FT9Dyk`yt*Iva5&O8ua#1HU{S^&0 zL4yAsVrg`$Sfp6xgIgz}j_@#HMKN}yxt1GUI)9bQg!7THJ%{wawg;uDx zIR#Cd8+??na5j?(hJ;EZY%LxNiX>XfNOBvG?EhtkbsvNbVMHgPE2%^q7>Al|JY8*C zR4n$69%~7+9Sa}rM(mYi6IUGj2MZ8Y<^xZ5SSO9>JM~K{{@d1W2enbzx>12s=5wn8 z^cnZu`v6|a$+NbM`1q;$KGw>qL#fs{{~Hw6UX}d=g3bTK3jaYwzaNBn)%dgB-~pES z@8ky$E(&4G0c9U^{RbQU-hZyyehpd``H+XLOu>6o{{6!gr4=j@mmjz16s(h-oxG11 zcWpX+Qq&*uk(O?jwTnNjeUJN*B^Knqq6OK9ZvA z$2QA%8fr=CXcJX|Bx$$;!^$i?X$^LJC?BYP6tF>5-M43H(`x0-j|JL{`<`G@z5A`& zEv$i8*Md7Vb*=KjYh&kb`*8Y0H!#v)ej0L3_5d>f!lPRa54nP zRI_2OxN9el^iHIeGf9y<(k@GO_@`niA^OhT9vcv&5l2WkaK)fm&I*eC^B{RSGTECb z$;9+3^Mmj`W9+dziO&3EiXdB3l zKqaFLxSs0WNf{GV{S!d#m`O+LxE+dA-;ju-ply1LB(Q4(%;y_uh1`FVhUNsPmx5h|D!AGXF{kn48Sf8)4xzVOT?_d7ey>} zia2k&Q4vj0W`q(FWpTgv!R#&rd({!6$8M4&$Shh3-%^}C<%LE^ybDT*QvVzV9*!}- zl~y@?f+BK41GLe{I>N!tasoD`RMYjk2k6Pj6F}{|Xc{3E$M_Q$T)NSKg86rY=-bD& z+Qhbv{ANylLH4YNC$O0KE)jrm{?Dje@+A+$e$I+mPmbI6jr=O%(=xd7428T>A;XSa zI=7KJjgOT;ci+&Z2e#)_3gZCspEALJkr?&rftJqPtPng*o zMCO}!#_E+#Yubex*Bo`l7C^>fBI{;w+MskBJnW+aXT=38spfH8aY;mx+ertlM@q@d z-TqtQ_GbMu4oK>{`q~bJv|}}MDW4T&5f5yax5M<*pDY=~bkXARx?@N0OEx_#Q8%I1 z(blkPUHHngMIbkEL=iwCrysYfMI*aZ)X6^e2416EV$uxo-Kua z)w+@;SbXMsdG>YLMHSmh7roS#t#em3{gZS?l1-$zT0S?gf z^|P=N{=NdO1N9CaH`SfjqrBKH zR1WvVWcuCgUFI?f24;_8q;@t|(%4%?V*Vq5{|5$g$Ql15fiBS&|8wMK8N6nOzRDbU zfcpm$|FK1Ghvk2mQT6+WF6u6^^A28HfBv_1zRY2v*ohdu0s3+ro(FHHr!i&pJV=1_ z+^I$Tb?ZX6!x@=pVgkY@aN@i*zquy_z+RK~iz^4;^k&CN6tfvPeRu0dcz%jr0igt9 zb>A$>NTC1}l`Mt26n-+ddecvZ)mRE%oz5TiHO@B$Q!sI8uv^@%zZE~AT+|x5fE`h+ zF3aIEVpd4JN?gYz1TCNO4+fjb93UEfmdpuB? z;_2k`b$3L2qyY^jp8QafU(aI{Q+W|BEl>t#)F>7;6cqmI{5^nVnsUb}Dy%nMAZD=x zZSRp|Ut_VOOWVPD_f=fzhNrNQS~IlF$9d-XtZ&}IN&@x{7Phr(1XhKyV|1Qnt!CAM z80_*UC|Y-7d0nzOp)-UsMmpuRiP3N$5dg~@LO&HnxuJ%pvKXYT%hN$dT<&IX6s530 z0UsiPqR30sWZ!VjY}HffPZlT{gSPq^Y%viL%v3)yBk6I9N^9~tcmf|F`1g>1kDEJZ z6&~vdg(j}(1D2`7Hu7%gm7STgET$UJpCJzV;E}_G;7&n!?*R$b>N){b;}F#e))YfO zpdyn@^k@;D;EB`=18z&McKr{kBFBl23o*arlnCijtPEqtjLq#IO;q(xBx6xwc`QkR z3M7q$eTT}s(sY%GT+*;-U?wSa2LU)MS^XcKRqo1XoR&%g@P-@F>+ts#dc#hyuTWn> zmIlm&9&RwzY}~yN;BNUBa|DN+dkRpLZ(hcHlg(-0>!w3+ye1IatCV>iA6x&8{F@|roxM}S~g){ zer$ur2WhpZ+P{|e;u?0?oqMA^jCkvzdKo9XqaKB`1r2PSb0YBlEj5KUUwI)CaANm9 zzP;==^Z#BUb$8K~YgI+@%({ZJ;!lOP z)8Q(h)Lb*yJ$T9EKtPhLE(C~tPN0-2Nv}xn3tFo3@qM{FgtST*h5bGgQ5QfcdW;v^ zYD!p-9hiqO3c^eEmet8X1kS!mtX%YJi``m0!iGEPMdKRAIlW=t8RwlsNrZhM)q$5H z6~LTF-E+c?&hEMp!hPwxc4=);50+r zl1z2E_#QKXq7CO>rZ@-9DB>+%29=tIk#52!Q;eu&oJ29A@h_~eVJ~a!@;8= znEQ!H)BY40#t6O^0l`xr%O^mM@d{F1nA;p~vSWCi0ZqYKk%v7X~QkjN3U4Fb#&KLzQlL4u6zg^`f;Mdl{Q+d3x5LpCjjv!WC zXveUw9F??Y2-F*0^s~_T&zNi1?Rec8C>~>xzk1EPA98b&VnWT4t>f7?h0vHXP$O{E z#hZ*^0Sawqfgy3?d@N#&$^Ozv_8rMnL@o=&Ca(!A*i}z;klbjUZg=aMQ=_Z+mF_B0 zw?=tFO)?%uIzEuS)5*+z)xO2*$SZ@LCX7V^)X-QAJ9I=?MwLg(qP?8*9OLK3x-mY2 zJv2f-iv}a#Vm$hf1qxwp?|mB(<%Z!&E{P(Q+%o{E!deVUATafiTAEgIHAm4&n)8lj z!^KiW>Rsm{1!qi3-kQhu9|mL1!yTlWZBUwCcbJ)tA%X5-l!YctM;=)5a(0vtU9q_! zOqSH~FZWU;bvBNHGbdz(#Oh5Hg^oZd=)Vyt7_t@+OAKL#0X$kT9otm?NnW#rRy}w% z?w^KSLS4gn!7@(#NGt>=@+RtfjY9O0E;(@`c0xZsh5D@DVJYreQuLv#eNx*9=Qyz< zDyyHMM2@6dqbQrBp!vbcND+z$R-uhd3?(6C$N@`UOr}~DOYH3ca1aHF0k=s}@rH$}o(`MKkNfa~90yWoJAhX%G+U^{+jZ5#Y;8NQ!E4pr)_$gYufWpf zhB&WoDk~7ZM4d)or2P#DBCaG*DVvDyWQ5hH6dQZqPj9DMM>sEzT@WFg?ma*v>+jL0 z7>haG(--KzzzGkBTNlL%eMzZ; zWkQ_29}hqS!1y}`kApHMN)C0=!Pm`(MszQO`JUV0Sq&p`y^?U|I^WA0n?u~){TF$w zE!YEm)30D*O7_U>c%F*Q!A^QQSowZSOF*s3McYmMcOiNpR&yPkC{URN^6Fgn1!QIA z3sf&(L=-9YBSG_G%yv#a7XiDXqn$Mg4D0au0s&^JYS?piTr`X2!s`9X@($Ol%Q*vQ zrBufVn1S6!R{~d=4oVlMv1W|N^0%chI^DpxDCBr@P8?EfO@yzbNJ%T!2Jng{J3<-$ zB)|KSmEd*k=$3#*QdnQv?PW?;PBcsF^IDr5D!jb24@?4jOrz=TM#Gn=Fj%JY1mO1F zCeO?DWw&00AkXP#$7$BnF&grS%muyDRC;*q?TwBmAcS4E>J9=AQNSIf555t(Y6lA~ zQ>YT@X!|;de|wsAJA^)?8DJo)+&8p_-_NHv5AzAjOaTCm5-g*`Y@Itcig(uK&H@_*D9- zo5IF{AfMSyJ^LdfOw;IP$ccFh!7N8d;2jEJQ6hraTNUSva3yEO=T_`}auJw5UIXGk zi;Mk*sCVI;VgtwzLPmmR4UaF9k-_=;xLlioApq*2fwzHIH6DIg`%#ZjNbZoQ=Mrq! zE)mWz17d)|5C)7>yf^-qJHpfl2i(W@=2OmC_XWKGxqF$(Eo^s=8ZyPjO8=!fs#(GS zVs{p#HLEF-7X~K;vH=)0f{=0C&94d{X%W1N)50H8HSYlCjqNVe*LLVYCins0-U0+) zM=0LKjo5#~QccH0iY00?@*3}xU+SkhQwTgKesJ;PY~b}L%n;HYbIHcoZR#;CIDD&h=qc`;`E zu0=IQjqL)wfe=M`ReNM+nPmFxvkY0h?DD;(^fUT32R|F2S+JH$SI}C(oL=y7x$*m| z&1b#-dgY6%ud(s_7Q$vNJaHbOE)}7lQVHTpuV3N737m!)BtdnZT%$|v5-C@9=X-;teJoi7WAuR)#hknX(3zo-<O>fiV%3+#;_1i-W11c2aj1}+u!Y80N{IOA#=(! zyD*zeFw4q}$B3u++{%Kno`zPm#L|nSC|z)twVQr-0$wQoDR(-VzL0PL%c@Q)YTtr! zblbg#}eTuK?9_n3Y!|+UZJ`>vP#Lx5`Mg&HK%f0H=X{~)K_PtJNQZYTv z`lyp^ehBdcWwk?lvGO=UOOotxyS!c<+KIVoRgcn+8=*SFDeTyje}Hehl?vcgdZ7e;shYcmfK>IcwVmzyyvxSMxIwiZHpN9bkkzu)@ckbODS zz;)xVaMOIb+`Z2uzx9^ySu>W^ZEXZ2~=%wq_Vw3&3rMhY@)OtxT;)Cva$Y7)OEm_JTa+;^F%oAxo>>tOMN~H3ylRDLZ*)eATm(J z;zVRvQv0YobsGGh&fx0)*%;IMdTaUiirJp@t#n@ujD1=7RlGTk1#8$ICjUi;=I>dQ zjI3Bc9eXDp<{=(v=jgP9;uaLddYkU-pA`h3bIl>(5SmrrLT?etcJoB6gGWr`S%QsU zLT@TA=NcFns--kf#mcHx_JKOm8HPg)+3v9!u!1YZ=*AUoTc1oG~c6ghc6;d&_}NEMedK zNVUhMQGpqN&uLJ62E}KPl7r&2{WB;&J3qsg{uZ|Mp!nd&9{dkheKwSbT{_Udl^+h} zGZnkO<;6#)_^f+y$ZM_vIpTtW?D+W%3+=#;Z*|9YTlrhIdMs%XD*l-%d&^eWttUat zDbO^BCr~X1f9E$Q^#_0FqY(?3XM7hnoUGI3gNv(Jf}9NXIsy=3f6}9M24zPV+6{uU zJi~im1@2XmRv6Z;k$aB?Gt=@)}IotE0joc!(P=F$%& z*)m)6%lV;~@^Tpb6hz6MbXMr>=n?>SoZgJ!N2Uq=16y zRHZ&F_>N)3JxP_sBHw1g^7ct=k6Xr1PVax9$*r8tI?v-GG+8IQVn(e<%CaVl&HBh% z$eYvqD+uTBp3~_fG+7^5MQW&_hJwdtfm z9hy(vv<6+mLIG>3%(nE|QaYx-`D?@U7=v^rXwDO&n0>hJ?aWM~-ObFNHz!e+X zEg(CJ$6TgmR<@jtb#EuO0QG|2hI3>=^&%XGvQ(kg#qNS$_=ys~|LG4Mrq$+pCP=>? zv$|sQGNUT4O+e?A3vFEfG!Py4Mp38{7b?MEmbJ9LK!=m>j`p%TZl&`biTxVq5?Z-| z)~7-pce&o}kRAWA)D;7;Pps1er>ZBGR_vZ6v@oS&WUgdcV6yp;Y`sp7-@n)kF*GY^ zYw5HNb<(vVu0Ge4nLEY=c;2aDg4)$=;@6O6-p=5EAMEDet}}r5?5b_mIEkCJEv3DV z>FPaU;huZ0L2&yTJvUII#wyaTR9|h%n9v_|YmX33D+*&(8f5LjJZld(aEMm`9Ak~h zEn@{%6iAgUoPcbR1s&?3^-%uWYoWnYps~Qh^jH@xa}=sC;LLTInNYUQlHK8kF^($FjdMqSEO zlSDDvSYTy$L6}{-fMO^y+sN=5)YR(n3h0D&mY}MQC4j53W5?UOv=a2vELi$PPf)RX zzZFY2?xY%xy9k4V8q2z`$p3TrU;pcu@zGxo5C8M|_}~Bge;xkU1pe{e(O-{#@qhfU zqoc#a|NQ&Kk2jZR|ILqn`A<>ixA@mDhyTgW{<~u*M@N7C{gwgUk1IpOmaUX&*02UpUnw|S&~>YyPh`edyp~L;j^)-x7>V23=^n zBGXJJw|YXZ%c6ifXrvVOI3qud$lre$k&7Qj7&VI1E&nxotA78w@ z_~GY<%IUj?FH6HN6`S#f%lpQq2%aVdJRUEnVsowyQ`*H1Qjuo%FIZHc76XmYBfE3( zGUOGu4_9xoTsejeVR>h77K0Aqy`V2qFM+EfyfiT-&1$__<<40B&&rb#nU*HRghQBs zTE>b;DN<(le2AE;%@b>sv3rcAvC^T`3?m?awp%nY8IJqsetZ)byzE#`|J{1|(^?7r zwc4~%EqyEMN)gK@k)bJBTMfMmji-9uRfXH1Kq*2Web!eU8%pyJrTH5_LuvlaDGsIi zhtmAvGnD54Rg~tpXMM*b{-jnP#+jX~Vzcr2ZX`i9(jNYqq>yI-ikx#XKUOS}3ckYH z^9YalAPmpQA=dilVty2#_3u3~m(M3J|1f#p_#2qjaz3{^8uFKAY)+FEyrn{0!synD zxhI%eqPmI&?Pa=x(&U~*aq)V4`I1Z%A^jD=z7wxMmZ4l$iIpr#D&eU+ii|a7ewc&8 zGAJyA!qRz?gTgW>EQ7-Gn^#!c96871F+4W;?wBMpeqkc)(>d5K3`&tn&Kmkwub zcr!HE{{F_E+7F?bR6i=3uuG=6+<^&PPe}lly?}u;K+j$S&+FMH7Q`&+l5sJIW&{%eQD^N-N=k7 zDv}*=#q~rOI4&cJfwo{qtE@@Tt8=zd$A-OoSWbdWT@JkvH36SC2y_23E5~asj+sefkfoc@@t^S@V>_b1^hgZ7lmE7# z=@6&E&FWMN!|vNw_`3cyS;#Eaq>$-2V@tS);O~SQqxckT`c^Vp@hwFZ7NME3msst@ zW4Z9gR?= zLZ%aPEptYeGApfkSry*j4b%F2Ib|8{0hb~iG=@9dg}oz4=W_JT;f`y6h8r}bqL%3^ z@?V0yK<<)v5YX}C`D?tkPqD{0*Dz`Fa^mvlnmJF&lp7C_qVcs#aaMc)K-TDzwKya6u#GWEFkiV~J- zs#l<6NUYrGCeIpIvmNr<=5lw;atdp6DKnmIIbZ5dzlLT3tUYB5y5th1BCI(e!MDuQ zqkY{XIQfVuaduxwObn=b3aA;kcTfoha)MrAnG__-5n zgRY_2v5?gVOyBo_}_d-O-hP2G>K&FTu-IlN#Z%U4HQGB?(G#(pgYg_P0CEo@AwP5fDbL zFb2XcVI}GcB@?FggnZCU+ZLdC1T3uE920UuSA=HTx&0t#!Mf}tP^JKXn@Y3TkjIu_ zn=&)HE=Sbc>>tqQniPs9EM+3`@h6qxXqy7`_^k&k@J<2)bXbFPkwQ#hR6xC=IM@R0 z(olQs3n|7*N&`v2(Z~Qk;|*ct!V6J^^4#jN)Pw~yk}v@lOGJf4W=r>~59hDRb8=|k zbp$Ihqa47jnAxyCMn3ahOoD(UQjrs0L#Bhmf3Yp-5#d}tN%f> zEq1rf;G+j@zZh(4S)o2JT<jy^8H-4N$>5-iP0Uy3Tc= z8|v?9Wnb5IYYXwXi@V$va$OI(kr~5#n;)WW{Ny8qN4kyhW>u_>&^CVZ5tduUpF7>LO20!sXq^YE)vxj(f(HHeS@jvB1UJ_8-9=%^9aR=6hiG zB+sc@S=A1uKus74>0j;7VGK9`d-1A`a67#RT|)KR!NR-E_Ijlgv(02*zvAPQaJ7$& zCc!|G`o0j(=mV7C?hBy@Z~-iZ4&X-r{Gq$UZpic_lJoh(1br!^rP$_;>FyiFiG+(7 zCAUlomQ}gE1H^7ybWRs{X0IYPK3sZ)Cv#ua`@d7x^uR?im-v;ws(^F;p zFq~%B1xq>}P(NN=pVS*deBXj8yoK4{2~E9u`jQr?n7kD#A(vnZ#NMCK8geysUi zAG;+V+p!%HF0xP=&joO5e^-E)Bw-XlGT_u;b=w>!>}0UKJnAgpB;4-Q5iP`f=PF2; zwQ>}VGsJ7q|eq)pu4I6pXt(bX*f56)9x8HV&+1SY77oWwf~_r9fQJ06-rO{^8*7JjvnU9}fQE z;QwtO{ELR7V0Bp4_1{i56Ipur1lV@);K$raQO3ZAd{VCX>CY2#&2yenh2qfAd6hiC zzAwu3f!%7%?2(rSvQn>&U_xA)U7+y|oddb}TmTH5&!A7l+}Y6u1q5s%2M5r{!2#hy z8%EO!0rKPAQa)$ekc0|QZh{esYEn=YEMxfahpV^!vO?%B_4w*5aQ1&L&#uld&feXe zysg1|F##3Spw$lO>2uT)DU9525-Tgh9qdLYG=oA0@=o|J0+LWM%(DgNK06GeSnhIO zTM|=|Se1jDAgpsLN}6RWlFKES+l7566tPllEYkr0cae? zF(EgS{Ig_gMdq2D!YC|P+$^Y&nrNP~gksu2_mzE^Tk_N^^M#@glq5_TMKc262*`#9 zRTN?Vnxs-NB1LQi_gwVzr%yCZt%UjX>1VGz=giPCs67q5_3%7mu6A>qj_>MHdsDS` z*`pWoF4U|JQ0#}~tVl7>{Dmxqxh|)d)GWGSJ>yNRu^B0~9gTO~xQ>Cz1IkYjN@gWw z8&oV~R09BwYv&vCjT4zOQVPKmrZu(Kme-rZ3{{M=9QG2UbnAoR!lN<)bgp;8BDdqR zK$&^XyTGyz&fK#f;l0w8kA%@=F=5Z!}ER<2yI9NzXg znzoRXbW>F|{}+Q)T-!;zGs9Zf9BUo3tgSEP4V+k2Jdu^TSy)l8K|6eey-2w2;W6xp z%;*1Nn9L9q%1leVOD1@7NJVm3k+6z4QI0*_=~C36sa|x4+{9{`(@-Vy(Ltd0csfT) z1~_27+NjGM^iX_@OW+7`Tw6jQ)_7I$tj?_d{v0M=3YRQxgY%jhuhdM9=Os`3u-sRd zChviX@>=ds4KlJ5!0PhjX*g^c&U4`50EAe-ZrP^uD{8ACzr@+2CyS@pDK%Az7iN-23RkakBj9kpT zF*az-Rbh#$VvR1RAb_Is*%NX~h1Jn5-xev}8O{Ycr8&z^scu#h_PG!c`ZBhJeB4ra zutLY>ILoIjO<8*3F%IEUA5afg+g#FMSMV*a+|q2fICU)0VChbGpsK=yJ*+bR(>W#i znzX3K|J(t$&!t17XzkrELD(AGtM8^xK` z#MP7=Md38Y6@cS#1$F_;qHyDb)7`f78Xu%0gsg=wg*67nL97^-|LK1+MoZJBSU_vZ zvaCar{m;0{7ifEPV(6BwbmSj!&IYud_!Q()&8Zd77?Da1n@eT?Jk*IS+nurU9o5hzyxQI!x>Xyi*TYF{JQb7OTC2RYUzMZxty8|7Xc6xMBrwA?H1DZ2y&3|b0(OI4{cglIixr> z4qZe`BXeqaLbGf&As&5%;BB6*;FuPv)4XwXQV^c9ypRSWE-)ZD_T+(5!O>#UaFq02 zM-Di<8D~mkxvo7F>*%oVx;yUj0HBt!E|oG3i<&Gb6l76c8=km~tj?6+RtgnE(Dm(d zEFhoP!!C@4)!?*Y!i>ElUwwt&BvzB%Lm{DrX?-EnHhHvmlvK^Cvo$6c_G`tp*GZ97 zPOvZN^5GVW2IAoB#_+mvOAVMWQT4+fcxd_QL**!pc}-+{s~_51Uy<*~iKyzbI7^eD zgddM$75@iF;<8G5wVr@aOpUIxm4tZq~5Pp)OVJ9e+f=un>uT%&ci zkVT2ESaNuh6$^TV&dIc@Ki)hUP%P1}6N|zbqgc7b{t-Nn0_~26^{!rrH6c=w6S2ad ztFMo|-?LD1$>Bx?MrJB1ou@kFV2OMjIhY5kcx*dWq{gVSi-Qs0o+9in1h)H{TupH7 z#{PnDw((c6GDt&0%*kjYmw}V%KHGt}ZOkaoEFrz|RxuZ}LP2q4OQ^_kjw3|_?ugtm zQe+f@h&&;3yT#)XxzrEtHE|YzbxPY)5wk&TG1B@^_X^Ck;5&lZw{FCf%X3T%;G8m; z`JyU8B@ZEI2bqqSv&8>DAh?pZ)F+XKE4^KnzLa)CHt}b@Iz?4%B7kmUD{H0mKD|!R!3acpNsnE{b>h!ME_&x6dv@#oi3uqXa>+|{JDkWc&>82Q^`W)7>Wp+2T_tt5AWytSG5uzOtzLg9EI(+TZSuWtG_gZx|2KrC8TOWRQA@&AkBzpXLsE*ldbq2J0kK=Ri8V_F4Pcy3Z?tBOvOLg!r4xEqrshn*- zcTPrmzEA5xVqeqdO6bUh*yn{z`^>#+6#P+lF-FoEPxw|^glsl%c*gWf8CGdM*8LFx5k;sC*NzUK$Hi!< zDR;=NH76rHy>25*N(ChtE&Hk*uQ1rJOGy+a>(|~b^cAD&*zW(|p1aXiz})6-tk{8p z18YH>v1h+huVX?BnsC!{8FN-anT7RJ8$7}vq!q5(T<77mzQ_3yot8gs`V zT*0H)hAP9-gWZ(qv>|KrYxI6sgF(TRX_7MhFP+NLROLO2WzxpgJv88qYICXN6iQI^ zHg>$F+F+%RJ8-&Ak-pWscezvfP^Xj{HnyGZTWz; zj&W4p!BF{CkRfMUHwK2a%>8d=PQ_R;ngXuUbwfC&2#09F8mDGJt3a48bMG||#i-te zZQnAD4}iLJVPO?8l-hqQGa@-n7F;+w~*9t4fL%zf{}N5dipx?HYKQ3}-eTecTwh_> zo9mN_C0A1902=!*fo5LK5}z)J-4{%8%zce<=mGmhG@lDT;|UceTLJdko>i%%t?fWa z!xO+vQL*x2#MOJ&`Va9*JNvgc$2+Q^LQ_EvpYn{G)%rU&>+S4T;igox^L*=BzK;F` z+SxX4;rT2ezo_uu*A9I4pwcgMRU{aPbdzZ;Z`@_nKVDs)x@K>$u~}8Y&%x)eE>As| zfa--okZ!*J;iCDi-l7Q>b7m=4S;n}LchazM+sIaE`h<(Y$s3-r5jkbb;J@rz|DCPu zA82JoOK8ADPKYnrY}+3kjK_A`V;tPrWP1GF!2vmadrqjDZwnT0SKE`WflJpAj^pK% zH(i{bki^y8v+L`Dhc2`Pd4su?x>RhTw{0jIkg$?_a-vMNZPx36D~< zS(&-*Fo~j0M}RLJk&>r>?Fx+OL?z7S&{U&wC#9|($o+1?oYafztP`mSHyYN~I}sgt zq~p-HXLqPRoq?Gx&biLukVLT^as8yZj^j782|bb>M_rZq#}fTjDh78yaL?Vc)v#&5 z);+eq9oMq*a(*|-I z_;j(gBIPw1`rgB=Z-u;b2wUHeoOz!_@Zkqf#?GwYTdA0VYxS*6w()u$yHY((a;S%9 z2fvmF8M`D>kW9*AN|W0W(Q>mE`;?26&^hJ8r4+i9DLKDJ&d$+{&stv=k*a`ndc`RP|kNCmTKds)nxo4was2G{_w}#M@5C^rQj~6 zAlD@(vQeq)=v&OU2EWIkqb=I~AADrL=T7mUk;FzbZwg12x(elqXb9+7*-CO38MG zq~%C&*pl1tGHu%uT=4$P$CIqEw;jhfYdf_LLa{f93HfQk1SY_unG|y?A~8K>!`nt% zhtRFCXbVrYBu81paeKseoK`L*m8nH(d2OwJ3SfCnX)rrd>Z-2$G!Dlu@pOcRexPh> z%Wu**P@pwPpnHHo=iq>^GBDu5K>@#>JS83OJ?(i(1_u1H3^?Q$`HUN)<$=aJQJYKV zYDHDp&Y@0JcStR1*902j$D7OGAjoUCyI&&=xeLt{O}LnMzU1A+&)2}D_(OcJ^N3%_ z(HVh$U1HF6aIwSlmPI0SjL`sKFM^k+ictt3y`#f@Z@BMmr^v75zE|6q9dCN|y}A8< z=eKIFi(RerQT@;TUFMd%YOd5X6NFkTvHG)VE=D}V0|v7z&P8S}1AJQ`N4;JcEQCxC zblk({(6&ayZpf%YrWlHM6Z!*zYYa^m=!kG{f;_(~VvjiE3rCn_;mBqbFEU2{95Snn z*lflU^A}QTZ_$V6q1b~r)BoB3>n}~@ZIj3NhHbmLUP1&O^}&*U%rF(~#ZDB)H^ItM zE*=nzBG4?WJ**vQsW-=o5G|Gg_-L=tx^_mYGy+ z$rL$ECA48no|vNv`M;Txu*`zZ(f8ok*BkGQPs6Usb8-mH?B$82oEny`j(mzAOy{$0 zp`se3fBM7D#oT51fT49-LCiE%6Bl?@SzD?g{^gFOaZ!@EDB9bLim;IXW7nG!#pb}f z$dwP|+zzp)P0_eU7BZ9b)pem5O;4rJM#0W{@Bxke5e*%pR}Xu9@PWN$h>@nYkat*7 z0^S);+(M?B&|JEcc+Qthgb_aE?1hYy*Dcvk*K#*REub8t13JtgRen6u2^L1KlnmVH zYZ*PQtW9Jo40e+;!&J_Ns}CA#EW^|hZpG~-T`8sui7BYU8l^I)d@DGt3yP^va@8-J zR<%Q_l&?RP>Qe%SpCEB+FX(I6WT{_&n$#ZC?wT5PNQ&D0>6{L=f7*}^X+rk}eD0X= zv|~g=m(h1jZ`wbtT1Pq$$xJ&PS{+ur^^u(3U*EF3PTI=B1wOoH9ZK0;F);1podJ{! zS3t8AY{~3YQ?9YPDmci@!9m@(TUa#(ykse#`4pIOsp?91sq1gfylw8}y5iz)e|5DE z2!d6H*gegQjE&F|{{8r0QZSNar8Z2Bh@UFD80_R;;F7{y!FC4+AI(`^@AGOV)#SzT zi{t07$S=fp{lfkCrTg#q@*f+J6cBcTD&!9>WVeOlQIO7hYhYDTA8DX_=wM zhh2l4C6PIUF}(QS{uyv37$Svx^2H$x>Btof&*?2{iYJhY&%XTd<@os#k)r`DMe9Yomox*u}G*dZwUJ{dBv{f}z0Omn>GI~PZxqP0~Kye_ew(n0Agjygl4fh%~wXi zwXdpb0b7Qv4Ed>gk}#Sq&?Jc+{RQfsk!RB~xn;)7Ed&%7kR~Rh!XCyOw+AD!Gi(V9 z*sy*NwY1zVnD`(xHC)d)oo){>sf(ze)|*B4O?MAW8O?mvU(1+$=3&I*;J^@U>x>ZV z*Hp{qujM;wg37Sl!W8V>>7@%(JZ45_d?n z=2VkswaGrSld%g3vVqTtRiw~=80|#qWTuyiZZ~W4%x&LipG!i1Z>7_233&LWZ~f{gqAD3YPyAHO_)acIZ-^2m<5CLLb{=@?qN5iwnpk5<11-`Sm1 zsj~q&Vq#%M<1A!6_j?Y32NhS`N#IZr)7+5na;eyN(eqn{=r-Bd3Ig1&!H&J^(D+*< zE*pQ}*xmcHS#5Q8H9ETLS<}|w30vOUNH3qvyll6QeT*JmPd`>wKn}`v{dre9QIeqZ{a2p{?idWk;2YSa=iKp=F89Br!4>VCynxh9V zhntSQ?055<-xm~wXR*h*{lKjL|Npc1_sxytR-!n(f9F%6dQxTgy_VcPnM`tf^X!(# zc28XCc6)92%uVgxrvs6YgqR{20F9U=J6gegvVRxpNV2!>{SRI?t%mJozCL$(>ne zq^@}K^UcbewN>Th5l8z6Hq~b(?XQwo}zsfPVkW2^5Pvi zcbUr8e>7ei%II;ffT;@z0Jx%=)etlrA3)AgNmcL2EB2tjdv!!!J&cw4Pp-%6)sS4w ze7rW#$4pkn5`4k%(|}bz%C^`5Pa{mF0vi%Qe|f^B6w(Xa0T_UZBw}V{a2`a90a|S; zNf2dXhme>}^5N=kLtvbHjnp~by1l*_yX1!>Ybi!k9#{S$v%7W_Lqfv+d@me*BgZM5 zAFGtUJ%Z0D8;z=KbE1m8di%-Rtw{KUGp;n01U8k z^Im}f`RYk27>O=mfumoX#lsH!FOZ8fN5g_12WgG^b7TpJCo}p_k(2WuZtUk?eT}!0-~F zrjxd=b#+|%vzg8*z6tHP-Vvj=9>L)v=5*PA{%jPpjU*$AR2%$jYcIDF!5roazu zVoS6~nHae=IZV6lRuXnTm&1*(l3GO1y+J+?Q;!D^%`yzA+r3 zj_T(R1xs`lzdI}9W2a05T%r>-siwXx8 zIoCqQhXF%6KERoLwC`dFSR%5__SO+&T!lPD_S8TAhuLA9pOYOw6dDKQ)IX{9B`iMwcb=d*S zLz!g=M=cpU3YEPL8UByOJ%c4YF5!F{Wa&bKHHT6@+^lWXypu%}UC7m(NWR;Vch&;Dd0X`KhztJ?g z+i2hHIoZZ*pPa0_&%?RuQ@_6$VQ$@Ol_wt&_^VQa$M<8jwp?1%Y^lz^{LfZ_hA5vx z6lI3V^V~%M?Z9rVc+t&iQ62u7NEsP%?Mk>9hML%veBe5U!}z|dwNgxFm67uXQ!xJU zhde6FPZYjR?y*^#Nx- z!rY5Hwiw{n6qNf&8t|lHy3q4qotA-+-hbXH$<+;w0M<9f|U4u-=6TQy1& zrKz-7ZGPWpemeC0r7r8&wp*jMh(&5w{PmkqY2grIui4YH782PoqZUGGORHq;$nW?j z%4lmEFP#I6X8|4e$03M&ex?KvuUIk|ZdrQ)S`uODY}hl*owesKEXW3+fJ#b*CsgB-pcoaiU0_x`PE@|RAcvp6|XR{~(1g5o>KRisgy}do!fauwHJ25dk3c&6ESI6A(F^F;fzH)>M

wjk2}cC=DOMQr9$Xy7pBNeU3?qvCf?w5?3?42s?Sv@|1NiA>p( zJ+P`o5@33j`co&M6+Nh!4e%NK@j#JOB&BZ~0I;vz4DIE{BHLZG#F@cdwv|Crai8B) znVwv&4M454?CSYY>Ttsl^E(|0TkGHFFZFi3-j26VJDz#EUeK_Hfi8=bHx@;R{^okz zM;fynPq`#oATCvVvDEz591dVcdomuuSS@l@!>WP+F|00v_R7HUS%~x<7W<%iE|Au# zBU^vx$coo_3ja_AO&DOdCxj8kkoZNKtK!@-Pp>ap;mXC#DE#xiSu^D1azzY#)C`lf zn4Bph#z(cN=vVW%uiEVsq-$Y3yN#Q2!#6DMs%E+|TUd35aAl3WT^9}tLgNt@5@&EB zz{32JBket{wiVKwE`Kei%Yb~jvuhU`nlnS&g0pFknB(@ts(^^uQ)kT-vhH^{7!D5( zoQ=~WK&i)rKN6NFBE`)!<4dK1xm4OtIG36GR_MEcvD-o4;Rw2XyZ2kNg^C&Y%ssmt zpLK4zLe;;^HW@U?=K8deL;P`=6y=e9U^rtlAs0vfA#=0#mVE-tFxb|!+2Rp-ieFP( zEc`lfRrWd1jDzY?J_T1Dc^d%y%JMmxQ>oh5Lb|h&l+U?}srE}^THsYzd^5b&ccLf1 zR__f;Ke(pFh?A~1fXBrpZvFOE)MuY%U%u+vxozq>Vt4EyR2 zfU}jF-8E}PF$L@knL-x`PoP+oc^5?!zoWN73FcCnFF^~U;F;<}_pWA@4jQ7?H3)O( z#=$$#)*!^zN%5)#+0uT+N?l?MhJP=~C|^Tp1#fen)e+Yfk?{*JbL#|M!NO)FEESW3 zNy*c0==Uu7?Ur1&l{}A=D8l^yv`&%V^O0oabV~D_WwAw+I@D0wf$To7xc$AA2zYL# zhO)9lk)g_l@&1%(Dkn^v0c`E*=Ujg0sS*!%&mBOp{`~W0hdkV-eYqDhOYeD#!4HZY znjv35pQPFQd%nIsTgwuyp$nEsV2w67o*UM52t&Un=N#*sn!nKCQuXmOs+|WkkT8SC z&h!S=Pe-LS+Xy`+iqFbS)0~M?Ws8m5{FGp9=L;EoKm?8B5B~8wpMbK3JaK?uVH6NK zqPWOedhD47RA=VRpi<0aB_V>|<$GeR|$Ah?aWnIGAxJlDo*f>-YHVl9pzFTu!{+pp{vC z4+uH9q3u8hg{3ffie;Hb%p5CO=J|SHM)78F+4ZrZ{$zBo{f?RV)jZqs&BZV=v6x)@C%} z*pxVTRY9k0X*4)n=q#?fN$tYLy(2chRx;XID_1ts;+1|;4VmP`Q2B%5fn(U&N(i4H z)CKTqXn`N@=a7(3uC36K;l|C;fG|K9Yqo?HE_SmVg&(yEv)G*#7PdPHai5Ha@O3rI z&(|Mzp8#TS^yg2-Y{oU2QZ@CdFO}2OpPt?3)lNk!z->)QFcmSf7U{u{?(rpo-v1m^ zk+dy}V_k_gKiB#xhd0>XDWb8)zNjg1%HFFqXRlH zklbBv?NXi81-hC=S1a@KAjGFWqs8r6Fj-kKYCNvG9ni%pI}W;HWB>73iRJMCwX3k= zPs)06W_>hTD+w}GBDyIZG;sh#tP!9>vH^SG3M58|v=%bplp#HGMg(Vaz^9-KTFsbH z$qwEmgB`lEY=MQhAny*t~x@V+bQ#nU_HgrNeL< zz{AT=w_cYR9=dmu z?%9~7{LbNuWHeh(0k_$iovEMhWO%w=6zJ#l$ICkQmih}mkJUw}S3A%nu3{@>99-O- z-drrTHo)JW(!9Bjalk_MBP%6STAY-6dd5{E=B$ID?#iE7<0Ih?JU9+H{qxDyQa$IL z9gl9dH%xVs>YL|kM|qT)_6Fj;7>EJWpPNw_x`I+IT625qnq{f9m|4`ja6^DA3>Z{x z)TN4f9QanExUbQ(6r6NKa&~XW=Kh&K*|0FP_cZ&rcYg{D$p7Z83_eBOm$`wOvb(Ff zgz$gFpHXXC!8QCxNi$sgM*W9%_(6DMY2`oV{5ZkofM?dX7W@hW(2!dLJz`M{ONcqJSS%Kl@3pW(+>P;9IC zLeo^fL%Qw~%q4JTQ8m3o^4c4fnp@v`+4~JnWAK7Bq}32rrj+Ap&k756vJMUGI<_UDRU845 z$kUASwF$yY=d9^f{O1jtk!mLIT1+%0jc`uf9 zM(7q?bLw7M&gJL?7T0dC5H3HZR`&I4!Hhf_?fZF4$$vjmfBP}@n6UL>oC+=SEdp4t z8eXiQK78U7gQYVjSNhI(YJs)Gad{cZL{Hrvm;xmc}5G{ktZx!y2J6@ zrV8%I{g=Ld(S>fG%*<|)B6_1-d0Q9Ug@|duu$$St&UE~!2wR(hS#_48naC&MRs>b9 zt;cgwuuW6yQjf2-k=&YPgo&nA4eF|+9OS4~jgndi?^Z!D0_csi?t7B`ihGi6g+7nf zr>wfVVLo0_z01}tVVf>y)z!JUB#AB$yk@?Aq2Q=O!PV8RWN>wLuQf`d%LrH3FQXUQ zGSoU9i1=EYc(r#*3!iPRky%|GDtw18Z1&7oSB%RTuV0|!I0RTUcEt2sTLZPn=)AVP zjy6rU{&W;xMf5~jv*2b4G#Kx>%Al+LG*+5jv~|sQ<# zWEs>Qk9qf=A?u+2(z}OL*R~vSi;g1efcfaXMXGCSCfKRpNOg7SJW^fT^dMP%dy7SW zwZ0_P^(-rTUyiE_R&`gQGWgFM7Q# zIr>ah`aQXoY--1^+^2M73&-{jrQV^m=IS-jUITSk?@;O;N-J0IP{M1^4kas~RNkcL z?Zm$71V2N6^OU82Om`BrS;vr^ z5Xll=aE6WCDE^Kc>npNytyng;wJr0oK6fS4SpwPk8Dveum1lIN$tC-{<7sv_x8Vq( z_6|#_l?8{772Kv^J;v!_4+WQi3^yzh`R4XKYqsNjc?`EN)_}%Rl9tjp;hEEnr(7?* zSH@PPr-*xg(^LgCLW@EQnoOArW{h%(4NvzWjo57gL=kw$@X2gJq|nZ{x8{Sl!C>$@ zGCM67-~bfi5I8G74*yU@WU0$M{^J``Fqv441M!PvZMn?wZ9`txzx?fYWGYIjhGAIu zTlftnd?&PNk};|@dHaUUcwQQ!9<_aexbyvY9ndOX(1{muR=rjhdkU-uXC)nbJ}}51 z>oP9MJ(f&`P|daY%Dw2LB#UVJzqj76?J@7xzPRRo>qP!hiqS&HC8_)eK3mUDaX-dn zU{?v)Yd#mlnI=ZRhz_I%ZNy32&Sa4!44cuM1-&r^j@-Ik`%VejnDXJEyN8mOtqW_D zf+U-8r90IK#uw@cqj)~S`jE3S)4a&4Rr(h!tgDUiI1%?goCOO#FJXd} zaDJf49m`X!TMvs&7df5T8X7_Cx25;hk+maWHipZzLZ-ayic8fY&;7H)MsJ(Wr$T$Z zo|nYmHvbU+{&RFs}s|RN!~R z39o-RGh})g%1g&gC&vjZrpNY^&jtiDk#j9%hqCe~BoSF=Q{lvzoU&r-hk1&1J#E3d zLWuaHUje$C_bj#th#*JZs^UK8)<4r;IFAB~N9g`p>-ibR#??#sIS+V^G+c~P+)PKWg4WXvRv!{SkUrli1wa;pTodo`XpqTeo2?|YTJbxx6C8A!Skpb4;bxdSi zF<)Z5wZ3j}?r9LPmZ>K8Oj=-Dz}vQ;;Z8kY(Gp zZ5yv``?YP`wr%^hZQHhO+uokpo!Fg-*`J&D-pZ)o$~q_W9HeD!=3?%R#>booo6hGk z_vG(l<_XR;>B8Z7=U9 z0fK(99UaU@)@LW@Lw3;nj*ldNLz^k|&5+h z7lM3OU>xcL&T;B%K)MC30d82sai|jP{ zt#1<@9}wRc6dbt5gx?^TAfx|mi*>oidfcF0Y?Izn)16+VB2M8&kK4}~T-}``)){$1 z!$(GzU*kz_6*0-73yHPV-{&{m1`n5qhhKOHB+JElaMzED@6VQL`wiDbw8oID0Dn3) z7_C0>y*zK$XkB))OR9)UC{IMYmgC(&*To4(^-Id2BIRmnV{AbboSPSi{PVBjLPi+{ zO16?}GHDRB-5%X0Yr9)7k#T??n3VfQ-MJ~wn)A|=1yv)rj0q(jXD6X!f(JBO)PV@A zV(%#s08aT@%hBtkT@JVUo#`eqAeEhz-L6@~jq-b0dSp1&tjs6Z)HsN9K0_bUH4Bc} zfolu$Z%U7pDZyZ5IuMm;V5_nFb9%w3$dX9mC3&IPs{dzGr4Zu?PBPrqQb1=-lfNFl;E@dW68=E71Z&qxeGBA{2UV7RNcO41QvJNKoj9d2C%KIZ z#`|WLbid>_x}Afe$6s@%OKh-4h~QTACyG20ZVQFVu*W_AlOI)TOe|vo(n2JZU6s$v z%bE?Wu{yFrG`3gf^{MOeNO^*ocRAu20rM)%QB%Kr$*K4Vk3~w%f>#Q^>q46K=_+iz zm>ve89hRLfrcDRDt7NS#4HIcm>$@(;17cbfX0PdLlQtJP-Ic#2s+a^BS!&Jp*B1@i zvIx@@WnZZd?KtZm2JE1%A{YV?Sygc|N>Y>R-u8#@{_6H>V=q%#Yn=per$J$Y$;X7a zkWaG;gY$$3Ti-+?Cn4$trWl%c90wNNglFkcrKB-^8qKNSrfqsTs|}S{M!~;ta@dSky%=pIzb=4rfQoG zPAn7SpBx2dCE^*&F|i^vMcfjr>3YKX3#<>;ZQ$ z7CCT;i1ylUJf2U5R+EsPIk3;N!q8ck2HfF3(DPVDLdD=e6ve!6K}(o3u(#-J`masa zj@YjWKw-s|ql5jkPs$`aR+F1XoiwG0>Y6Do+GB##wZ?-o5j;v-782a4W$ffq*PKbcN}zI6q&i!y&*^B=Xo|KOce`w0D3+R&$Ne30(Sz`Qz1P`#JZ(- zxNki_H|(h7g%bTxQ;M@>cZIIpay#*=YJGL1k`l}xCHe6KTC?hCAJOc#+nsOU9XGo@ zzZ>=M8+@Oa;}2i=kFCs`o}aJGn_n)4{pbF8W2ejeV0Q z-NE}Hm_yfQ1KmRC#Zm0Wks6xcj~c za=_;y^S5Hk%nRs7)LaWR;XJEVn@Q zTco<9{R@tq0v`>*MdhBt1R2;Nmw5!cgM~$g+37Q3DsBFUdON;zvVKQxfkRzK;=se# zP`v()7tNAj3Vtt+wOr$F=wiN{22=H&9+sWYuE>(a&D=zM&7GH$nJV=LYds5MfU+}v z_LikYE`t*GGT_A4p5#|A1ufdyRZgI*l|KD6ohM$ z8hsF4G8*JdR@&iPjxQrtZl=^kGLVDFF(aS&WHj_{6-n9{FUqew$2lUMi#VCBxd`ld z?MEOGqP_qRxZ1|AUSLHd9Uw~QuGi_h=Hel9Baf^OkfWci_DV&MjR5GOC_2vm5AAPN z)d0+ij`?>+@dzTK{3GD}m#(2i0Jj6mTV?&lo;Zt`Q?ln-w;#NLFf&BpU~cz&aps%Q z>f#W@?3XXYtJbpJxLxL*uU_}^`4Qn{_y2TEc@*JL=wwdYSqQzIn^30-7Z1?#fh^#4?Ek_$*lor1go+O0&fiGBnn@9!5w$Y_lo_kD_+WC0MYjyIE$#|ZuJ9kY(#b+YBSgBauHuMg`{nNHiTxgu41ZuSI=EW;nlI|P> z+jK|!E6(xL^}wAu|s4tyo$58@xpMYKYOI! zUt9-QTKqI~LB*ZG#LYm%q#wqMND+lWv_@}dQ9qqk)DLY2IB0%GicjQ+UVYdR<%afD zbMO>C0I)N;x(b7|jZxSf$7dx-{@m8*y)e0FG5NP`@CZ|*_7O|VenQ=SIrIJSvD5Xn zwPE}*lga0`vf-Pv@4@?=O9tba{+xT1d^z!*h{1_^zj}KEXzpjnFJo(mhi`vKDy8ss z98qLu4l9*X@V-@2hq6R|Y0ZqfS*b0~STU#XJ*jVtavm+%rC@d=O6ZAG6}!0!G6CXd zFERd$8cEZgt3;~-$8V&wVb6uP?7Xrw=%GjMVJYwAj{bR5Q_elO6gz=4#X-#zCQU$t z$-2WU^m|=2$e1h^&tWOXYc#(kE_ZWKtcG8%$SuI%Jb-`}a;N%>uAk2YCNRwL?Eu&S zmQ~#v9XtKPSo~|i0@&&O8NCyyoiG7izUUoU(1Nt3EEnhidQY1P@sMAwsamVdEvsD)z94C%m)j9LJ3X{9qO&hyiN7}3^ zB~4_iiDl}v*1>kUb^z&;dm(o_zm&WC4N~)_5_IJ-Kuj!3nmB88#-oewzZJI+Bx8ml za|O^m5zg66Am{%NzW#9CXll6&w%7$(H}+&0e?I-H6q#!#&gCeoXq;@8cDVYJ|k2eJGsqR{eMkghp+` zAO1!nqKVN}tOcO6>EaVsob*-)|M>Q?^$3eya}H$6?u|n$-BIjE)&tpn2)dJXtUiHz zYX-`zF*z`Lk8B(X&IZj~V_f{Uo&}_!g4ex#$yW1=n2Nwd2Y&86=sOHuJ%-s{N;Rfh z9BkLZms164UDoENlDzwqE=nm>_xz=lg@CD_`H?hE6`8P=!1wfc^Z&uc>~wEIGguAO zHv1)#rmuGk>6MkyE1H1Nm17nIvhG#Td+Dj%*3dRp8mI#7tkL{oq1ksi6Q?8x?C9mD zGyxeW!vL}l27N$F)z|J{PmtOvC8q(o&JTvei&loBxu@aT^dqcpZWXB{b{I*k>PV4P zXl3b|s*O62-(jpQsj_DoSFdHneFn{8cd9KwP}8V(Ag~AJT*P`e>+c&N4vhm4g%l={ zgI#6pY511jblfC{V`oB>)w(KMs&FC%H)wMi6^6rqp4A0MGRE}C zt6oF<@1BeACCSw)2yDiEBPP5e#@#LCJ&fduz`QU{T>-B~lDm;YOk~@t2yFx3W2}ZO z%eug+%{u(NuLvcBB)rC<xtt zx)DL|7oYdPvi~Ryf&x`ZUmS5QwFD?z$7H`^E@hCut_)Qm3r^t)ywD>7n~DFx=tKpjXO^OJk~lIEJW^PSJt2heuReriW8 zw<4*^x*ltViGBx7veR-l3_W|FB4$0XBAaRD&Ukdx!J=vu@8dz6L3{My*XmQ?+&3_E`9|rXrx{-D{a2{mBZc>o=UPqoYlZlax3lEfKlreWCCs; zTw*s*V+!Yx+9iOOEVs`30oUXxloSv0W%YG0gzwxsY3-Bi04#!z-&XOtZB`^ueJTl0 zVNpdOQa^I0WxeY_qC~7-;=B#k560I1kP9m=~)-m4>S%=Lp0m zg7+$>>zDxT7x3w{1+=idwzi6$L%3=j+pB2iou(#lxu66!;(MvXW2ET$la(#lvIZvEuaE`uZ!%I6tVzcD4k|K0JT^h&LtDQp351}@Yhn@vFRLo*S!E06V#_ zrnD+gN`Nj9P5WCNQs8*n*@@6O5WlT8@pm!fK!n;Q=+WH+W}S$FV|KVNAmX zZ>jFVEh`Q9wKWDw2n92guLY4C4IhGd9FQ-__(ek;MkLj21h%@2dEv!rQ1&?I?hu^V zaTaSvnZdpM=mt z1is;%N~5(;MouAwL_I)l_Z7Y_5oD~;Xn>KN?rJxTR28FM{WvG`4IXp`)#V`#p}MKr z-LAN``Ax;0du&-HtpIIdqOu@WR`)sTFe!%zn3BBp|ZutB2wsEuVwX@>u6LImj z=&RFLo2vfV)*Mx%{Kk383f!Y&oEykR&6+zJqXSOjdqhm@>TteewfwP2PmmpxvaK-Jiivl_R==vB@89}I7%N)# zZ)Eh9a>}J$PKV=OO8HK6jr;a!0hTbU6qW9M2 zxx6L(c!e^^6@HxBee8S)UJTc1Pz^B=xHd87zyY+ez&(Y+8l8iP$)I`Eq%7|Rm_TRr z;wb5;Bt3|BDpQkL&tY<-9)#}JgGx11}k)Dk_4aq>e{y6a>^V-t?d zX6TEC@OCzRC4++|6t2k?TIQc~-9LY8sP$yujL!8WNdFLDc-C%TuUI@)XdXDS@PTz; zUj~{u9IFCr8h6DoDDhG=<=9!jWONdS)~;#cQ}B2CQ|Q2tL54*l;*SR7@4y-HmJ72k z;|cOZVME6|L6>m!Wmjn-OHao@C`*#y+`E5mFR|kYG|Y$(bMVa$7jeMLdrLG4v1{~d z>yk2&B{5Rjx7rI@lHa4^2tHLzOz)y%ny&+dZgjmyovW6_Npu=~N?@zlf2qk96}F3o zf0o+M@CgS`+rq}U%q)QEWp!fQC=JN-31TdUHqpzS;iOTv)6#5k*ZWgbw|5B3Jo{fWL*tj#MFGEP6tGcv@{6 z1wwmnFFq8PDnE9XoyhRmYIuIlyDL5RmNq#nBKV5px~UU8fgWQ06&g^}%G;$aO=Mda zn)m7--RRq3w_RtTx?TOb-Y8uf`D+syE?x6@8XZeWqA3)q@l3+|ZB~QEE#=y&Q166KN{B5RLPDDkOD34xYnfH0K`~{br;LL1ZCG4IN{QtVk3zIXg;0rb7Q(^6qEBKF z2T3sn1cvw^S%qCCzJ~Z#GKwh*nqCOfj996z5cVkFrGsobKNA0BZzP8;##RLNveb;I zjje)~Md9ew8flS9b=EB_X*daw{$@H2FNW#Q#P>}+_FOzn3Raro{pSWY* zTR3#7WMQloeI3*C-}%K*gg;7WH;BYUfL8H0pClQ&@ML-=i7Y;`Z5NtWd=M3h5MzOe zs<$4t)c$xtPAy*l`I17E$22RlO3n2-?pgVM6@YO~GMY+F)xTBi#_r@`o`!cAPhc5U zSUXS#Z{^V8iiQBu=AD7-2&}Wp%6M5Q?6c~|`0EJlHG`unXL6Mqn<>dm@>O%W4-3?6 z%r_M(-@^lC)TZfq4SBz*Gw1TQFfAD>m{(%X$1=QC`^%>uy0;2}zZr}f)c50OE8yi= zKTAGU8@P9E6K{*l%HOF~=YpCO0aMPnb>o+D2}0yAJt5z+f-APi8Sv%gon!zOI<#t~ z-BQzGd#ukEa#Qa5^=#nPT1}FIsPV>dA}S)+i*DR{X<-@{%uo+~^^bVG{@W6)CSU8L zpz$3cA@1_TOK9JLsP;ckgq+|gP~gWAo|4+Rc66rX=Xh(1=aL@r83yrRh#jD>^l zde;j4V$=tSrGkDWxiW5z(AnyX-a`~hy0%Pa4(HyJ&}~w6TuF=Ss&J(0TE|b zt)7z*5o67$Jl}i6Os(-e&wInRNtzv=?x3)%M`DU1*H&SAKn6GHbfK->8s)_bbWm$tt?iM2G^~9Hv^}PoWqswEv=KL+2zE zEV7Lj$6i7abyxsg4s;ascP#f+#@?M9cCyj7|L>^f9knvPG~&iecd3qD=K>&ufAD)6 z>Yf{Mdt%g?nFSDi$Ee{Qu3%62J^tpdSH#{~MBSCACwJ@QslJ#$&gpnJs^VWM_q?0c z@cur1F4y<&dnYE$sTeIr_b@$o`9ewIt@r1AL(JyTPva>6+8QwwaHT@Fo*MT+03V z_uWWnZOBV$-3fI~w;Q!p59O*v84)0Gs=Atr%o|%jvr`N4xI?9A*<2N8Fs)R$`vc4M z;p4yDtsBMNkNnQAYfAqL04FI59hloVi3Kvy^r(06U9$u7dgzPMbk{Jc;pYZ@r`GIA z*D1uS>k9xuWH#!Is%ipa=t%=_!w<+)3s7Ij1s8yCzNh(!2LpEdfPk_lK-mE7@V*xy zYN6oNWH!2HWAB%Y%@w;NlV;oiCVduxmcX6QPkm|4z4g5x3Gk1>e;Dd8?GoCMDX zr1(WtZFgXH08E21C?C99mwT4TI0xx}s@%&mliQjiHpZ_p*N-R_h%iTy#1nf#Op48d z%`G4Z&ctHBRB2%4~8s`$)6h4J@&FPKS$Ilz)|i(MQU}7ww7egHSbaBRLZt zr>|pgf;$i1jP%%y^eWcz2i|zU!D8R8N*d&DMkO-V?WPp#?9xW*3KQ}R9a{2nP>RR6!m-=hTlttQ&KbHrV-Z zKN4oTWBYP301G>15ur(6Y8;Tl*f!^y9zcEH&Mud)kSs$S4Kj=Iy{*u_`SicTva8Um z6!WBhEyuBXP{bk??xqDq+3&QuY?e<3%R=0a)t$s9z`3P>3k7FZY$ zSG-B5vX~O0HxNq%%ND#s&E%5SgLpZ$bgw-|vQ1Eor>bbWRHc1hlb_d==e_lldkdm= z8Y@v9Q&5seMpeIELK5T-iUsYKv3wIvT7Df+FPx}j*#d=_*|mYdBC>or>9m4OMuAPK zMgxRz;gWC#fwngP{@bWq9;PS7uc%s5Qn|yLMrj&+o!4~HsA(@F{cvyFRcZK58+|&` z+Gdmbi>@OP)=Z=#S4U1^lyOYx9GfTPNfBCGG5qxU*pLp#=5mITHm-AkA_TRziNnqt@#s?sC0(Y9zBG!IFMPuD53w4n%u%u@Cr z(RB{-vf@Ah$k_M=I3&i*Ic{9}NGRYQ*pVGI9vl8IC2suL-<~xZOEhc^=MRYJYMHir z$MAt$$Jkkp{n=aT3*V+pXffF3#i)mq)Rq*ZW9tOe4Z$q=T;ds8LqGZ)YphB=?pg)vc?&%+QrS(0m* znjHr?KA$TG9=6gNbfy-N&XiZX8RG4zjW&&X>1{nX720CrWJJ)03eg`9+m3u3E1>@Z z4n4I)tk^AFK<5)c6EV)ZfoLMKTYgvF88(O@b92DaqLj8F5f1|{PIFBQO~YedMum$p z2pd+7>kv(3#3>`~)h?CC#+410w7Pe)cO0Q^;5($3>MzKi^0?}@G%awouCkV@M#C(u z3G1_YQwm>lw;rH9`Hn=dfTidfj4{29tdk<+bowN(3l5cuB#6eTsK=1q?&4qi=d~oKrj9 z9w_rHE(@y$_6(jKOoJ)o89n=mJZGHBJSL(xmBw}74jjU~Z$s=`EVOI; zk8XTelz(sgN+24DPI+R*td-phgtC?XR}R>=QAf8J7K z`L=bkf6#ruc7D=R8@N6%dfaN)d9{t@s9!mJ>kyPZ!Yp| zYs2wx?6y*`-c}Qlo~>RPIWQJo=S124VL7g4mO_AdHluL>~vBB z8nRQnfBm&|I>J2|%7IC;tN4}>b;D}`ZJ9t=*Zs5YN7=S_LQ1 zfN=IzuHi|_)<@mqNPxoZN_!;a)0lGA3Vvq@bQ)U{tBOJ=VhKVLdcu~KH?`b#j_W^k z?u>k}sUVJ*&fBarV9VU}VrA4O9YF?ag(fIl;`&E^ap!tA7=+t^kfco+a;IQ!S$#xP zPajpC@z-_P-6XPiIvaR{&vPvAS2(8F6k=G>>#CgZU2 z+p24_!I=Gl8o!cflpKK_5k1QuO;`h9*m*dG%Ha}2Q~{&=ByjmF{zbqG!&HKa%{2YU z8e{<1lnr()13qe#nnARRENR!&O%^7=B*36G8%2Hi9}#Ac;b9bNy4ost0XHdohDBfo zyL1gZX-fgF*IW5yJ$3w@QB{sA_#J3(Getub%I$ib*Z5vij?s%#e#|IoCbPRR-EgX) zZoa(2i~fFKQ0!O-Oht@^20S4TQ!NyDFR=TJav@9O1DP){G3LIXuPy9+RIGZvcs+*~ zj|79XqAFn+o~>2zuL>?S5#bDEifnHN0xHy7O~Gl!AMq$gkWK{29gH^4_K5zzWY1v! zOUsnHq}#QqB2k}dw4fMPqn#C_2at%_V%{ld$p;q0gec0HN)jDUo&TW0Ar8$xLHD*l zlSu^I-;qR@8e6EMK&deKJ=Y>+MAOBuQ79d!n6sh~T;+Y(fV0*Ck3RXpeRjZ1oSZ*p zoS}VI2Q>^h={@x%N+wwxGhjLTqUarF{6_lYxFGzW<_-iVU*3SF0zd?QJAF@K0o!@gqU&$!s`{hf=+m)S8pKpbCU_h$4L(tX}ws2u%YLdf@TkI zcVBm(BHlgq+$4r?oi=7qEEFSVBCG%(IK*QiR_L?@Q`$0vT1i$krXUoj*8ZUS#tR7 zth>^|*tY>#?oP2lxepv&xQ$sBl$^#7iSR!YB>?+k+PWG}B9LQMs%h3Y4a0h4D>b*u z_;$8+zD6JC>lleS<sg_6)8`;+8gs`3Skyw$*!x!*1Pj^C^t}Abzzcswxf%Ox762Ej>rpf zS)#PEXYi)hSXcO5TGlhH9!xb`UPYL#!v2~3M5I3AEU*K!(xOvcJQOMGH>CQv`v$TFPWfB}&KAWrhp~ zNuZLodKgrsTujt@%xPN+sPaaFNdiz{p1aC-!sS+d z&@DK54iUe$Wa(EiA0#*i&+Rd#lb zS(kvuZyzpaZl=`yXIQ3dW^a2UYdNm?&!C%au#vfmwKt!+>5-^u>j3?mrPAY*PS&z4 zmeqAJE*@=f@2;vxzZcFL9d1v{3lj=`{sY>EOlL8U)kn3UVThxyN*x7l@pmM+_ou>& z!T%2Q=)f7AC8V@bUAwz|h%|*sR71mqdLpv1-m6OSNnvpUYtgnOp{#6_ZC?-ehxa~f zW;|U095j3Mc>7NcHyNR^z|kuAs1lg@Rgx)KKLXO9B7%-mCJBr{D7XC6myZ0Ogc`C( z7vw?1%*!GBEr`H{1B^@q39%^tCmdMmxz+8y+Q&iBqEW}Mq~U)yA^&I_3R~C-oRc)U zFk+sKSv(rCfE5@bSdpBsQ5S4*A{b$=Rwz(l&oPpzCAZFtEu0k_bfWG|$)BjEPalNA za=X}E%oV^2;c#Z!j#;=2F|{{qg%8cWkmm!XVyU5Yo8}d^26&6uaFvxENg50@DojPtcQO-3~R5PIDhf z;lW8r^zvuF`?Ley;!MBzHY>h_!s_&34*Kb0sz?gyc2}~g-#6oj8WmFqkm-09E4Mq$ z##J@pY!dxdmadhr^BH0~Jxbxigdu+;&CJs!3G@PG30g zF1#Jb7Y}|EbSgi>-a-4TW2^- zHcAW0o2RY@hZIzUPSi9x;`IkM<_+xH(3qwMp>G>YtMQ8<4=7&Pc7C*_(hSgq1Px8m zEIuryoiF9Oo7qEf@>9O?;_LEK27lWLuP~-qRVJ_*05w6!+{qBGb{I^QY zDjNM)(M?17*s189#E(xpD+c+f0QCQC<1J4MK`xj6^ZNO`5M;TxAQnl@^+^HfUo6t^ zBRuS|-|WSV4+?)?$zC1rq~6Grw5r(`*t>n0xe^1Fq>OmW9msihCLG$?iiSF+PqZVS zVJ}6=%hA~6a4<+&gWVIn#>1VVs3;jKc75HWm!1fcUPPyI=;U+$!W{FOe%w<9TvR?i z==pJvfTm~sU7Uq*5051UmBZyhYqM!eP(ljgl2WtmtzcB3=*|SMX=XP46RLd7OY=@MmwFSB6>zb)Zqda_2;sw^VGaCiR7lM31%aDiafTz%_)$P$iMAOi^8^^?*3-S9Q& zG98=~a`Q<=P3F7-wkM0QJ*E4|V@oBOkw0A^cOrZn>_-GDbUtMqz|kR14%@L6pWyZ? zl;f}aizcbQogBbgbcnI))ki@6D=LoY-0(kE&)()G(OUAy5od&N;^;vpk{tSeCx=j- z(D{=bBnTZ5En@n;hqGQ6tX3mw4yVUqxce#p8tSltia}cWgM=S>iQ0Oh zj$C9#_Z@)>pV0iTc8Bt1LkHf}8Q0FNe75(kLTE;J#k`BcK$wevZ7Z8hnfI;mXnG3@Cr@^tCAZ>A}55DQraR~#itrj!^p z-_rE!D^vK`Na*dD4VREl@i!zEzX5Pf+wS8A&>Asu>tM$4uah*k%Dmfl{;BPpHQG&nb;5F231B#9UGO ze7ZR*`flYd^N^%wD5rk}6*E_(gz;N}RPn-Pdpq<$HR8Y`GeS!z0}qj(uNw6BPTsQa zxeq_^e+3xHP^0yVA@M;26ii*$s}wGo8}Oo=u6+westUMcA|h@8$)=Uaj6)0nVXZ_l z&3=owChq^K0shDNQP5}PO5z%SJxLr(y2q32xS=2Tyua3)Rt_g&#NLM;RAXVUN;K3e zi2nkLd4@1C`g0a$Bx2_1KmCtkch;HdUfZvCb+;Wjn0O;(S1VZERLqBnI@v0AbSK(I zqD#9+MRo!j-3$#qrN@6j~7qr_=^<<~6>&7=tp#X!!WDf8e9Y$0$giH~l=|Q()0ZG4>@%EW` z6g30YV=tR6Dyr>o1_>s(3b^iIEfB^H1PLQ3IgaY;rAKO=P2ET|%^S*T=N{iZlB z;(5O#;;cq^I5B=yGGFDgWrJV*h<{md0y*feNd&#y0 zygX(l;oAr|S3ib?MUrrcXX+m@0%G$Cw`scB{;atfGt)2SN{eZnWqF94RO4l=?JxWr zOK^wa_o$oox?y`G>g?i}RsUuW&?7)bCIdNrktS5(Ht&ZNM~fDWLPwS=J;Vbx$A0N_ zghl;}Bb91&vts}wP@rl?&zTJ>$#-8OOei1B!5;8ZR%&jS6Z5jPBw2}XFVJAm9bT(= zAs|0d@}(+{zH2dAl+HFz-lTZsMuf*hL@09E+ARd^vAFG@iW5!=FHJB3mSy+gUx=>_|`b%SO_n?Onzc4LQ~r>hC==>_;R7NPu?1J<8Q8m0%t*D=wkzc=t0V*HUxXx|tRF z>ccD7BPtVWQeG!%hc9-6j6gKhVGRbf|GlN~#`h^d*5NZgM)#e(EfeF=x=oKUg_c#8 z|Fw}2WzB~L#Hlr<_JxI9KZ2pTsyN);>eG?Mpc9J-kkxo-PgQC9q>{j7(kj9LYQ)GtV2g#JFv;Can~*Ren7_v?Zed14Sg<*1LVklFN=`( z)@}%AZuN~wSdMe$Hht+2lw>&{v=~CHdXaP+fwP|ojv@5qL9c0o?)EL;81%D(=Kd`& zKU)#OQ~eD7JK+Onuftu)q?u;Cv-_FHg*b7d6@f#u?MU_esc$v~n~1i0+8D@{t?o;C zTOamaS5KK0Hg_lMv#ZK;d0?;u!rD7F?q;TT4iBG(mr$YN-5D{D*gMF9_Yz^V3H+XZ z)%Y~OPIJmrIRNc5N`RJGXX=DYlFNf-Ca*j<1U8t13_g;WS3bZG^16|OTyNC1bk!&R zToKASG9*M!!6K@L%BY2RT1;A3=4*(iZ>vLDv;ji@dyQ8+#%&-Sbcmdz3hBsVh;*=K zDlL`s%EX7Do~zecxTK>G!x9?$D>?R1!00m>@d5$EN6-xCNL=l&a8S(fAhSD#-e%$; zy8&>B$Nc%8Q`dQXSt)86w!h8-y`gX}S(!6) zeyy!hKo65Pir?htp0O^L-ScbqJK7z&s8IS9)x-8G`m)P>V2v4U1*fR zY<^XdKq`pUO)wGVZ;jEuQRjNtn3QmYwcp14cScTb`ymQ9UWttLdm`^kcNHi~ncyJb z>#VCm=sq58yTsj&0V9nR-p&CyyR7ergM*+1pAI4!c}efzMkNSIWBTlJpb^3JngZ9z z*MGPpA4)<(%NzxrvCf5GVL@IGinZql^fN*Co(!D%2X{|&?jM^}b1jPyu$tb+&@yx~ z8-{;lA$sUmIx zk0ubM>M*iz0 zwyO@~wN_Gn! zus$LSY7l45N-AQ-l{U`KOf=eaVw&T`S-h(0zZ`tWMt_OjY?|HMW#x3^)^ym=P8~Atm#~AtaiAJ<9Ak`;cp+myWlj~K@EVE+ z7)oRs5Hf>;92>Bt=NkqH5&3V_s)itPh;MotzC=O}Np$r%Y8;+Y^6W5^78q;785?;a zPhz&aq7-PDP7|PTj-+)fV1e2j71B{@l2>~W|l^yX| zQ)x626wc4xNP#R%cRK8*Fpr+xTrd6r&#apXC;}d7f}rj6;lQC^LelL~W;-fKG8IBI zB}8o_mh0yJEq^`hbV zADLadI7jC46i*`#l4Nr*%Cv(F`D64^yw-Vy=v?S7p$Sf_>cBzMI7Jz7KqS1vf9$nI zbzqAHg0ns+*c)`lzhv$vg8_wNQ%q+INU!K zwnhKj!^Fl#kB)bHYv+|hkJwjD#5+x{SpF9{^)CC+AG(#S_0>&>j$}HKs43rqdJA7* z35RHbv}!&$oY4jE;5Jv5*^qkY1)5O*_=CrZp|!W8tD%p`hl?(ZL}DtbrLm2a$Ktrj zQQq;g4@(4N)=@q=0YRp54!I1#e?C{j6?h<N{VCNDt236>Z##S!;FD8)IyEmjJaap>jlv*nPxm`a+&)kQ%zBFSfVJbKO{~b#Tw+uR*-O zVrUKNULqNf*$eB*^qIUYW{!VDHs9(}iQ32cME ziZ6XH40yy%xmm8EeAHFr^c+@kwf&SjWA%s%=U&L4&lx8m8p{iS5YL1usP0PV`LAl;4}hVN*h z!hXh)%`(CIfFq0^p+rg?D=9GQfqTRMFO6y`sCQRRJgJUg?oUe4ZXku=X)+*xA=2;} zKSI~BpCkP?=!fGePi*^Z*S-L`+`H1h5`>t5VU)zJP5BDc9~v1Pn5k%lnHXX8857T} zVr0PBFnyi0X;uzvvCYu6owOO@!n@ldgt`<6?PslEf=RjCMCgQrV(0*b`uBgPPq~OW zsAO1Fh~UmIAk?w*sG6FDU`F0$zQIKA&88MrAs(5bB*WLwJs|{gfen&?)+(t?>=;W6SY2?QM)~Q9f^Wn;% z%FTsLO?Qf&(UU4Hjy}Ax`Ng6S@}hV@Yh&Rst-FL&pRX++;jiimkaonJjIF)t=ThgT zk_KOJNw%&u>ZbPpq7D)Wb$xUnKtZ4AYgJqRixw@YHU$nhLkS0;ru3ffm z+qP}nw%KL-Dce(u*xgYO^w5odHJxifZTM&uwPcEq~Yx-TtP^Xd2< zy<|7h$1=M{X&xU~DN5Rp3GY_NcIiKhKnpc@79VB@*^UnE8^1(3q8x{$dDsrfwtNkW zQFCK$r=*{^bCTV*qBD;5i(^Q;I&r(2P(O#+uE;)aPRN6v8y624&S1D2>b&oP#kBx?9c2=Ei=o z5zLhMRs1=u-wPJ*Z|4~4S`%2-)@LvpKEZcS0!gXnE(WND>R)Y z@+nzf#jX{mi0#$?L)Mnu%l=|dp6-W}lPGek?3D~j{{NFTp?T7ram~f8vF%|dIQUbT zCBYaUl98;V!-Nxr+B#6+>Lg|U_smYmo%V>{+FNLn29=M*=_{kFfet?>JqveW{IKVD zZa-ae_TDgOehwV_@$hS3eIkiWJ;UgZr}^e!Nw$W6!Ec|e93|I%C;4%vHUg%yDH_+E*Ib6J3ifD#n%hT`crJW5GQe%AHwN< zBK?APDe?$w3pz1FR)W%eJAxtVw&C^y>ZWK)3LUpova7jp5iF@zRtzY=Niyevmk zwH4MF`#|wAqFc)9s}vgR7=Wc;?-1OzXl#zPBE*G}(>^-eU5E%xf};PbQ1k!7R-Ylg z5C4qfOArL6ee-9ni!9-70Kt?Y#MHzmx@{6xd`QzSL6-8$Tc5~jjYtifGO#(yK)mvb zQ3~nCig==P8mHPi>^(ec5E=eCIsj4m|6qt zAn%7{gPjx(zI_rYPJ7ExEbC|9>GP`w9HEn}>4wC#5`w7_C7sISyrrSj_W_0mL}2Jq z=GWJ;POo{3D2GBGCgNgiFp!1mxCHa{@iY4iwkM{~u9j7rqBa(*(t@{@FJdZOw2IO% z%!jrnq3NXu!#m(Dnz1$;hIN7oIJ<*(MotkA%q*L&d_`HZ?)gW6+Zky6H;)4YGc%gd zGToNb$;0wAEB{N%-v2|$3jX(&$OYanC9wOy+y4b;I9fmG?V?sdCh)%quFn*-As!`C z$MwHdZmlXF<=5SR{_wW(+oR+lSY;dhDfB5-ea4v*-a-`isLijShDyDx#&r%7PE|G z_0qUTtz#1j+py8kI0e(C##AYddx+c(0@0(A%Oe?ts~*x1k2|jPyf&B_7Yn%vU8kvP16qz%ZBS$qmKGj#`#3;&`is$W* zriL^8lQlP3EFogH;*&{Vc~_&#i)rZM@jVPE9pfrOy+Mm0_%(S2_BCgV2~^vkgdC0U zh@*?rL+WSll%`M6sV8pu9TfMo-44Y)WUTlv98TE!U~p5>p&iR*?anJ&1v~2oz>XP zF)ev}mGfs0Q{9)Oy3XyXZWwo|H+n6jY0=Kn82tRRh>lF_L8RQ|yaM9NREw{qjB@ z(=u?9e4qKJ|5)gC-R3&@WG{cZhw-X85q3h4nV*dCEO<^1niB3dM=!{eI0ZWb%tZ6< zS?ZKp+Z$-k?5Vqc(kWH0{~>jiz1x(=4j#`E_x)dIuKa#IYB~ug6?!)&rWZ_2YzTrU z`eDC}^$`J#vPz&*i3tjC-*^(S(La?qtr0dDQzUMA_V6;}BFW0H5o=+sS{bT*do^5n zmHtXBmdde{7}oo6ye!A=@GC4;ge|-V(aj_`4iC}36d=sVgvf14GEA+)&6#m2Uj?J) zZIXKYF0Q3BCoVx+3f|o5S>2rJ1aR!n@;bCcqY*awiqhvPjrj~l#Lo}@j%dGKueZRN zEC-SAY3?o=lr|_J68dO>=I}Kr>9sig<7C*$7Iqk^NwdVMw?b607mWoiA*)>4^8IM| zA-ID@wKvF@DR0y|VZi~NCV|UZFh>z-8u8m;u1Xbe3*$>R+68Ye$IP3K*)D6L|AIv% zWiBhV75Zu3NkzNnMnY-+ow}z2s_Q2E zEF}$@BHN@5ju5J!OE_B6$dR!H%cF%&iVE#{X+_2)7C{v*1+QZGx^P$-*gX_{v%d(+4HK%Z zhe2MY_AP;hn*Zvr*fjIVPo3=3Z5UeJ(NHmxl9=fBK|eH0V;gG;9b_p(tP?_es_31# z2eMfjvSnPx9WpHBdL1^9b)C36@Y>B8@Zn;qE)z#xQv3?JRj0p}DaO(~J?J4K#W%rz z6U0xfhO%dv%S3~~`=cPy1B--(tLItZWVV5nQ^j;~Ii_e5gkdl}ZKRWe>2;hEH)AB)$oKZvJhy$6m$+ z{EUQxPkhug`b{KRCN1T4yS6^3nEE`odk_eiTB^LLcOpScYbAq$2HsO~z6A7!IRJrC z3y}XkAT#mDiXag#0CwYizdJJ#;G|?A{+U1YDMZ|UKK8LiR+GyY#w&dK)7s^5AV%b3 zzyf~v3%ldrtH-Zm;{YO5-w#s^cvnEmkTr~516wpo;T%W|XiOU0WJYqWUWf*#DIF<^ zCAQ8X|3A9rEQ!gAH3(`2X#jMOwhsT9$;%0vUT2q|?6iFKk?-p5F!$!>-?WIG`f zmOXZs6!Fqbz_f>KX#WV&#w?L0)%4RkuRT_#YXw^r3c_!Mo=9WxxovDK2%IFag0cw@ z_Lv~kW1T|SV!JsGbXW6|L>|(muoIF(eZ`<9X0~IUwzlBoA5^y>sm34^+3OB_Rt=(` z^I>JfMB+%Noe>DAnZhwbX0^ez*Dlm$RGK!MV0C)yvXq$z@4Vvr(+2Iu)txRDYAq|Y zpYACm`rQB{D68^W>)FgNQyZH$jSit7vQ7wU~+2t9V!ibxfHjJT^nwWWLr*MqN z2VzttICv`)eV(BrfsT^N%G>ELKOWy|s)L~|79y4;Hw3ul)((s{{H=S{srh{sZ`R7O zi7zLqW0mzPOhKoMrL(6|DUt9CM(CZ<vjz6Fm@cVXtGAVEtOB9JH4A{m0Z-Uqy8Z7soOlPU7ir_I z`)96wQCHaU(nEUrBtWsoCBi0K>agl(^1^Uf`k2c?jSn?CfJ6f3x>rax1YBo7 zE9Ycmu*Mo@#*L&ynuJ8gn?P+|y&pOQz|p|(g;LK#!t`^I_J`H6ZaVd`!htGSCt;B@ z>j{O=eT4R|dao^D(Y@c?eDjX^)uPKDTVna{sp7{4aT9Fl+nY@afIrKSiBHsG88IT_ zXdJk76Y}la1!AM#e7Yg(xp1FMEQU=rs zRTY!yo9#VfsWtLkUV`&S#!Fyw+;kc-v)y37i9thb#b;~YH2OqoID76dSkCW!$ai<$TRom&(0h{C& z{q#jsO+b|UV4uqx1f=X>P+rGclBE6t=9FyqAP(lqP?pWfOyjeZiEsWE~YnPVz~Ev9F;A9DWzfVUc!O6ltBDiW04aR#UgzriXZ_3HI|T~iPV1z z_*Bg!KjcM~MAGeKhW6=oo_yZvF;+eiM^B9`WL~N_umcH}7Gg%&lOl&ZkM#y(1&juE z|8*urWo$Kot&O-|hR_QAZoE7SiNxOyj#TbYn@<`R2jRFpWsSE0P^TFkO~zCBMP5PIdviT_f+vd2`?!kU(Bpj|G~Ev z$HTLd5Z9!iAo_LvdC}-t@F7C6VAiP-NUq`E;8yp?3i&Gs%tF+MF#NVu?ahNWjEv%{ zhSh?Hb#~=@%ae#IIs>0sJOD zWZSv6j>a0HO7s?Pw96Rny}ljOw0a9)7|ePlGv;JyG{hF$fSk)o@y~6F(EXA*GN`*pbox7WK6$ z%!F2pHWObF8CR{&?YmuJBIN+-v-J|bnU#|5vM{M?&=n^Uw>X>eztPAvmU^-@s{+|5 zU0AkA$r6a~6-F-blAMvJG+#nV!WoVLFZ+r}`x5Oot#iA!%nOX@@$uig%)E%D1u^2S z1Oe+ymy~(kFKiJ)Xur1QFc@?)nAIyV&s<=_^yUEH0JPY03s~am@4RxU!?YP9c|}l@ zg%);5>MF^gJ1Q1IjQ7H3d=*a!z0wHo9gh z78nj)L}+gbtKaFrwdkTytf2r|A_Pt(1kmonU^*#YT(S}vbWLZ;M*5Rb)A0ETIW`xN z1z{M}%Y45Rex0*44gQ&2v4(G$p5skKCTL>AT)*|tIgTy|E}UexZ6ZAVV6fjLqI+z#vjJQ<8>7)mCA82k;us9p4@h$0l2g~z`eZ7V zguBfPD3UyY6w2I*YsetG3Shl>CF0;$0RdOn_KHa(H@()Now;*hHd05H8$`8~0khoY zjo%w5xXy5oU&>kyo8D$USPwP4O*&Fel9U}v5)-01KkNEN3=?j;68Q{j5e)_qU;*RN zJ56LGypAgWUgQ1MV*;$FsPJZyp;Pry8X}O!_ly*FHfb~<=_6tNbW2vz6Cdg%0Lmac zz@>999=_miozk9^#tuVLz=FksbTTWoSk7!%Ju7-R#xaKTQX%pb<*D|5m$lNGYLiO6 z^@sQM#s7WDzR30K>J#}-lb|dCm1s!Z*9wR-uQ8ihZ{Rk}mB=yKG)WBo2?*I0FuZ)# zw>d%AbBpJ^<&oO2PVZ@pX}^SL!GbGlk3+)4`z`oF7v%!%ucAF5H*qfz90ID;R@o}e zpJSk`&d87P&E)SP1V0uU0z_E4wbE-vqoVh-jlJp~Pzozs>J4r#~ z3kB*YGKq{adTQCywD|@N3goH1{M1Aq{JX?Av6KoN!h9a~PyNK)xM^~W_(DJE9KXfX z=5}5o({nLccb>rKDoL976p3V(*=F6!1zsU`%J%ylkG3^5@S5~ZS93g_`DA(~CC#{k zE<{DkKo2~&Mn%mZH%!l4VSZ~^7a``t3uCpAY?77kIgXHgkVC{(7*KdF60PTM$-}kSR z?~jCsWJl5i`V3hgoJZP)#Emrx(L+kNAq|k?D*%~gB&4N=*~z)`A>B@K^A~#DbZAwupH8NVBP%PkEFw`f7RfnrZorxfW>-DC z@OWVpZ+Np{9v^|@U`@dqQxZjLbA0_hz!5M-!|7$JIN{(#`qidTE=s<7yHb8YX)`T` z^z?KcIEdOl;L7Vc{ge$BSjFn%tNm&r(a)mfq?m-Y>m(*T2j*4o3OoV;{Kwt`_l*v_ zxkEpR^7$2K#rY|arH%-4+48CtBL(=9iZ1#DODTZ;g>sYeuj49)W5N+@hu1YX!DbW$ z&y#c5IFOLeQ|V*bOe(UUnmkBWOXDH;t*@rws7j)5_(Ov&$m+1XhlBu>{lAWX1F7t~ z`p~5UQ1G4}1Z4jHw@5WUU|af5-q1Nz4pf{gwijdl=pExznTv75q|P)Op}Zj$B-uj8 z3Z}SeU?Lh+bMra&FmI%vAekXvBBU6+Y7#cyitM_#k;QTheGho-Oyl=BKt${?=*_T4 zWsE`%Z;@C2u7?+Fhwfk$9xsS%yPb9WJ+K0?UG(Cf+uzJ|a2SK%!;u}-9ZnIGx16|T zSRAH0Oz%1+0EB6%rc*?dp8l8Fu>%#V!$<*yuhXEK_!$n3n|XPU!(^+fi)B}n1YgP9 zjrm{74J|zyWTNCB;Q(rQe=DsDFNp~_6i4p}e#qKOsj&>pn2;`kv5Wujh2YlIF=(R_ zvpn3f7frevs&7kZsogeKsfIj1=m?b5aG^OG&ji+$Ei~Y?fW#2gO(9_ZUVr~`X{p3PV+ zq&`jHg=dX-YF6NZ5AzQ9zL(`5M>FzQs8&|*ww@PZxYzj=K3tY>h$3|J3GzM@+kXeGU}w@8>qf z>`V5Op{>dx>@peRs{SIzMl0*j4&F;#KfcDsce*W)2EBnzw|+}C`yu!`FU4g5{aG~Z zZB2iUsFuPc*N=ceAsE~S9w|++yw-dIR@?imL>*?-3C_j1VYAQ ziS4Y@RfY89EM;>oQ)eL+c|LUdL_!!7+xRW1L~fz@ofvlJe#HA^*6vkQ#?=g*DBYAH zci|wDm{gLmFlpDPHgJ`o|3MNH=-I6~(@J9x=U+n&-ku*hd9Modc%A;h)W}WhNmwi2 z>sFgV0QI;i@;I?LS?_bw*@D8lYnxA{M9-LaqG9&JY&&;^S`3~crHd4CDm5Y*TwR-a`;{ixlXWGn+i#4CocV&>+2Oe?$`Fpvl-qglm=d0(k}SlBSX9ortStg%n_c(Z-9mx=9v{ z;hX(iuW%+d-(RPknjS>iZt47g=e4+tOD`8Slefgsc{Olh1}14~H+tbmQj)&D&=T?M zO-C@|{AQ9GL^(d|SsEfh8hogbIjb>HVrRA?Y z;URUTSp`tay?YHSpKGf=nE54JZL6+l-{D3yhepX%iysCt!VO)0KLm(l0;Eq_g~bC& zhpEo8EL`Wk*X~md4>HimQ(lRe$kS`NRp+l6`u4Lo!W`|+Opz}VHgjgig&@AiS4k%C ztVIg0U1wrbRD!%93B-0Tkm}ZtzP1r`ZXTCYTY$yHjdDz)Kb}yl@rHRJVV1U<-Nlz+ z17aQu@wiXgz^X@)HKO!56LQJxEZqL-hV+K2f`t`vW)QiVje0ncMb8w86j1Bbbh#vd zpDKptkUioFwCFd%_ut>MgT^~!Y;#JaQm1S;rA(y$7&jqcnFGKznt9ZMkEeYC1I>^r zcC4j@*rE>pC#QI0yh;Z-i@NC4zvk~~IqoJd$2cTy>}xFeDi|~@UtT~NS+dWV2>6U& zlYE@H8FVc=9`VX?ejO6APG6nKGTK2lUeaS*WJ2(!SQ~6^uW{0Nh0=D7npE3K{Un1M z5yKtAGzce{s46*5dAlF!i?y2kSi<&64g^0|y8K~?-GKaK1NrL1>=vN)QOAki3dVvl z^rX~53H6=${a#V4kEDvN6P>#SAa5}RXqywx`7CJDa%g)pl(6YLECR{g6kG*@W<*qC zvr6v>eNko=0M9|5%M5ihLpxk)kY%a64N1EQ?@xJJhlSlI(&<6*BCfh6>QSCHCwT6Ou9N@bx z7Va^cY@@2_ukaJWOrm=*dvv9m-U2K|>-0OgvYn0AJx}E)`L)AJjR`SDIoG0G3SLMI zsE9&>8kc&2!0#6wM4d&fLhi`3uZ8qMT@OmdgI>P9n3!(fwMl8N{opcz+lcOX^#yJW zS|d7<#Fmlbe4vj60rog5Od(VpQpMkW<9IuujxRYZS-rC6#AqzlZPgert0yZiW6#i` zR)?XO4O}>eRs~={zNa&Y0q01$g&_=>U+!Kfyg2!UbqK0i%`X?Ta!+TU5W}3Lw)*!K z3~^b;4ge)LxFzRx#H}qsb&+R%NT&WyW_zOdwG~|8$V%UaOq1Vpi{a|VscrJb3HCcr zF&q1##9j4A6@RM6n3H%1=r~Q+`5X(m3P2GXuBN(V=Hrp4ABYqQdzk-ELc@S<_8LhAAT^&>gttsUnX?50Q8@Pr6Ja~*f02e zrY>(MDjn&1O}Xe>objdzWA$c)gRnh~OR-3Qz8DP_yn1?@RimE3)zc0f8#uSsdR0OL z{dTP76K^IKj!s@FYdqFg1H9PVb&XLxc3#NpSmb@z8=QE0(iMZLV)sfKp(jsa-jb$i z^Ifu(vX5p0A?j2C&4E7g)99&D(-DK7!!PA{V?Z%`-mQktYfeU64-!97P-({5-6>7f z!&F-HE_M&h`Mbe6k13&~!n@^nlBz_thHlojuX%QsAc%+<^HMmiY{ZE(vrT18q5DVt z&F>v%rT zxKBJ1Y-Px+{1HL+WVb}Hvs@Q5RFg9?E$5eJ^A)L)snNpxvbaLsh?)3N zaG1jx_TJXmYb8E^9~)9_g>?#VK8{WGydq+P*Oa@PgZ`R-2&cl5qQnXI7kOsMOz$5! z$iS^9EH~=QZ{IYsj%A>Tn}mNaWKyw3LLd#k(VXipld|oG()iI11GXNB4QgYf&t*`- z@`1`O;LdbsJ`z|{C-37bEKnEMdX_y{M|`AN!S&aj3sU!xud?0AkHto+u_TZ1;Zhlc z;iy$BnVG9CFTb^m*|Mc1Oe3qBr;*}>L@jL9HElqe??bU!o|O+00F||C&uPY=K+2vR z^wn^1CC82xvr;le&5UKaq(BV)qa0Y(xyEI!&6qFFti6^s$~k;%7OpBtuJ-8?d-v`cgxYaL!L2& zq;&S5oC_Q=7^<)zYq{IzIr6#+nbxr0;aQg3yZW_A*_qiHPS@BFl!(7_X&A$jR;JsV z1)h*dV7T9GgtXMM$EIPdf(Hb>ma#LJVO@coyEixE$;jqW0zUuh=FA`!+%gs`UDJWi ziXwG2p?v-QdP=vSaNoy-Fiy}T)geKgJI}z623J`E`QRJ|@J>=PYvoW#9~qm|E<&Q3 z=AIKr??XCUN@Y*6XqK;oIKZO#7(Clh_KS(*vlR z7*0!$4}B2J$tOi{`AQ_{AE&F;;OF~TGS_bu{#6ckdFU8q@J{w%CGpLqBLJ5zY-*OI z63uw2SaZrDUa;wI`Y`^A5{}r|$GfikaW3n)I2@#K*)9a^?NDjjdJE~XL%{pAit|W% z;fP*GQdJr7=sm5!OwY^P2NL)$2yUi8)scbjLRz*t1DP(fw1NrnO+9-2<5|ilA_cgd z>j;M0Ln^0>50nvRUga3A3rHPuUMbzNT9cXIxm>>0v0ZlgSD%VI2`YO5iuxLOC0|R$ z{iUHB*CGuNo&l^!^?>4`;Iyx*;W4b{Q5vmhpq#^kO7oaF3C2a|W)44tcxiJnC`?)_ ztd(6nl@$^RfnAI)>}49mI|3EZQlOO2YiWAB)(bzn21<6a__5CqXaZOC@$pLxpXr6& zaWe0gGdw{O!Fyf;$w-xfaCp=y4%ur7v<{vgl4H%xB1I4Fe;27_a(nc5cJ)n4s?aO2 z-kw#aQ<>16jT5EAGYwYgacCb0LS2|dWX5)I!$H%yUjim4MerI7kuvaq9g8$ZgvaIv zi(xYi85A4IR)q*vgi`=Ng@(k&f?}DYVlI9G9TXVp%!XKaLpo%ZvVzaJ+m=*$Ke`U$ zM_AB^+c_9)DLBlaCj*rf$io)usP6+2AJLeCV?Un2(2puRlprM3G<_(n1r?(l^}QAW z6@kiE@vJy^~lNIwBI6Yn^PxZ(MCC)DNHDE*>-;#~6p$zSjSJ#D2Z#-ow6yA-Tv(9T|drD?sH( z`2Di~gB`ULhl|iv|0A8K*V`u%jz!Fd2*efAVfFj9A@0o2=jF$AM;n*rb^9TH~Eoi0Wja~j3KGfGeuB*Y3}~?JzLP+DsBD4FsDXRAQPe93jl(gA zouZTdgdLpgrD$BhTa8N>XH9)DLGZ~eWv zI)2Yb$8`c`^}TqB-f*)WNn%r5(8i&mP*;0;Gd_2pYrqr?es#1YFfG~|+v=gA>W>T( zVz!NCo@0AW)2m!GB$sQs@UAUTpW|OoL+6WCQ&RmQBXLmqsDeA8zy-1@oMf8Ajuw@c zk3_#J`bQG$xIHuntQru+63hG+HHEkXX5O&aa5q~rK!j_9)V`k0J^w&=_8Qlpj@Icm zkU)A9t2OdUFWOB;W=!s4v}KmR9s|{DHrRT0(E$;nwXne3jVoV^xnuwG?o(MxbSi3( z8#Tt(4WXRv1WG~lTF}7HSCnCY&7ohU!7Fk1SZNWc_682+C;j%Pguhm)g&DlHkfuVZ z{%IKVdDm`+0T!6ZTinYnX_fMIU2L~_#`C@u?!3_xlRcY<|1lFT`+QkB%TY2N{HhTY z2~fG7jTQKq1~HEm!ObNNG^z%|>hUiD9ohK1$Pm;=XClkW7BSsgYnXu(nedHl!(YysS`CLyR~mr_(zcPuh9AXbY^Y@^pv55q$Tj4#y2PGmdyB@cVSa7RV{^Z=XddUw%@$f1 zpD%g?XEpLk?80W3KYrw6OlHN}5WvD2gNfk`6r(M0Q;V<&MH-SV=tZYMI-}KB{~>9E z#Ln;2uI3HWYp2YHBEzKob|svyi803=LNaRN=OtH9kPEOZ`DBnSf*uzGVrI} zg+lO9-ayHa5%AMOl7cE--wmud)`l-4kaCPqr$)Hb6pC@`qJH;s)wy?8#m zmKjE2@oIp&G_SAJ%LFixv4XfH40Ssxu9j4HDAtyjQrXd8i)!5aHAP$Q(tDKr$QdA5 zly=4Y$08fn$v z=jLp}gnAC?7R;>5TqkshE?Ei9C<Adei-b#VAu=Rv=~*=dw0GHluUHF(E=9pgInA+X)8^wrZg;Jm3xOcPqw(D5 z_;OQ_^!qBl{o1iJh9r&gWYENwQM6bc5nEH2y-`*v}-E@r$7&_Jyj8p`eG;?wZ*$AvY{ zw=p#VrH&lTFom9{bSyA4CuosSxLD<34f}Lf<(_dJs_Uh7u_aSznR(7^lh(-XE<@p(cp2|^tLsppcj7|?l;z?lK4^42!V!~!!L*5z9z1KwyGfKIT1$Ybs(%Ld~ecJJD{DW z1am9j3#8`V9e`kEmqf#I9#{W0&vmY^`X74=YdW+v0rsL=I$WGGJ|E`n3PWpW7B}0l zP)lcC@v5b+P|GSD=$;$8*6l%&+~+v0hm}>8r)IeIoHL!T6uDd4WIl$oPxdW}4|aCG z5LPqG%A}o${d!RS@G}@)8S(O=QauhJ@BId;F#b+quteHhX~ezMLw7=Lg#={2I|Z>{&Y1f0a4AXJ1%Y-FJDd8tdhGrCW>acSnvJ zpg*~18%fL@=IFeCLfRY7hq=ncJKj{0Sy>L&({V5|>q`!9;uO(4 zgPH&(#rQOMeXfKcnDUWA2N;>v7IaBvmKlMX*ky2VXe@{^e*qM>4M;`!H`o%UEU{8Q z`&LkMvT|Gqr9t!9rgq9%#v_OO_uY-fJJ7y|#si&Bj6Ou+kmt}IL>hq(=fdnZ8U?Rg z<>PmzV&%Ei@IpWW@C_M?@}|6%xm?9t?^&Dsck6aIX56S=^+u-n0P`>iOCqy9#r zEXZJ>vnJvi^v$L=M;%qAAp~I9yey_{W+}YivdgvUG8?L{_^!yPzmDCxc>{2TrGB%e zdZ=fAd`xZnDn1mn(wZ^D071`9Hsb9feYTWMwf?kT=(LB`uXYVIWA?fgN%8|0f)U6r zr)Ga)T6Se}sw*{K(Cr@h^I}PVHewSQi2gO=G9MH||Del-cMaDz_t@E6$x1H<0wiv- z($UwWmH$`)N!?1tRIGekKAAV0=gKFuLUPXuVOyD)7&jgLI=PD{1*+(uO0}{Q;h1!8 z$h#XAtG;8cA44pfcpd%(G04v^mH;t=mM<4To!6IbNly8PY2O)F{*XTIj>p2D8T?<# z))XgfCS`>%SNp(vfU6`6=Y5j!Nu2P~X)PBZiy#sJ1Mi+2Wa1K-k!K9*Mf4Mv zHkb^pyESMLrpk2acy4v!KsI$5F}yf(V1DIXP-kuMFDHrBIVTFBvO;ulYo;I;Tzk*Axm%WZCeBafnpUh~pkwD@k#hUFta6p>E2m}XNIZp%VHOra@UQy4k4RCB zCc?%p7s21s`zS%a2<@hN<&y0Q{yD-96su2pt1_%D2y(_1^0z`DDb##mPBz!zio|lD z!{7_-xsV~MCoPI0i&l%5xsWu!Z&`r)RvRtw9$e)bfBJozu+e*63+-qA!3GAs>Rlj5 zij`i@lg8LHU1JxK0c$wW^Y=v%ykFA`16|R6b_*E(3H6*{y88)d(IYfi^yfEKi^gWZ!30kwUNm2 zS;k2i$rU6f{u)uy0y^CSI2xgLX7UXk7eD2w&YBE|DYP`NO@!OQ4R_-rBKABZqCwbP z`3Yjg<`=k10}m$se++Wzz#lF?s|ajtmf@}7mWw&elvg!Qo)Geu(?j0CB|Ce+c=!c8 zI21a8VEFStqw48Um=*G@4Qb#9O8Blq{iL_rM0UWN`I}j;gxYveeOI5eHJa(1V!Q!p)`gRCc1h*vHD5kHt7(SHn4n_vXrB*D2xEtMl1HKTW&)Dd1|+k(9-zWEO*)#V@171R}~JcL1Nx)m-@b7fOq}4 zJb@oUU5MK#@HqkvW7w^~-mT^=4ees7yF6;~4I0DjSALD#$WlR;8S?d$5EO~DBU~wl zV4X923j`=RiWb)@T5a?><6t_KL*m|Q-V#rFhzZrhx;Q|l5nw#O~IvZ4z76^iH}tut^VPa zb>jL#1xWsi3R)~&L4n^>1uFq%&UK36aOrpmd=#LW#3ta)mfwV;W2Kd9gWY)dO_I;LJp zP5}cvew4l!liIN@rLp_civZqa%8{`O?~OiRT7n^+ZBmN`P0SiBd;!7k#eDec2A*WM zL>QiY7%HJ~A^h$+$%+P3E*pZ5=0Y}n$E$WIWXlyYp<3|YtFah?!(ta7Oy*EL-^ebc zxPn}A86&0j^Ic*aCc`=QZ+5qSBxt}q#HcH2mO{aqs>?L;+0rK=j@|@}=CRcYG(6o@ zwW+0d$hv6LK$d-|0m|?q$vm6sZ>8~{JfQq!z?TcLv7u8CLNemNyUHA(H4y^t0Y@m9 zNIYewug6VT_-aPTL}5A-RvR%X9-b^Q1Ng zD3L`yNqr};>d1O}Zx5^BF7>Kmb8)zEaiFd}{VtH{R`=h03akT7vf4Z*VBfYt+Cw&v z`9Fab&wW%MsZ6}at3cGtNYBa_%f$RQ;9|1;?s!vt$n%4JT^DVyc2_ADjw`5jyb9(X z-H-sh&AC?MrqB|m3pC?QJK-~u$@M61DGpWnWvPPSJQ#TKDJc?+lur#Vrhr-hWU0bV88x6nqB9Jq4j`!AIWw2gA66s~H&?kr6k^i1}UU=NR z>xos!h&Y7IYhb7uF2nAERK`eqB z2IM}RtVefL(#KBGgQCY*>fky5d0jR1tCI4Ow?O^ZKDYFX1=nxX zv8`{L)4uFn@Xo?1{=*}A=~Qjj+>};pcQ`DtIXUdfZkB{PcobhYs$fKkOYGaDY}kMo zEgJE_O@3HJyXa?8?Ci=$#D+AIwX6{qvqfjICuu)Gw?ZEpbTuQgNeQX?s`_`5P@sFG z8?@aUGT@&|G4-mM^zuSkPl|$SuaC!trXVIYbQ?QmzuHicR`FQKN+$z=m{92L%Rn8prsR4Se{89_kvO3f7vI z>qYb4+6j9o`caVC;&?{H8dypUe?$HDVAv!gn=x1teu^(H5@41tePv1RTNz5{2-{>K z=zo&TV*7LxJR?SB{{+TCSx;wl9Mb01hgmy}H;E@)SWfnvK#^{orfcKKMC`HEBMAC- zQDP4sXE9%nP<0)LAfX9l%I(tm-76N^4v$m6CH}p^3Y)*Imr5Qj2~5^2v@?{QDAn=} zw`lM=-{iAS!9xR2Jt2-zOI(m`NH%B%e{mUUElu6CfA2VQO(}QJy1fLJq15p(vX~vA zGe>l&k&;OEKxm(yx}5rYq#9iO;*k_A+c8*az-+87D#B#>13X%V|B9?Bip&z{c+K!5 zWi5ff-FD65+yH}wGZXxy(p>x|UYM?_CvGwQuBOn|k7aXE}k%jxu0MIIe&iMUPrcC0Oko-t7YP0b3@ z1J_uMlym&NDy#wzDYj3uz3cZ>zP(mPrcc)A(R4m2=)GZAYJXX|PX=yZ%GOtgEY!F4 zD?v*sI^JLaI$M83z*+?UZ<)@1eHYiG)3^S7P}pH1id|Hl1vzXIO+~QL6+nQTf?En= z-^iNj8imKy!ecJt>gD-h-qmUSaX4W=Eq+f}`Z#Yb+X$_(Ezn0iu)hSs4#=9uKTn*| zd-!|zbRz~~nwZ9d@Q3o8Q}-ECrKg)8>?ke%?@@B9>FYULu;)Cd^dvS7&u?a{^XrRN z3?_)FhxS5X4L|&1KrZPdc~JbBxU%$Noe~0B0quH6|5?D{Vcz!nPq2l4K5Fl> zrZ)_2>-li8rM?OlhdY?N11t|dQmp&k>E*=}bH}i^>9lwE8IIVhHF6%S=YC_w>1N4H zlzx}crlpc(0rq%`4j=h#*v zf^@sH#q%cREWN=+>_GpYP`K%R=7tHkhq?nMu7gCE1$M2K~|uKWoj|Zc=2D3&boj z9r~ySdZ5K`<&ox}SA<1z^mr!nlHr@tC>HGb=49ckuiN0s@>T_n?GHf_~*yOOPWS$gyAO>#{6ua9Uh zi$;PlyyQ(!U9Xa3-IiW^_0216&1ZbBhTvLG?GC@3OH{g-6T{=)7L%1CTVuag#)I0ZCYc7r7Ewa}R8v86+n5&?Z;y-;Lm?1(o7N$+kNc0Z|5SMd6xGYB zyGCk!yC9YsY_SJ8)TbtF+1kml;Se_$c0iSGi3)b_aUikv3=SG3#*MJ{?%(Z~M5Y3emBFlYlFhC`&96pTJXolnqc}Zv$dWN%a+$G8*G&G4^}xe1K!A&cGhCS z%wn?e=!bs&JI6a}NyU*K(Y&<6eqUU^uI@GL^ zRWV>hVeUR#7p+P9>Bed)?t0emE$+%wkHyj3D&Fo@)>-<6J15(40kFdBZt&q=)g7D1 z^e)~>)*UbP_?+>R@x#2gbM;o;Z={RIH9#AUT$x+%(x{xU5pRWBufe(Z1Yp;}y6%46j+{_o5z>uTC>P2`t% zM4_5d|DGv#8?}~VgU?!ej;t1(Cmo8mr&nIuS$l2U-tjQboR-|a$U6xiZPsnZMa#>C zmY8?6?W|%JO_YRHo~&>YxvFryGGfEtnLsge6@4HL$PE^EW_1+W`rEUPz%N2Jh`OTs zMHhGkA!LrA?)`_`05oLjOP2WW$LK>j36J5R_hDpR24R{9Sk%r`4NYxh2mlKwP9b~O>?6`z;_y3-2IoDpV5 z>CkKR`M4yR7{|WMTnRV|qzW4z6fsmLT7YAk@>uHnqwTYGPZ=r8iHM?W0wP8q$dxj1 z>DFDD_yMR9%t}~^JG=iADF@d0f%uSVk!YSLZ8XDLpDCRgJssxy{PJCM| z(+G1YjR481q@GkzLrR@miw^}q6|ykH|0PZQ5JL~kt_wo5jAosd$Lg^W9w*|_hqEBi zb8RJ94d;6rJ+LfB+kw_Ao3Mb~|lI2U^%yW$E zc>(KkA%=r~11GN6? zgvhpPwu)%NZaxlDweRrRs}ZnsqacEE9hwTCz&yNaO&)$Eau zC|BjWU4wOVlXr1@L;i|w?vBhOg+@*1N~DyJ0Di93Xm_2v^$ikiF+`}I^F?7!6!sKw z09>hEK>y!I)1l}fHNI!n5p9JMmm6ue{%-aC)EGXIjhyLVt9Ei$L&fjQB#9Us1on`rlS zkNjX1c+E`~o31fci36}LAr6lZ((~n}@0UD!xDD)}LYjM7aH}E!>c8#Eux$5k#~iut z1MYffhi4ifR4Ebh(x9!ermJJWF|gm=y9^R@Yq{Vi#8qZep&a0u8`;j?#Hk(yRC!;4 zrgVBx&0gz5KkWoKUBgw7*_Z+kQE6RqPj1<@+C{rZ&`F5)Ctyrl>!h8b)J-SKnga;$ zSrad8)Li66f$efjK6oh)ix%sT zS04~dwzu%GVNuoNW2wg=^NcZcjDwXAPy1GBEQ^@9+9!y7g52YYRYo#wIrS^h_*F5i z;)y*0e!Qz0cKz*xJ@+evoga*nrBPBs%x+@@vafOugSy2UYO=)@30c*C zQT>Hd==kkWN*G$3zSwk%86zn-hcs*R3cG{89-~DwiOQ$6E`>X$!)Y}KqYOhI&EGCU z0DUL@aB#bWZFW^{q4 zqLaJZ@86%AiGfqs%~hjE;4b|7Uh49ydW%mrqCG@LJLcR6%(t1&RIfo(+fu7Ee)6g_ zW!JZ3DqUZg0CgLF=xnp?4BGON(o`2UeoJtBd`%6LI1?e(nj5F z!S%A3O(T&8YTUW?m+JNTED^Kwl$x#@rA|veE3}a6JZ3AFoGZSVP#G<`W|1x=JEu9H zL?T<6#U?T}P2)cp_A{YbJV9bqHMVwMOjndAMo0R@43nb`%(`mG5t=5p%ryAH-23KG zt?(d%`7b_eG3A+|{@P}Zp4wWcfkPoAY0UCOtj+G;+{xW0tu7N*PL1NyGqz8qM0Dm2 zqjXTLoZ%7-iY#U_fn?DXI8kiZF{+L;W`4<;G@UiN5*)T-BQ}|D%G=fbV=bd;K5NPC z<|-4}L^GN43^+ba*uc3UCwj@awCJ%Ur8=_4G=RYpvZ1o>_On%FyDrP1g;C?&>nQTr z(0R)d>@ry(ik5Wc^kW6Ee-`-_wEg{!vsq?LHW^FpcifS+o3i=YhV@W?qDt$2S+m*g z2@vLATHiuh6QIypwZ`5lMHh|Cp`68Vg2498N%{>rLe#!IDI`to{~DIafhoKp|MP$U k3%1H)dj`jw|KH&{T!-s${Z6j`7XSeN|1p11vjFH10Fljf4*&oF literal 0 HcmV?d00001 diff --git a/assets/rancher-node-exporter/rancher-node-exporter-100.0.0+up1.18.1.tgz b/assets/rancher-node-exporter/rancher-node-exporter-100.0.0+up1.18.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ca751fdb61d27adb934174025dcb343f93aadb65 GIT binary patch literal 6734 zcmV-U8nNXciwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhciT3$Xg~8;>?>ui?KYw$Kav@($z9iV+|+9l$IDLJ)0N5b zK;)K$ngloiC|h-We*0N?@G0uyN1f&z^Mfsdzy|gc8?OyPSTI4+VLZeRUL{;86y1Xf z5z3#DIQr%Ro?frld$GG~{`Y#l`u~3a#qKx#U7e->@@0Sfn_ho!x4-)h^d6$}RZl7v z5#RLgT~{5sujC<&aYYp6Ob$GNfG862u^$knBJ?TmPG}e+8$e5m6kCm1xEw%4S$b9a z>f}m)4p1mMq8JXqr8ehdBu1H#00&@UcVf<{;)1eqN6w_exVfOf2#Lgw29VcLm1vJ7 z^k)>3ayEcz-y=zqzxMsUzwL!613?pIlJ?<8jA9718o-DPNCb~jO)!;Eg*)N8&WTcq z9CW*5swU~s4|v=yN_2IJ^IW&Q3!GhY5z2wrsR8Sh>hU^|r^kdcMJPjI3SmrWG=MQB zOr%4~|NmGg=vqAhON9KJuEV5EWkh+(D8Xr-Hl#8pBDnCDQBLwy1ZXP06`IqWzP+B` z^LyW=N#F1P)$e;>TIQdg;%T=3Qxc^pAF2abZvXqeo!*PO{eQ97d$RwJ@wDMJjz}6Q zusp9>yQ*CHUK>74s01p3z_0u7-gZV@#6&3!VMHU;8D3)$5rHrzf|6l`5)_9aLPDg( z5GYd|W;_+3Fis+(Q2L%Xj`)y7t_M;P>R$lX=(`4<;+RS$W&>!oJdeg?Y;p-qxYWJG zEH_}?mfElMv;~oAs)qv@kw~IRB4J21XcE08LyY7Au5ZkTQkUCmS&|16 z%z8AFFhn9yeBc+zexMm+R3r~L8_}_WWRe6%8a8EPIe?F!95CJL4>U%eD%}xC&uh2g zAeD;8^mha`K}eI3C_GbwC>+m#jzFUFs;LF_PkE&4_{n_M>@UCD#>M37Cq|}(Mw$=< z=zE^PtQWJGx8WCrRHh_~W*{)&af~bk#+4RUnP5OiGYFk#XaUAW{aL0kSC-oW;nLgiER> z5K*lX26o<*=OEKyqN{&L8NEn{=)=)SD;9(tE(xn(QYw}*i>)$^8}TUOmz0eS^oTN@ zg@nJQ(tM9~1q=g}l8D)JgTKI-Pc7?$R75iv3Sww8QYc`fAoYgtfW}lAF>M1tkfa0H z?)75#9%F1&cdz%3It>4vqO29@&llLy1v2g24+5StWy_oyq$x_coM;^pK;W#B59EZW zQK+qw=7qvg8y@p3S4eH?&?pG-k-@eGLvhVoi{sJA$c{v1NMu22E2)7!2V&t+31eia zMLL93QZ}|cNTbMn&kSPb#nsG$6B@Ton5UeDcf&MJLc?^bCsiR5`U5?vV2~^o&R}Ot0z;ZfFxu{BdRFooFieF{p`Tm zuV?2Uj@})5o*0tAq#LqX0y%>HUrkXs{eJ(TkXVzmfjx^#pYRZ}R)RI@HDI|LtF=Zj z)IAX8-H->e8*mn2qGUHQCA$d^I~i>|E=}8gnH*+j)-@=R$$pJlUfURf5R-_{tUjv= zQ83Zgqv9>QJQxB`m84-VbAjz_o}1poYwI*BG-U-!Z9*m}&_fm`oU%+7+HiQ4aA{T4 zDTtO<{W{@N0Yi1k#f7I|j_q%UhF2zQrN@MXhZ15f`O-q^0#VS_Kf8i+<+a-epq8W` z6ih5v6erL9T|-%(>&5WPMB&V4kC?EYCzdXLq;t?x-I)zqDcW`DX75k zb*e{*XE~UoG2?mi;S~m{8PvH_7SR51C0ViZYzNZ}O43}nPF;mtn|Gr58^84D5`#c)X-k}56(5~1*`3L?n}JBoL3N&{86 zB3j&(AYi)xHCtJ7L%hr%fY--ox+fjcaViW3by$nMISV#qWuK&NeH#>0GibI(sPAw4 zJN~ZM28l!j6U@Ib+4to%@G~NWT#vbZydrTDq01D{{E$iCmi1*i8qq7S4Lot=cA(5y znuT0R$7aLy0kpPTl`I%C*{f$9=QOZQ>@20dS(Eqctr%Rs@ zH5tI)v!CvZ$>~1jzuh;1Bz(`JnKj^_?LeYbO7Mh?iJdAt<_tgUc75On83R6lPc6O% zr3OBY=r|@xW-JU)41JAe@zLRyqh`OnBT0eY0vu$?Gb#bF$;(RzngnflKSd#QH>^2O z^xwsJ$*5oUlI311ly+ooO_uIK1Pu)ST0+d&S%cJFe?Ww5dWo@YN<&IIVK9!1L2TQw z#Eyhrj&3E#pzrVcJEloiYD^nkC8eg7sxC>_TqAO^?qp&uT^mZItc!QMCQ(+HYE(L6 zR2>wQQhJm`6(vzNNKAN`D?v50Y2}xmMfrN4=J~&TYNmVq{=?y!uddWR>R7S!;JVFr4X;Aalc1i4gEOCQQ4<*Vi50IXep? zp>^ygx?14>Z0C;Mz{6Lw1mQ-H5}oZke*gOL{N(-VhgZ)wwG$Gk2*#+O)5#4gTwmvd zVQ4L!jm-16z=xX~=y3Q=a+VM^dDXi1WrBgPv&xUXPkuHPchkzoL~_k)vhlgCWvhnC z(Mb&tU06OmHdJA35YfI$D*b#6sMFlbP0O?{m~b=39dx_TTpI_^a20L3yc0)Vy&12|F;lNl&-fk0q{mk?8yDmR6!1*!}Zj!rUnKAV~Iz0&aKSDr#Z z7+mT;*p6Hco_eTQ62y%%rR6k$&gGrBxKVKN?C|vGqk{%U8u0gK<6T-;;r+&S#`35{ zPoJ`}X1V4*O>Q>k7+;_@xW1m_r@{Q@W`Qi^Q`~E)^U3?y=g0f+4r|0S{`&(cK?E(5 zB(K&lZ3{kkYr?vqe`nc zC5@5^ZFvA0L3HyvBQ7q92p@nb&oY|ZWd_4T7HY2C-u|!Z|Ia5FB`Bn?k~=R2uIT^w zc6Rov{r`5a*WY>S{~zON!>QYop~Wb~5oHK1yYP1I7C_F0TY76j$Jq=z$}NLky34kM zG%nfY#S%f88bRwXvfH{704?YB-(DMjp)BN=63)^@OR(o%Uw6Otveay{>ykzhkTA>_ zcC@*(`#a3shwZwbdpgSyBYx?UOEV%`+b_Ae(56^IkgX!PIZQiEr6ycr8KU=XS2wdv zVDr@~T?x9SubX9Tl{eUEYm!YPnX)<|n`~(nGc!85m~Ckt{yQa6t4gf}&5&*)slsE4 z@f5`Yj}sygT7U2R{oPKl1^z*4zTf{xIz+dd#(zVV`)S}ToodQEADwe)rY5dy7Q>Xr z1GDU+N29uLdKGJh4kkDNLva?2C@(%2Z2FdHt{=p11H_c8e-O(6SeD4>u&`o}& z>(FRP7-B$lza)8#@Q<9hmH;C&y$zbFW_d0XTqPF zS|GWX&B*pTVp3 z*<5O8P8tiP>Vf2Kt)$+%frTyY{6)5E&}_Z85xnJk_QtJS!jMQBWOM!NbJG@RX&;3o z$>0`_kM()H2@0yrMA!9oj;dRc)!&_DRz5p_&olD5Zk;BxtF$I{`NDQWivMxaPoYYf%Nv$yr53 zYgM(}kGT<5BalUU=(w-pyA5w>>5INam)X=FMeo z7o^Ej-vc@CbJR*zu`KMOdC72a$d-7jpZn7FuLa`sUQ>A&OP+0R$Ez(l?^Tsce+JfE zVU8w1#$EG!&SO}YpH03-lT%pRc~`V*ZcE-g`|4$@)U5fCWs=VAn8<5w*eOw({%tH+ zBi|eY8x~!QytKL)n?tCh+61Iv=8J{Qgwitgz$-ROxn=R%rta)EAJQ&GWcAK4k zY0f5RGS4MvvXZIB&DtKlYD-EW1?MV3bc&;Ty6zY&$LZ>yO+mXK z#I0RvF>1haj!I^|wyq48Qf|{st+Jev_Ta@5`Kp#n1Xn!Z(EvUil-m{2DKeDuMDQV2 z8!}NUd4sA>jl}MIsi&^r9DyXHk6vefu5VtqiUSWd-73mY%e&AT*)?aas@sH`En0b} zP`0yr9(3KrH9(%vQr*;cFB9pGOV*8ILo*iUDQ}^x?Vh_`yBn-UKan#qhvF$Y(VclBvj=C(h?DNKj8&O?NlhTgSThd~2$v=h$Yx3A`P`x!{n~Rk&Sqq0dwSIYW zvkWir-14tYgU2Rnt&r!%UD4N|DeGCZMu&EOfx&*Ooa-rh1Eut8=98n>PGxJP&kyMo zqxSp|&OBrD+zZFC7DnydLTSdKaXs3vkNW4F`TXcdQAcqa#H;%3>y5B02Ql2|8n*f8 zhSpWkEgz^@gl%OLKqJDX#+COYG`FpsV^#C4`ZNr#YtC7Il%OJ<&JnHTZFbX^mM>>r z-y2)ti7lr zX*_^;=JfCVFl_b-?&e9XgHe8PrHaz3f_LNIyo+!LuVNjnY_Tdz#R;3cBle{iME;jO ztJeSWv&Dbd`d_d2vbQt0{HlLqb1RE^)S-;?E}l@`AQZ9r{D2GO(u9M{&4k;U_s-_}Gun##Z6TOn z=ANfqJ?v8RbjUgdmn`i68TK+10Z2S+)U5fc8nrC4ly(f4;BK?cEk-XZQVUU4l�E zT2=Q#K#P{hmjTOTWR+$DN@25dIam+IIvXF>k;zI(uA*QqQdecmz`8J&?N^wCQ3@AU z5wkpo*m{~$29qnvi-x(Kr_n|8v#S43WYTfxX9SP%PJX~j|G&Ro>;L`znl3;|KhLafX}qw;1g(JyQ5$5 zAf392KQ-_=KoV*KrO5$&+`ub^OyeUrK6&MpbNINC@G#pWVxoglw3((ThH_wx+Q*Gl zVx^?nzHCPscf$4|P1`N?e@I!VUA|kHfff4S?{C-7f9~{lpW=T%%5z`+Ut8Pf48`|W zl>UrnfJf+dJ!OVq33495yb-)NDl#4ZhCwzNQ5jRYEva5*68SE~dVtZ?lb7|CKWo_k zdxrsEHUIOn-Y;Mt zp<&l$L%I2ikcFjLpG43pjc{C!_uYn57a7$C&BUn&fHELa5yU`nu59dL5=H#-B!hF9 zXDb8Dg1!q3Qx+1Y?EVYJSw{nc?;xbo04iEks`0r2GE5a*qKWd82tK8uIWBG^_(Q7EjQ;0 ziQu~9#V}8?tD5<1$S>I?5#j#HQBg>%fKe9T>&c64%35WKo4 z$GsQJ1|5hg8$h-+5R)q#sClmvyV-ng!wHI*n#jXgijb)#AZ3<|hJ!iVOi1%fj3OJJ zNe_tzuyLxv?z7p3nQ44WS$dUKU}VFpJ`gE2z3s_g69IlVo4ST!0`ZD7Tsr z24{x`*5bO-B#AIarby&QWaX^yQmIUKOKY<{lTUcI;Rh~;G&JGwU94?`tBFDE=PNK3 zV%Er+1<`)gO0$h%X4eai&>mdL#N%OIu2ubiwuAf+T>t6s?!0)4|MP{O#x-6y(D)Pe z)C*3;kXv@KP30Q9*a!3uvaZ_RU(s+lqX?;%lx_T4hdCTwHcbeLP5gH=@KSijE!bpS z!KUf==5l9261TQstGZuv;pv*}W4T4u?T@8vQJS#NKSSvdR7e@yVu{FyZ>+d>Hfb*dD?J7ltN)=g)GbAa)JzoDUHk!HX*?U8KcZ^ z|C2V#rUW^`D1vdshjzmeW#i{&6NjQxG)ELl>4b$|8yLEyl$(jb5xv6DPD1>jEg#I` zC(cYs-6TlRMCL@_^IxBxpD8ZTYr_GLW6t2`gEI)Jke)xLs%!q*=6n9|chNO}vxLdG ztN&!La>}{|pdkq^(gf^%2H*PfGV#9khvdTh)>m=jefwWt8-6B&@>Ign>qF`JZjQ+F zX^5n2^9laj*J#a}_5b}Z$A_n94^_u1{qOf{@t^v;yZxv5Pml7DBoTb-E*37|8eG0F zSm2c68l8j+{xPEWJ`pC0bNes}1{;e*t%LjQO6w(IwQ?7n7-+|u`F`E5pMt{pU?OTRrn`VY83!7!4~;ZjhgkO5`z zhTHx=iPG_y3?p=g#WuSfbi3MP_T^+NbC)0{jEqtE=B}eRsNfV64o7Un zJ?~%t`d7f28EyHtn_X~tPFjuSD9Wdwi#z-a=i6StOWGl$E?LGQC-ZL<@ zQkV1N>EYYM{j)=Ji@~Qxth)>EZqA@?*P+^*748STM5oGKgr7FsmG>oHF|Je0(!i*oz3W$khN)$~6h}PZal)C2 zBTJ;@0X4VU8r?4978|TgU9uds)~^sPZ}v*Ep^8h9C^l#RE1_`pFT8VSf1K$~rM>!sy*h>Fk%LvVLX%jYmP zSEl5mup!~2z5LY7A%EKRyQSBy=b9BFW%*50Dc zVQyr3R8em|NM&qo0PK8wZ`-)C`2MX=F+cSbX?tqu_zV+ zEsbq%C{jyOPQ9-0XTKmR$&xKQPScy+;)Z`D7CD?5KIXyUNRseyjIxnP5qC6_ST%cN zB6Tn&G5g`$lvbJWZH7DH(EG7N=;zQJ^5Fu{N*j6iVEV}vwOS|W*ItaYNg&E|;eaXJV>5jSasgi)nQ zv&6?*1}8Z??N%#j1+9OkNh|0CE$^>h<4vVT{wIW`sJ@{BxI_LsZ+6>D^1t6cXg$gQ zW0YrbghP@t4Q|=3tSmM|;5~z@F;zen5cu`*^kZWvWK6Wi2!@oQ0XV{t5s5G%l9B;K z1zNxWAtA~L8s%ERRHPC##t9=DRp5CeCI*CMI!7}!zW~%!X^bJHAHMy}OH=-Ch!5uO(GD7JpSCDy-gLlE$ zZ;L>t{80Tzp)@G0r8K`!j?DkaAd{)HprPQJP;MQAqEi(iP2vM^~wl_tEeQB z=$y0Zg%J8ZW$2Vt?aZzLHA>YG`icCBEF?-pzGjxTTY~z&*@}2vM0klTlgZiK^R!?n zGuI71{pNXOIHa8Fscqg;|JT_6LQ6N#&aaLy1N~V)%*Nd1|9AFVOZNX@uYK@j{~x22 z+~P4&FhJyBl`&%&1<)H~cmq@`aC#U9QzLJj@{v(9H|YRF&7jdJj5Ew;5L`HCJ~%6C z=W`gLHWI6#!N4a;5}4kSqwxo*Xyzv1-7*50&;7r(5B)utjq-mzMwXydfleNB6u3kF z_d2_~OY;9_x4riy|Bq2-v*s(9(6|c8k{#~5FMkv5oTlLyAAOmFLHmfd~Tx0Zag}h;cL<&NYG6M=K z9AlI+=gsJ`P*}$3txj2Hc=I{gh)U<|Jf~YTc}_slee7L)``cOk8FR zm}=u866-Jc$A6@R`O8yN%ZAFljLL#4j3+32B2LUn&;S4JpuN{<`4IF-LI#vkXFn~T0cx_O@fQIh%NA2;AvXf8UE<@<3E`3TvWzXtT|^rI3f#Px$6Gq$ zxuSL;4x~hQEfzow`Iw%TSXIb=qe znVnExbmyYEpp9_T5FxkfFix4KCGRf6go$a4Tq~d)LJ<8*4OvJI^z{mjEW@a3S<7Cwrbur%A3@8s-8rA8Gz;IxW>wy|K?dWZX<<%^2 zHupPMieErt!pvCxfBN8G`x}?Jmd)H{?yfl920mNi`o>%k9Z!cvFuk5o5!yDWR=RwF zKT@G9OHzv^CY+2gY7C}To-SSdYI#ZjYS-xhMA_*7yAV`Nl80Re+!_CWv*Q0B>^{Z+ zAEj6mIU$Tj#zr!#H25|g>VtoB_Ws-lKMRNY;M;Jh4}KmFt=M!fG`tuSRjBT=w#@^t zj?~Md-;huS{t0&+FfjrP=hqlAIt1h3)nG4z(U$(dak>#mf#1u2`|CJyJ3n>aco*vN zgoN*C7?X+d=@v{F`w&4v18&F2YcT*-=G3)1*ybz9e8ns}>7>wMGF8s8H@cT9Fh(ek z*+A|CYa&OeOMN3@+(e-PKU1XxD2!vibWDhwGy#9o_U#M}>FAUsKD=0G12bD5z{`4= zh36N%eCaGgZI}TVRnnpXh>8=n97&_j!YiraymRF zIvjs=lx+pT*B=Yl_1}D6TihgPER|;66jtHx;rx9KhXDC3+u!csb{K|cTF>saGivOH z&BN%Yj9p?VQL6>3%Pp3S7Qd31RrbN#HHsc!B3K$@Y4#e~PIiX0sLn0xDM`Ae%KPs7 z43WE4uA#a(N0;ZeG}tPswIO#yuC&W-*I<#xVr<|_vnHb&g8fqJ%1W0-UQ4y7aSl{< zp7IfnwN5Gxr3vYmGfm1RkwS}5ur6Hn`lU9vdZ%WWts%FvjHbkryo6?y;S{Iqj*e0X|!-9Nv$+8(*}%(g}S z)A{8+P}5{<#J%&gv*X^?`Nh3vC36b5CGz3o{6GEc!;i-oSC`j6{<=M>Wsj|v;37Ax ztX2xcku{doOuJJ?uoTl?%Ek%uM4SrAnv|VINhF<6h9iu+FeFT2rFC7J$SNdZOx*T! zWXCEbEIZGx!iJ@5obHksMN%ZobqzTD_^~nt6?MCmtx{5DwHHmbI(%hj%Sfw0OKVmE zT#I?>yiqYlc`8lGnlF-T?rC}|c{*#RqH^`O-E5TaA~#J&8E)ITxX*T8yOnKT)|udD zqq>0)0snv(lFUYca2M&GNnO>g&#m zrOv}GdJe1IN>lwe32$#a|0U{ykzZHtIRCZVEBPM>d;3rMACFSX=RX%|YEIe%)FeL! z_C=JZi#iYRYfpoXL?z$gbXR8_?>2N}q4XK*TOn_%l_&jPwW5D=w5V997SE{*hF#b> zO_jbVDYqSan*3Ni4nmwQn;NHt)mI4aQg-yn|duhju}$^Y)M{qMBi>^;5z|0tz4Cu3>1ejnF=fAvg$pJf~Qf9Mh5 zF8P1c*U$*?>vpeca1=_{m5uCm_Zs+e#uH?T zbSpQObvKoji_dC$!NczA?|V;wkM*yS|6q(PrXwySew#gZm;CQ{4pzSZ(RuSE|Bq3g zL7!-i(!J2;R^8>94pPdDpAQKMZ^#H2-vUu-VkHUG7#V{R69bn&L;2`6NMuCQ34%>l zThtRCdC!33$R)16NF)yF=lnJN|MxP0bIzvrn+%C#2@XNi1)>27Z_>oR`>4EEfx1n+SHXbX zc&`E-C*G_7_MXAdL{gC|I5|32UXVy(JbW*p5t62Zlj3(Tn5a-h*!+%sksA50W)OY@ z8h6P5?rv-O{%3!0ul*$dk5OjN8=%mfNc9+Fybc8uQo%czSdzB z=^X96c1@wAnudhgrnkNJVf!#|vR`n)nuc2GPeVUNhjf1R~uAJQ<*#sqhpO%;wYCV`NnCVtk)mAzii z;O%gGX0)cq?74l()qdmP-MiALpU>@me`#)lybgVl}$9cfk4QY<|l- z@Q4oK`8?+&|E$esHeOt04=>9&W;0mOad==}VAfPKJ70Y%V$@?y71&%D*q#t8!xfA4 zd=4+NFG6H>FKdT}q04FL!lzkr-{g}}(+SnntDL`$!?0b3B-9R#<-CBl??*nL&noFD z?mI(W@NH&y35{*E2}8?NdH$h^9Blr&Jk3?2x%ai6@Cmn z+J=6CZd>}Lk2kGn;i&Y5r){_>BVEtPn&G-{L~S)#w`nUBmWGF)wItW>xZwsr6cTQ5 z3Y4#fdcB6V*$mvf2wQPiM*8Unt;(n}iaavhJfD|lWs!zeH;~fnDtC>h3i>UFRKmRd wxPB|+_hTY&B5}+8;u}=}^WVIuz|T{8Do^F9d{z0M00030|F!$C*Z^7p03wWe7XSbN literal 0 HcmV?d00001 diff --git a/assets/rancher-prometheus-adapter/rancher-prometheus-adapter-100.0.0+up2.14.0.tgz b/assets/rancher-prometheus-adapter/rancher-prometheus-adapter-100.0.0+up2.14.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..189cc0c890f3185caff74f8b442ae224c32d9ee8 GIT binary patch literal 8488 zcmV+@A=lm?iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$a~n63`8>a(LuJdBS2HB_%&~0ODYBEeHgqRI-K~rVE9m0(_ zDwTt7cS6-P8wDXxy3eSFX;U}OSgmmZqW1YTgLv%=@R{aM&b;Hbgx3k~W{|CMPTL0fg z+JI*`CRwb&vOCvvEdwG5yh+SQBz6;pic$XsV0E*D^BN~qDlr>Cr{j5KJf@7Q*#Is+ zdLB*4#MBX(a;a7Otk50ZgbKk0Mt)?3{X?RK-CrQ=0E$cstqqW7aeT~U8qNmrV*HA$ zV}TNx^1PT&e!?@12e9jTPPM+qm`e46DHLZU9zZ|wJpBdPF&An8`@6e4p2v8ECm0)5 zXYo%3<$|i&QB0(KWi+4eb%$OC4`<-B7R9Aod z+n3aQi)lhvE$@jeMpM>Fcrlhk!+-(2edld}uSWz$`9B%zx(_afLyh%t_~hT6e@dR< z&}y@x;q5n_j}J`W%HFuX=Yw?sj~@rGUGCGTCfAN$TP`8W@I$K=`$cP&PBI%>v|MvG z(uYEhOv9cvrH@#q6T;d4WoP%A-ZaQyw*$V>&!2e|r^Ga|t6$V%oC9b1qIPn+zqY;b^8% zuE4~V`FFk69P7RquANgB@$&)fB!#UsXqlsPD^Q!K0BV-v0FLZ@`Qq5~RBUDyWMmW< zwwE^52k@tFEcFdI&PFi};ph;?G)7QUqCnCK(=+=N;qdr{vtvAfQ=C<63VNoErBj^c zmR7B_+vW+4#%s3MUdh{lLpIa;R}dg#k|n4OAM^V#|7oR`y*v+HrQl0B>pI4QH-W<^#;GE zF}8IV5^HK!I&CN9qUUf~-@(>Du5_5PZaK8;0Gj=(*PiQ4Wjx7RmjsgNXBN-$g^J=a zid;(GzSI3QLMBU#RgXI@iz$z6R&MehmJ-%l`mkvwYi7JcrL|ad8AHcymT|d+k%|ay z%uoguD3I{TE=~-%|Kk~)n;O~(r9z7+l}@H3-NuY(+6n>^8{b;oFh{9BKeL=eH~>ROYBz$Q6`+Lvn^W z8o-%eZHjfml-=GkEu?~v$S9t{IkBrcy^1p^DW0pr z@2QaLH>##TT0q`L+3H|nAF9{!p1Gyn z0Cso2?e(Tkf0v)XJ=pI}*E^^G@#&KN-+cWdyRUwJ^ZX=GAJp~QSaSZ?+uv@S|84jB zyZh_?-@8Z`7sWaiIt%uF^L?)l1OOjD!jwoDAu@YauxORtA)J&-x=&r0-o^_<$_Bysq6q2o{2v$EnzAxD;+)YBA&jxx3{5 zO7cIPVw|Fofl9A)6tqPCcl+Dh4f*f)cGlXwL6p71JK$Y(6J{vL$|9o6z)u? z1OCU4reH+~?3qyR4$yiQR8&g^WoitazsYXrS^%_!H2>DNqgg*oILT7ILiW6ii|!*Y z|LV4s;he^?w(|4cLeR?;d$Mob7tC&e-12mh5yt%7eXcApv=Y3fV3$<}wvlz~3GBE1^y~5XP-6x3_=x~YyFjO}K z;rWM@FuTD~Jt#6B2Z86xl~h?U4caNtFAJM76j(Q@R~l|UqIJo9j~f2e%TyM^{*L*R zCMV|D0y=)Dy;Gju697`Qp(o%OXkHpW8X#$EIudxlp@nYBE8T|fl%AeLqE}>+CkX#2 zNNc-4rWos`p+I|Xkq=uc;o)dzNb~H~i7ufM(mh%CNgs#`57<;j|K@k_U~N9{0Rcnn1l$OzjvTB>|9^kn#!U56nW(?)la-%EgH=AVu3r4_KhV8aB)$L zz=xEDaTcv)q;D<)Z~E69PmP8;?vKt&Kw1XPeOol^bd|J{{U4%GiQQAWjyu>A`+sMr zf6%o5_YZc~_Wxa^hCZt79tQcIv$08i-`jw~Fp(IK-Ko(FDKivXKpAimp)mW(c{#zk zf}_Lg*^oB3y$y5bq^*l{98Ebtwd$5lswHL3U)P-Dl1&7}1}0W#ueSaBI^jCjRu=fIwR-TA0CtZ5AA zkT~DX+v2(<)c2H;IG$}4#K@ic>Y`l;0ZFMdFJx|E-H$xnqA08+0H195SD6hEG2^Fd z`~v*z_2oL%0^RNEqQv-2d;)mJIksYb-uHC+*`?L&Kj)Jvc#QstvWT*YPck+2BaCrE z6u;CiTz3Dff6zSt+27gOTibtkks9`&7?H5L3au(*lc%}P1^vTluJQ~cSIc&wyyh`} zXNO5mJIB`d!YDYBrmN|q~K!g(v%LaXcL zs!3w@v>OuRX=!r$o}|>cxLrbI4`7bQ1wOWcL8Aegjef^anY&lEZrw-yO5JJO&nduK)M<`Uh+Me-~-3|L;Km zH$>$&HUAAUSx*sPc)Gg&UtRC#X_^1m!9mmiW3S)eUhDt6NS{pquN8lr;d{6g)! zjhRlztKDhIo#u^hl;)?oVF~tfn%OTiKkTi!grxfC8H$msJV9mtjj6PMoD&sJTU6_6 z@}IYIyaR$v@+2&a2U0kepKkrLgBWHg9DIb`>MRl=|#- zNlqy%RYs%+@MrEBz(s=*g%3*Yt94T?kg|HEsmyEjUC~Q#x0bi{f=8XL>XpCapPzNM z3I=`sq|@0-d1USaKJe_dHw*WB8Y>j}1)|1XJ($0%2W^+{V9Dh>s9(NoFP`$qDwKfc{d-feCcO|)Imy*pO9k3LZO zimMu3f=BIC`D}Q)=4F+apCu1h=H68q*M2d+g;#Y3_Y4m{;|GOdCrIYFnsPf5XzQxpOx)09TEv1E{%{2ahB#GNg{0Wpr z$Q0~e=9bvnM*Zqe842WdZcnv0TvWTf=_R+9N+vF8uBcWtw|{F6n5(V-459t}c5vym zvD$iY$@*`5XMeA;{@dN_ul@h-Bwcsak&o}%MUcbe7jBs-gCB{64oRuIJJi@O>Of;v zxv*sEth{QCx%+f>xmt-kQLa~4aDOzi+6a?sZ%gNnNv>tee#cPxA@Rq8CuaFqx$pEh zSvpH~+7`E0^YE_hm*?nI9i{FIm)aG}&wizz?`F6$6|~+Bt$2+Ufm?304RW>95`e}S zRll>=i1Nrbiwv7o~|?h zx4HvNQ?ke!Sa$xux6?fTIq2`L&wuVDX{qQw^4^%pE@MbCsmz7_*n0Pys4$nX->}>x z61bY8IH%IZt8t^kUI$D$wHK%uS4H4G6Ztam9(AkcGGS5cQPjgL*(aN8*M(a`Z7i>tP;zUiZT^DX8-BkatvI1Ow{@?Wf+Uxb!@n7yF{iPJ|TI04Ux67VN5xB32UvuLp=akY(~Iacudq3It{0-&Zg;#oRaOmeVHZ8h*AxVdMlL4 zrNSL*HLUF$Tj_a=m5s1UEYbRAF1Vn&c^ua~{C+Dx8$gR_qGgFnfYFMew-j`+i{HhG zU*#;c7(UggCl#vNCsd$QBiF)kU79!*oJ{4Qe0&8yejLnYD>8wPA3OCHk1Ox1%+)9# zU#VhB#H2Eeedv~Nx8$FE-|iXuDHrNV1#bBmOLIhBb2G8lXd^8284+EPv97zPY_f_N z(an1E!KW8iw~?q93@Z!KU=dOAq^pv&>u%4N*)g9eE>(m=JgJOPn^}>MOvIXcDlJbA zEAPl;BF+awWgu4yq?XRrp)j9&abbq;f-+j=H2RjW7KM3i$EWVKohqAKpW|u5Ijao} z_nOZfA&s)LA-;3_wc=mb96~v`dZh71imtuz73T#TyS*k6h5XxBhn9~2;`KG9jK8l< zF+D?uQXUIFs=4UsVn5hG#$|G$!>34MHT|QWWw59N*GYy`)Xo0*=FRa*C5JMqD2bn8 zOlBw6fnWeTy~@l@BKnuata&(JJY`g~JLViLT1Q1$xf}`o-jbm(H{%vh=Tu9T@99)3 zR;S+;2cA)~RLzb!Q~04qb`r<@{8-R48sh|?%aFt_a6uj~I!|HcptsJrNbppzElC`A z-c@q)IPI@FSKreZ-6d71X)*wju|xTaGhM7b^B0N2oZU^7 z53ZGVZhM@{pvjj8_p9LY>;}hcMOvWM&@0}uyKIuk3$>4#mIvf&6KW&3tXO;FU;$-n zfkc-PryA3=oi^1H%Sh7zUYdm`CXz};?h0$t<=_mA(V5#( zEdC0*!Uo={65z(6cp5|CzW3YyYH6kY-`wBvnjU~l{r`5G_rLaf>-+zAla{*0t{wf> zj(%U9qu+wZ8vc`A{T6lk^LF<8d>k?EDP3>=znTZ&GXKBrx%=M-yL;>T|4z~p|BnTB z!P>v>)A-l_KIE8SfG zFJA#J)Bn9*zq$U~UdMmGn{*%gf35i2)a%07KnpDMmXJZ6N1b{Ypd$QF9uH_y7@&3f zLeon6KaED$i~MBMGX1~XYx;lo`a5g;|4ve4N1^2*vaEt#chj0rMD;&P4DQn2FV;X5A!^Jnha zPzj#;lB9Fve7&B%@_IIvY1sl%OadRPL+k^!7m}(R|En z-t0l6o3VPmb=~0jy=_nH*4J0SZ=6=L|B5iypUD4bySe^f`~Tckx-?GR+Wlwk{_`ce z|9m-KKWk^7FFaju{%`aDS!@X`_5V3&p8xJ2Y_H#cxRZ3H^WP#6?b`q66Z!w#zuV81 zy?xeetIs*zT>szL|EG5__x|smUJ|bL{~e_J(En@2U(vHyc@nI61B~$qD}QyRBIOx+TmBqf#*R=I&Mjn1p$TXYs ztyvVNab${yruzED*L7-1E9rlGfO>5gkfrutuWA4F_V@SJ`u{G{;=RR%?>^dK3}3E( zZ|vu)S?UzJV5rbch$@!FGmkEk*uvde6pD_ulFlPD+R$N(%AexwHdW?|@_&Wbe&*9M z`>(%0_x@{dcfJ0*le9p>o9AbZld<_|DESbn6l=VW^<`^`tA&m&LdE$m_F2W3E2nf? z@%TywS3KnL0NxxOn=gup3992-;Iz8C?R7b@EU>Imhb{Q(3|(Yx;r*4;RrEixX8x6@ zfo1x?H+TPgd$+&V|96ra_FsKLw`eDzIZ@jr$+{{r$bQ{=bv70mnos6ikBRV7U$FQ)Dp8 zXl&l_N=bN1CMW}M1I#;NGE0qt3UZ2Z43n6T?By-WCR(L2BR7fwF zP}Md6x9EGp=nv5~|Ia^6Ctdx&{HHu)-4f7x%7fm@ZT|1UO*!xU0Y7@-#^55Ut z?ld8zg2LhPiy;5zPDX(UgiK-tl)*oW?KK$9;O&n^ zgc&&I5gZl~W@L$3eMc_hq3kLmPi0qR%qOXNhDB?l?xJut-A%0$&7W}2#c9k*Bw<7} zN?FPo%y=e%pEHLsq*)we1Y^MyAgqX}R&*#8{ES9Mr=4Pj?txXS#)O5CC+>=qqkisl zVNZ2hDX%B$uBk4&N+5Oku|wLuyJ?j*=`+nt^L2oV$g3-i96^DDYny zl~kehyb3G&L4Wt}rpynh;5DWkUa&Fuy!Y?lhnz_sqo;8Lp|eO7L1jpUJV`PWDmm{_ zTV~+8NxA8zZ+lsRnxzp@s9W^B;RzzVE%HiQ=}&>2+EHMrrT;h7g}Qc3>IMmmAmX8k z?{AOXhNg2)8o<2BQS00W{HPn-@xB4mDs?5_zJC7G^TU(p!&iqdpTBGEb$4Dmyd2(k z6Q1wuWyE#CR%m0dyk*vv{@ufk+V4#mVa(5UuPc;vI4mWmE4KnYe_?cGie{{xrWIOk z*pd;(sMo4~nu$r1R+a`v%mgO<3?*ooTEHsfS<4=0M)Zi3JfuYB_K7ZO<;L{Nv}Fa< ztu%ug(F(MelC3DY3gOa;AjT$JOgP}896y<Pqm8hH=c_4NW#Nwu zyu7QFO*R8~!$BgNF;IxWC`RC^T__u#N2mzZ8eR8GkBTig(^{|`3=br{J+rIs8A;-I z4})&y=jN7XhRB$%AQ5W9mJ>@3+Spjt04atFEZ8e+l0uH;l%HP}h#3?c8#NOl-ynI; zBJ-@T=e^;2mM&?s1;}J3?3efTcWB-l>3QFHUFN-+>T~MUB#sMhQ&bUfyBmNGfdF2N ztNBy{en`2Qq?w*<&Ep^j+LTMpv7=c%A9xgm)N4RI{7J@ocN2MM9pS8)gI~D&XTHl)G^W1D=_Wy2^-ufKg_~-3$^k zGnR%nixlUO5LQgsdb}~NAR(zPoa6+IXGT7a!NL$DV{)J{g0TfufzgY0m`9cnDNi%A z=k>n&!sq)O<(Nu?p2hW{7A9k@SS}VC;JSulcNFtcZpIjCcdz**QE5Y_g6kFHn2Us{ zO-KKQreSVtdfxXmX9q7woh8oV+Nv_lt9I%ZQ}&aH}cO~33BEqS*&OpSMF}I$ge->t4a4}iY+Sv2njP1r+X+6A)@0k3S_FV zOSS2Kt5)}h+g|X;T+}X{ZVoJm>q`gEd(Oxxwo?d|PJ`Qr$3vo7*5HfcTI5ZqA|MLh zcQx>C>uaj{EyMQ#Ja^ZZMzcar%{IyV+OxRtwInH#;g%6tO}FjpaeZDIkU~Cv`f*cJLKiarZr{zGKHV(mo9Fq;X=NVIt+f_#c|k0_3ZIWG%dlkk zJil@%tsKiU|5`lDvHFBu%kf&BYsI2-3D*`f>va==0d5|(f|N&abo`5%u3uup#jMdx zzPE5^y9q?XIcogu!r{G!8LAi*Pv7U};A#UfCtT|Q%ro5u<}}MkM`71g7%qsyhegIP zOtWDo$pnYezMD2wT#>kCENqqFzJAi_e0;l;yxVLWAGU4ABfOnvY4qel_rbFETApv? zXD9@X>d%*%RRIgJ{-jw!LW6hXJsx|Sx2Swxppu{RXi@Q$M@{CK4iC!TPEz#%zKoG2 zF>Tr5ITxpTX(Uk%M>B-do@QzmxPAU$%UzrRIH;eVx{6 Wo!05z)Bgtm0RR8_+t14Y@Bjc69tw5< literal 0 HcmV?d00001 diff --git a/assets/rancher-pushprox/rancher-pushprox-100.0.0.tgz b/assets/rancher-pushprox/rancher-pushprox-100.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..361b1492af2609023e7777a96f1b3e226cc06b49 GIT binary patch literal 7103 zcmV;w8$jeAiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBlbK5r3cwh5V>`zWFb|#{v#IX}id%y8HX`8t;@z`$f>0~-F zL_!j3ieLfIj?VV;*`L7zAi+QS<5+dCH|C4PB7wzXvDjTK7Fa>jXi7yl%jGl^{B!Sc zN`wmMWR`rjsi)uX_xE;p@&A6mU;n?q_x#0IgWdjKe}DJI-rkF^`h(pU&z^k+{f%L; zXwE+sQ6GZN7u7}(tzPnqI^rIW6lOGRhx6$MQwk+iD; z6m1k79gvLuOoe1T9m2&RAX!%Y?1zJ}AH-Bff@KO{olqqq&wxNovxLuQG*!UIpr#a# zaydN`{4;2{b0BF91YQ$5-Qm%wXG+{JVG7J`=rREtO0?D$3MK}P#g+pu5?}z=c zAKb(EH|GBZNpdPTDgc(x|3QDh|GYl`_g}ntnE&_jY{6?fCV8U33_OgvXz*$nY{BW2 zNnjEP{BrQ)yY85a8BvPHFlGtW1zyuAA%emM5sZuyDnW4=QOJmtGzOL`4s)IhP;{0h zL{S+ALD@W;kqL!}r;4zYr4tx&HN{z1PB#6^Oe?q~5+*dIf*=lp&+zM*CkemQ)nD`I zoC=Lxumw}4GCAz^CQME9Q5f-AFB5!5)s*J48}ZpJPnnwc-1O~@5B~W{Y-{V?p!;s{LU-&vS9Az$47t?!5Qq|< z$GSHcET-Zq;+yhV6KYD7>v~1d%w2b9xl}-O-->G6a;H*pTkZr~wc3Vsii7Q9L==Tf zrl!CY@DwsG6kJ_F__LYyPG;fzo0|~cj`f(qlw44d8I2f8Kv1a!i%@4g4YpvLg*0@C z$|=v27RUU&#=-J-u8YeWNk>bK|5l=MRX!Lb!T*NG$By&Axhddp#Np8Ld!6e}$ zl32Z{5~}|KFsjJ%?J=D&sl zW8o~`Dmtqh{Kp((!v{|dxBVm%cPjXEI45dUF%XiztkeTvIrZ{HhRobDHk>AOt|W`8Erudl1T~))e?y*Nb@Ao)UiX1v)a-J#SX_ocv?|VnpR^jE{TYNq#F9~xo)7GLsLBt zZ;y2K!LxmB@r45e)>cPRX{5fx(8939_h%uBXHAU&AeZ!=CZBF$2xF2+!yy&z{UUO7cMGrMHOi)uuW8_44iP-KwnSDUg`{p6l-!6*DHK5$0)(FbRwkGO_JgVPQclu4#jB>Tnf5r>RrVF^uMV z;1!1%Ij2B!HRXc+o5oh07DIu}n`>X&6~h(gh- z3h)p<&J!w!@bT9GCB!k6s6-)QGltwP>>D|Rs~c13L#7-xC0bTmNI6@UTcPWE?X8c~ z04nAfLImF+Lqq_`c+9jx?wZ8Kff-ssGcL6;FfZ2BrH1haOp(bDE^vY0wdJ0b-?cqV z(s&3TJGIIkBt*osxn?i5(zG4N&hfd#H$vFZdYhV{bxR+BBhGT(lV96 zMLA$nqvkhy#A698#U>eq6C=?Hye^zNPq6{CYe;-S z(nwng$k=x3NliN8bF?>?iL3zAa#>LlYl?X;q0m_g1Yub?(zH6JL}|m@t!%x%m4F{h zNb}i<3S<+C&LRoXl%x|Xjru^yT6th&BdwaWSd~oc5iNr9Y$8Z(mI(|iYw2IEe4Mxw zY%*0X&FNm0&amMko$iVcp&tZjudFar)l~3&GPUMv%~ZA4roV7?YeEgWuvK67U-kol zwS<=~)*`-e^5_?O%}PKUM2RyCeLvuu66_Wt%k^e~#B!h81Qvel{CX$yrE4dG^7=2l`)odc0t7L;#ga=4wU7Gu=m1WtT`HW`g)`3d2%yHd4QHJ# zW(uwAem{&h=4p$D>a${1&#Y7a)etsns0LF(835^ldqWN>7e9GpkF) zq5<-SxE$zm}oAh=yOs z9oS}Rl;m-fmdIEg2zP2l>a1%DsJ7lgm6>Xji7IB!NxAAC@6TV#F3B=vY-gG*>_=!Q(q6DKr9x;*6D+rs|JNXwvB~a* zS_Y-t5Uav?ccN9*FTX$lSGNNe5btZ*#R*rDY4<_C8g@P%+iAGCPe`G~6512LUr6w^ zdQj{fcrx0^t>bqnsuzhO6zgG0xJS99=mFNX+C6#B2US!lH*>r?ix71E6M7Zv*R7}) ztp!5plqiScFlDg)XQV$)Ps;;p5|6(n?J<{>}F7EvyzKH%a3a61V;9QqMmwDN~+0 z_t;Oz?{w!nJ?lj7cs=^qnNZdFb&<_%#<{wA;Pjf2TI<(n6Mx-q_YQpZ50=I(o&2fn z#S?l=$GT<5U`u)t05m7Zt#Ow5=rAl1;h z(*WHTsk;toy;DY3^ezS?s)+005sy!-pg6+sf2}^sjN;a5CfEf_=*0KzdmAl<7hk`7 zdvsVWboBOh`9kFBf&58QVSV6vLWl79Sie0;=Z^ybN#C(F|GfBno@EKe0Gz~1YQN}@ zxl~yEv3ZL-BBq3%1~Zlpp>KZz%*f{-*!{52Dg-3uHQqNe%<#*xtY2m8v!7ZEi* z5_HTyBkPpwuJ@G2UND~NLm5=SY;fku$vYEGU_tbGl*^vEDvP^1|Y(cGZ3)Kf;G-tWjU0G$@ zk8UU3mkS%ztSug%O{-Qd2?Fkm_GdO@A;|Y(ZIBYP`Swq6b`HJr$k-Xar4Lq#1@~VzfuKorQboA&S=q zkq|~$28+PW&2V8cMJ6S_Wq3&OqI9p;>)WD!ZR@EBeNVLyh*paeF_C3UUFdelzsKpf zkG6mKaB}+T?a@x<8#-;fxk$c!w0(5^;eUSl^waUXY7y&)=#n@Vy3~i`(`o^2SnIA{dwkowAfhMov}aaDvR91*u(R0) zY4@<=7o%8Pc@)?r=F_)5s-m8h37Wo!alJpo3=g1I>z&j2ifY|++FmsxYc$%8NLLrD zKv>Z4+AEq~__NdqFgr!PsgF@5-w8e&dM^RSj3%-5WHsLF1>_Ka}}C-xMFwhXI3rzh7sv z4K3WUTe!UbQS-QL4w{pXx?(qG!b5SUtC-*%9<|3_OD)sWKuwGnzF}+EH;*HTY zG(T8L^=8GES}Q5PPK{POsX7B&4UoF8ygXTF2*8C|VfcqDT}TI>1YYeX|4svHv5YFB zXno{Lrn)0;_AFi-YIWhYK6Zx(o1|WGIaWd>`#Ky5#0RSUPZg)5tJ>m%-V(tI*y*wml1YqkbK+-{&fqXbn0 z{9$wL;aPM4&&ZH3js9C1|M&b^f4{!}xBL7d{_kF%mKC@;^@vMd&p%-F-aUu^H3HUG z?IBfT;{P*){~DdT=b*QZ6ZH=dd23+2iHNrrGW-VwytQDp=~%E8!}&*tyZ!k+Tszp! zfB7ZRZbeL)wWaSV>aASbZY1h$0l2$Fz10oR`?%@y;c0u;w*T&MBj_soZ+E|b{-gim z+1`WwcOTDY>^~R&)rjcYoL1OCq}B?x01E=O%#qGQYuq|&YH_n02%1_9yc#nF!3wX> zl8w;zZO{#eKv@P@835H%?!LpH3<@iQpPI#1AbN|)rB>s0t-z(~zVKc4KMf8mqL%zZ zw~txMiqo-oi&$zMz}xS1*XymZ&%J7a@RyR1h2hMFTYFjV$~?X@_cASx)AFu?sDx?R zqw_7roNyLg@rWlwI6XA+CW?p&RY$JDMO9_1m|DBr|IMz_b?iSYm+WQ0w>Jb=*niIk z`+GI}@7eBP|H1ydkEbRXt0(rG#{e29`diJxGH*i|aX~o-o%ZUY&s`p|h6G%3^}-(@ z2^ZWBu}~zI*EYk|)oOU&T@5XE=x=<4CgrfanGvOKe2VhUnwuzp{Q}*l`RbGAq-nSo z&dOGIm^oom(G;&JUO$3)Z5`?(u$B^CMV9|& zE&A7e8u~w+(qzUaDHn88ZLHA${TI#rPx}x4pZj^X;D{(ig}K?#j5}OTX$qs9C3tCU zMxt{vp|Z#VBh4j?66BO72}}|`GHQUOlcykPLKM587#`uhCutmPK}sj)#^3D>PaV_P zL`D3+ozPr+%~PzYQG$%(#f&rz!q+FCP81guQ&!AoJcXYRPatMO2H}LM9{y|455m#E zMGyaVFQ${8{>S~47iq5qG$PS?o|#aL;7KSiv*1ZMBIm)AP|ft;T(C*-zmb7nHvC2-6@)CNq-Tl?{#y`U$cV?Z_gC<0H|GEGn}gRsz6odX=Gs_w{&#PG zzdrx_dk^;iy*yjZ#ALyNyA#%46ljBvyM}NvuY0 zkyfp^8=9v;DmR$hq#;4@HkFDbiG+{!jx9wNdn$WMP}-YJyO|bvJtz5kbx=EKlbH+^ z4ctt21Co0AFqptC!^aX*dt7S4Da|>ZqFD22`rNk>cZSL|eF6a(};3t##D#gpuNg7d8 zsknk1RS8qX-BVso;3XrPYH^G48o%(oO!U-}LxH#(#YvHZD&-2#`iOiab&Xy|JFQmUTWZ%^ue}LzmXr0c%TyL9o?GLv~u37s})&z`F%;2D-w!!*~@T zRa8iaYBRNjx&GfI9blrk3)?1s)ChPtD{tvv$99bxT*HxT0IuP6nKu)z;mv0<%MuFL z!8LUC1NQ%J^%oX6D_H3auGh?tc5UYcPEifRTcSEBe!jSJ4%%&zN@^mLK#o+>vKSsc zvlsb(W6w(defW*n(%(xK)fhc{zW?gXbg6Muv_q=+fF`!lPiE+FD6ZkG(>b%GHn|B% zvXs;=XX1LKZui-pAsmyAf^0(3tWKR)^&___rloqw6R>W0tsJW7{wlM68EI51B{!R5BjRGGd#4&S<2l%eaGMYHAt5Zg{K8lE!0VI9G|Bo-G&;>k8B( zvbpSdA1mqcR*9s|`p_Ip!G+@%VUoa!4o(u_#6t2Z_-F*#bub%I{s`tYle%5_)BFM0%6Y<3@<~Gxo zrsY{POJB)z!?Uz)v&0XO4g;`*i=D{vr0u8J!_0v z8Dx^nxszhji4dIhwil?kmbSm_ss)YI-E!;IY&0u8{$rtR9?nX$0+Y^##=ZLy)xR8W-VMoS*y?Q7jKOE~F&+ zlWEy@ixIkcxWMjp;nBA;qI&6+&8SzrX1U#(%;RUxdwy-lk64BTJb9d|99>rQb^9G)by z7HVQr(N>ZU#yU9g(9nTh~6nI^Bu z30pz?F_;EA=F&6WttSKZ4P0Z1H{f}Zk_ZmX!FeV5R+$S(Rwhp+IJrJwjCaQvTAr1N zO1|oXt*#GBo3-LyaE`pu{Fczox{_ad8MnRk?6tJe*Kqc-|FT~}<;%v>AlN>X&0yL^ z16cwxBDc1zszF?1D7V?TG*fm;;&?RW^@fZEX&2Qvy$U7>o}995h@+$xpVoDc zVQyr3R8em|NM&qo0PH;PbKAIb`OLp!AJaEZ(vYHLS-NtX53ZA5Gw2xv> zxsq@O0UiL#)^psyy#s)xC`z)F*w4vbgb%RTp3a z_T=GO6h+aX-?x9GC~E(WPWsW4Za*4C!$E&IIDQg!`_Zuf1fmC|VQVXtCh|#i@3q>S z`-3#XxzI#Y!By-5Bt#P?reQ*~W*Ab@NlqPefiY2-g5aQM2t}^6M3TWw>s-a1&Xnp|F%A=vbuv_nOmR$Q+9@g6NS0pY7z4?3 zMiYC6-n=5K8%1FhM&8%H-(9UG|8v3$R1d5GcF2FP-|x5O|M+-#kpIVMPvJFANWnC? ztGDvvm?89@!p}3RfGQyH_tSSj1rs4NqBW*4p$rYcYfKoC2y-GS88cL%1&k4LqKvRn zt_3VaAwgr7Gon$2o;PJ;OjxOJG(+HMzf5j3nh5q zW@aQ0q@C>n8LEyW#)_z+Ly9>~QK}ejZaurF1nJy%{LlY-o`L!JT`+HkzeF`<(Mq@^&`vw`r` z05BwT1Z~8L7;#DjR|yq`vZ#}ppb1*pv$jd044v!|rUX!)NMjt8v1vSUf2CGt$Htx^ zpHnG#hFmMSqIw358o4UDt|a9ps3Mt}<=;_GFN-mT@OEOP6H)U4*Bo*2ECU25Bi7r|8d&QO<pBZ#@G@ClLPP zB1GrHSMmEs*S(&WOUm^G{J*M>|3wIlqt*WG-Q09uc)wDfiYry=C%B@F0ZG%^5z~Zn zmjtk>2kYmlm!1I`BNJC;cf$cNTJ1{6OXKJ(NJPO5D5zwHX<<~N)p|l<6QlQ{<7ir* zrX3B;Xwbm!4l{sDG@(s1Iby;b8-vB=T+@M*2_`xQ|6E*@1ek7-8+^ul@!$Mj5azd! zW+NG@^m$e;RADwpc_y;lgmM1Acf)Q!hZ(XzcqsDxN4pXKR80d^LmXISFeSu(AZkNvp3hdjSgmROCToB z*4iBGopdd4u%^jnZVg2>G0hMdKA9+qConj+A8B?`OeXXi{J`Hx+?hn85lFp)391)h zxXq>mf#kU*JM?}Lu8(S`1;#dxN?o{Rh%c$#cCJ;@V57QgXB4U< z+d96_aT~cPKmUs*J$|+SeJ*LN55XZ>;m&$5tG#zo7c|LRSK+~5mEXeV*4+!|1}R^c z_%o4Zf&(LCWZUJ_4LjU3WLcnWEzt#j69jO2MsXV#hHo0|<&KEdyW&}}ucjwK_UOfe0{3x}w> zrwf+|*(m8%D7@>y+nWqFQs5Hh8_vkdR=AmN8*tdnSd(gdT`iIiQNe?@t^WTq=b1|k z%7F089tL*h|GWL+s{h~X_Kv#;|Nk+X(Ev8lIH3$}ra#Y_G4EG1bfLfVHH{LY3XGzy zvI9^#FPg|HY8UHgB!^TOBQG@IHB~xurr$;x! zvf4m=0#12~TtnZ@YQ4k)_?1d0`Yv~aQzu$s%?Zhj<<|EJzXz_QFu@x2@G*RxcLcO^Pu<@$2{|b$dUt7%`+LpG} z{x75EdshSOu>U9hVY~ik*y}|H`~MiNX)sBit4?h-U)KzE;xtK&sGaYvA-2g#t0<(o z&}wZ+lh*Ci_uE97MyowKXn1tXoJ^IHfV%BLliEs9x3`MSRp+c8-nLg6bBGOXXQzhC zsvfw#jn{@XnQmBc)F|v(o3gC>S)G{+sT)VtJTBvruM9L!chs!9X|`MnEfT?E`1x$q z7-Mvf9F-bLF~-&P%sM~1>Z%n?M9*UA1RXQAJ!Y405h#(Q^b6N8a~Jz8G8e4K@STy6 zwPVXn@5rGi@0d5zU7TjmaO>6Ep0U~m`#t7xL1}T-VI#-@388 zc-(#2pq#e}L{g=FR!Q04fnBzet=@?gV~B>s;h!d;-5USpDu1Xl@E!4Ax7#~z*MAKT z`QOKB&G^ry1UvKY7&WQFz|qp5a!Tw=qQM|n`8^}NT+%sZIK?!E31P}eI$=y)jjDk+ zDj|%xpMX>lGokc3>MJ2HS3BR1&Q?1{Z(lDvmIcQy`&BTE;pknV^oK^_@sW)ve=*GNkL+TDu-qJ<0|UM}HdC_+7NE`d?%1IR&`@xnw;xrEf5SwVI>({8SjmWb zpA&aJ?)`6-|1#VUh}*(_bigk8?+pj7`k$zKi2oj^Z7i5+aqqYL{P(p_?~mVh$^S!y z0K4)(QFOBQ`=7zV{y$2)Oa8xM!LPDH?pNI#veah4p>MoX1?9`k_N;dGqHHS~N9|{v zO;1#7FJA4ceE+=sX}Ny~kpRt~pl_hB8r<@LsW!gY?@Yw7=RhAg8~E+jtO z8awkp$8G)JKaNfg`u{Q7Qy3AgQM%tfx|?^k-{XQZ6X!url1nm0RsVl5s>rQU1vNv) zV9LbU)lyMDeF+j7(R7aXiM-KIc?}g)k$d3KD>X=PC=AY`Tn)A*Q z(U>HcMQ#h=mG>f4SGo5h9Ft4$MW{3LSx7qdUi_c;6n-I+ibBEL*Kd>;=2Doz&kJda zq~pM)_{|IFDiJAm{s?-tCI9viYA?`i=n?Y2-QHj=|2ya%RV|C95g8UR)R05rD?8UO$Q literal 0 HcmV?d00001 diff --git a/assets/rancher-sriov/sriov-100.0.0+up0.1.0.tgz b/assets/rancher-sriov/sriov-100.0.0+up0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..791528159c162b72068a53d3ef8c8d6a44d23b6c GIT binary patch literal 6433 zcmV++8Q$g}iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBvbK5wUc>nw3r+6c0s^d&ZNj~SNs@_`1c6V!&*j~$>-mR`F z2O^&&j46N(fO0fR_Oox{;30}S9A8P+_`{}1;Njr`co&W*1?7|G;fM$oOvyO@;T}?} z)oShS?3n+pR;&8Iy}i5jLwl#)Ztw53TRVF{wAx$S+uJ`t>pqaFrc^2-erVmgu4?1H zkwh5diYUsN?05hnQ6%QWAS6n~7*O6Msp39mQjs|BfEg}+D59UnM1`Z;5+Mpj2Na_Y z2*Sb&LCcF!hJq%_yy~6%-P3o#P+fCz1w27P6c-S3 zHlV{)pajAq7!yW@C@a||PzGv*9>7)FN5N2`gfLE}Lg9_LMrx!~B0J6Ikg8GI4?;d} zUj1D<07;yV`;-l@hfPZf_ukL&@Mx&9%z%V?cFVwZhUru(QORb^hg>$L@F|}Jax(O; zaC*%}Bs-q(=;FhP1y0$})9B`8`SIU=f_Bi}3tE2bM{i6hQ-m@UrZA2PjXPj#{`air zkn8TUWIwm>;0@_ZuiO)ory@iHrG^R)lxvfxrU`a{BuPv|Gm5=Q-fgXx?zq3DNh@dv zE$^{s+Si#Z|DTXJMR{KWUI>xutAM9Nr(X8wxD`bQ=Ue89l~L)C#3 z-U~+pTvaO?0FS%{DDd(zZf*CF#0lxWyw&5 z@MlV5^Uh3yLT+d*dKhEqr~~UYxg^RoS38}c5H!-S^{YV|$2G47TCR5{a6mtFpi%H@ z{TUhQ$9NEpsnopf(AF2D=)i!)Qa3bY^c7`iM2$MoX!1lgLq?l@%8X34vgN`s%SM5G z!}B(vJ0?Sf-_E-d23$bBM1hcx6V8w+=}}$4jF9r+0Wj}#nco}{5h26KUm&A&5k-a_ zm>2=;_fr~2Tdl2jYiH~KdtebcGy?UA;FzkN#HH3_o;B5taC1~62 zmIpxly$l{K1xWj~FsnFPs3zwTPH2c{aXO@I1@KvVM5dshn3AQswu9}UJy%yY9A%gN z(~kd})RmX^sViP?++1bX*dK9zb(7w8MOO5yw*guey|h}GaI;8jUkZno&%rfSBa_R| zaw!f&WO|IE13(8_w?I2R)Cdc8&*32hI8`GQ*Hog(V3ZTMrg7|TbhFZvz-tATZ?PF|r6FgH0lMl!m4yZjQ^qD>pi05Z*B6 zeG)qrU&Uz2ZB^(a9FR0t=QyNNiD|}@`XscuQi*-*vcGx+!sf^%zV2Pc^Y51&87 z5EUdmlAiZ77eJzjYW_uHpiC-ZxtRpcV8pLAH%=ukvbSG)0tbd?-`ZmKK7RCp4j_1E zO`+^Vuu%7c&!4kGnl)zyXGG5D&)&s|uq&AI)G%!4NYRAT1hRfNO&<9CIq850a1IiE@^(-{dMH}E3nYCg#!{ag@S+;=T6DX0g5camsBOUkB!GL~%hTo|0 z0?#0OD9~urc@5g8o`N>xjn^4Sl9*-$-tTB(oBT@GpqnJ2k0H^FN%Aqm>%s?X8b6>I zM-qrYi0PPW2CFzI%>tkIr-m>`Cq124b8(qqxEXle0XVO+1rl=O4VBImFz=`}2{iXi zrN&bNF~~b?*QImjLnvrnl3P^=Lq@`d-`633EOR)|Oj9~Pt>3=|jyX{*kQwzL$8+Z8 z4UtO(WoiJ8ze@kFvQdF$D_wuI)j!UR!BXey`Qu#Ax?@cTyU}8E#iWn%`kibF6+K*S zS()he+4<$+69`OVt!p*@)_}%kW%HpbK%}Dr2}7PT z<+S-5G}shBu%%BHvAo%AL1=NQh@t1J$Wd_BU~>^@R&IZZ?_`xU+(Tn60Cl{jL=)qh zxpWXOg>%l-QouTQf?97*4GU>DswJI&d^rHq;_OGGKty9-eSU1U<|(b2=JbDONc!4n zyCW-Lh5o;_vscys_gcG8>wgcD4Ez2ib5UQs>CL;m3)jL4SJ=^q_Hr$5!! z3mptlAX9L7ut+Vu%vy38l1mLSSJ>{18ad~#qezYHFz(J5e3{RR(erHtM{W1t{JA&QH3(d!|nfL39m_#_&9*()`-g=;cVL zSO%ffhYf@Z8C@2$V4Y`qjnkPNOX-}sYcI2fx37udiy|rLtOM5g(LltWDjW)5rwAM8g(Q*nycbPU15?WvJQaVx++oCV!9?4 zxh#^p1x_e9Z~S`bRqemJN?a!qrARm$BU8RHOU=HX^=er-^6Kgt%x%@q64)6qZey|9FuTF z8O|W{WuU8S)U6rD@=e=Mtl=J6gT|tX6Kb|$RpHn*wEOFEJ@r`DuXF2IrjmTqaj;;w zu@xV%1f{&7uehzUbU35r&2a;yOf*Bog>$jIMc!up@x_l`MnChybcKDgJY81t?vKdZ|^#AjFJ@!0bl&btc@1Z-q3t$ER-{0P^uK(?}pYDHom~?~1x{52P zIcYcD$+3gn^K+Ctergx;#1(G&<1|*Oyu~`+LVdSjXyycVcAm{1BCp|SZV$u_7i~7+ zAd0eM0wWZdpU^LkOKTuEI!Ts+$Z-DMor?YvNMY&F{7Ly11Nb;VqEdkY<5Be%gN$z( z>IR`63UPj$!Ms!FSUod*wcnFRXNa7xcVc;eD3IakgOF9h`7=CQzc&fNVlGslv8I`~BeJ z@YlqzU5>k#b+`vX~W6!#qX!*uP@J!d#AshA0GEEyC?r~e0XtseosxAyF_JK zQ|2=-Y0Bx@@%e#9T+h3DyjRZrYUgI;IXpf2x%x z_IlmZ6WzZT=cjMp9G|aW)nawCbWE;x&ONqVI6FOBI7#lV{skTT=J=p@eEIJ9ToZmV zwKLUr_P}Bt$U@4!>YiMl9bEjnejgV1gH@q_(Zv@v0G3^XQP-Mmb{-yFzWVLt=*@x| z+L+VJYEDJy8QPdbYDSHmd;Qp!_t%lC{+~PD_~p{7`yX06RsYY<*7no+uLnstbQI66 zm71Lbl(P#uMybd+=>SXP_}j7lYj=lu8LMhEDmy3gFXjrP?1!^aixjPc3o1?ZS3v0fx*~_Nq>5VbKFcnly7uQ~yIEkPW8siY7#befj3^`NyL4}-2B}mR7 zs}n{poGpv{ufj5ya0xdb?{4(ZpMD|V%BWvWwa3;_p3;4$I{p97HvYJ@>ip-{es%xP z?(W{slm7n@so-nb#*ejG;y8;H+LeR2Casl`CB|!+n5;u5-%&HZ5Ls z1<vnjmb5u<)oyDJLDkh{)GC&1!$Hcuxt+ zh7fGJeE+Y4;7k@J(sIq&QI5J_7OQ8MFX0)QkdAubIG8gSJ;y)uET(BQm=q^X&a?tnL+W;4z;@x2nA}XX845@0GzZQKj=>JPJ z&EM?BXxP+$vY&FongyUf3AMx<&={rnB9PaK_af+%EAK_1#`>8HI`m%rkGBEuh@d=` z&^QG)M(~g4S-im6Ly!>UeR4P6$e0j}H6Z7tm9D&}^>!PMoWWwCtIS^!w8tLMdjIK5{ z;p*sBA&&&gfRrOxWs&$6cbPi@YF2Z)j4En2uGw%cmak)!6S{i{YMP)4$7qj3Vq^{z z%E0sCOn12ofS4f2vIl%D68i8N^k?ft)bzU3y9ZCj%2)N}pP^US9*i^;Ti848*x zJ71D1XgwDClo1=eVaikCf*g0e_wV0(&mc@i4E{j&-hj_xi0aZstI8vY3UVFTxtdB8 zX2%*+X4>kU_RpB;Y1Xv0%jOW3uiyLIx`xr1N3h#!m7#mjAZV6VVJL8oeNE|t_hb>dHZ5`OaqWft)F4-MLH_=k zrEf-ipDl_O@B4NquFr}K{QYY})uIAH)6?n|#p{~jv$KI^7eL6v${NCMY-D1IXb!7T zNYCps;39HFBQ$p5yo*Vi#jUDJpL{4e_6iI!lHTuVBdb!TOh8kNDzR~^C1JeHm1oF)eISJ z_9@d}%y}n0do&YwY@q_l_NXTMET}^0>-Wyx1;{2;aApRJG9Bf(l{xTN-=RzTZ>GB{ zr@VEw`A7+iB}aSSuv}v9h@|O9^JGLMkfFwRQ9(v^{*ttt&sZE2)>*r3KpB0d`)O&Z zx%0WDdS*rPeA&4JvAXPe9*#PDTT{}Fm>Kf9+cfgrkF9loJ;~aCBuV`HvjJD_|J>cL z`v13fcAxw|50W#_EutHg-vsA) z3E(0RuWE(3)l^+e^4YH$6;;;odkNPg8jg%dI6@bYOL48(B(_Nsh1E1=riK-kSP8me zd0O?)bOI9xEtT5Xd~0twIy~vF-&T7ok{>d<`BEd~lwBCn;Rq5GS~Jw52|p-7a_LE# zLNOqkCF(Lfk}g_%-e343vBr|(+91faE7LYOe|@}_x4;Nq7EfV}gefC8Ni-o$D>f#M zJJGGX9-%_z)Jd`?pr-X6AbBqhE+>Du{ZxXyU^LjZ0Jm{0JL@J>KUZ*fZAmjnRmZAMF(<} z1*U@5mu literal 0 HcmV?d00001 diff --git a/assets/rancher-sriov/sriov-crd-100.0.0+up0.1.0.tgz b/assets/rancher-sriov/sriov-crd-100.0.0+up0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..c8ceff02b1d1e6b598ebb29596e969b57d343dbd GIT binary patch literal 3157 zcmV-b465@ViwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI{}bKADE&$Bacpypq zYQyAto_BnBXg)p9D}Q=NZ@gE-!{KoF_HgJO9>4O2Z@jn1ufW^1A}-3LBI1?z?77Ou zeIrB|FZOMe$_J@1ao!>@Mk2AVZ#{u|Q16hG-k^|_vlEyd>;x!% zK~rV^9x{0Y{dbmn zgWG%6fSwd2Z_X?T*OAc<|Nu6G^;m$2(!3msYQt{*pCC`M9=NM8(O(GXdIw0!siL<4c-hqo!es1_|XeId(CdBFrpzS!l9NoMbFI@&$ zs&>l?1GQz(-eL-${W8RG#ebPpK+W#^*_r zF{&Q+P4v@Arnr#%0nRYqmvq`E!jGszUu6RKNlN=hb!O6LkOcoF@+6bHOS;-UNGd_u zbYZ}RY|RSjsMU*3@>{JHkB-)tw0ExFkFTMa+AK!d`^N8&H_FE)&<>+4L}3>(6g)99 zkp(HIOqoCYm?A5?UuKhpD!uOi%1|o3Rs%RQbp$2|SsD<9!2m`K&Pams8IkzK7eISj z_O)Z%Ex}?5EHhiLEesTesbamBvvr)JzmzxuN-A_{E22;*grim!~6Eo>DZk^d<%5KMcl^RsI z`CwS{6@872Ok(^ipwfJjOz|I91R%>Cmi0k%J1$$9j)8oZb&|%9{ zxxvagpWVU`@=QEciujRkiyqHP;G09#yvnYlR&kG>uR*2p)#&q0p$7ywqdtOl-D5?b zS9*QEXs?K_)4BjHtI%IkuT>RPL}jvl9W?Aqm5@)Q-hJAYLZ=oh7p*{BZ0rTa1)1XF zm25KKo(t`BTj0;XcOK0mzK^NG;G%rE?Ddw;i{?+Cvw+%TGyLP9J9c6WZi<7TzPRc0 z{}cMZe1!1;Qyx>FVnZWX-~SDVN5jKX|95=ailsp}Z4?6K4}kzEtnHIXmXM6M)q%VyGD?+U7JD(yk@ zS}RUgLMYceXp|aw8dyWR7Hw!86r#|fs;2cAe z#U=(|e%ERPP}M=rZ*hzjv#fJ$$MGFie)Ne4jg7?U49@LYU30IvAjT>2A9{N|X(R?X z>$Nw_-s~8d3tOwPmRCVS8tl0`|8xq8v1D;gLJ~{Idf3?}oX1GY63v5 zKPQghf%-)Si#mLuu|kKBR}37nP!Op^X7-+<(brqB^}0SMg+|!i%nAeZ+%U&rMf}_S zT-NCPYlF0{n8c51$bmAm}l_AFJHRETR-reGjKkk#@CAUIdHD7R7g z@@xbo2n0&`!g|k;1+IKuQTf`Oqc!uhljWWF?${>DH?m&cw>SKoI&LEtRB zB5b+|SvAPSGD{^Q=4@sy^%vr&5`U?fyK2@=b+EP=KEHuor#gO-3Rjcg8%eF3m^kYA zA~ly0OGHXKW$sWZOKVJl`Y!<16=uGD+=!@z_?wYay=N@SY4&>E{;`%u&3nOG;_4vj zbw!2k;-JY{b+yb=Lq#i?v_fC5d3W6^UohQKG(nG$^p`Qwu;$q#8dk|Gf|{t!wm^56mAsjyJWpbs&02>(SHk|F&=c zHsb&Kzw-OP2M328{=W_S=JEe+!2ag48||+J`RlO#?L+!4ko@kA-ww9#VEY$`?bk!= zTf$IZ$=kjO@&BT!Tzt(pA%6F6Z;4*=-ClBkeSg(#)+hU@7N~m=MByG#2A?LW+?#JL zHy@Ut`u5;8bG_QDZ-_4SrYmznjbXc057& zpa0b{R17$t@q5~OcCTbNAO;85#if{L~1=jv$f$nz&I{J?23HV=eRre5zuOs0CS{FZ$3K;H>LW-=zgNj9BU zzu@ZrjROngjo2S;UbHW?$ahz`i%>;qOLe}zJtim3Wjefnhm(l&TaXcnW9`2H)0jV0 zdaq9PBB1`?%6x_e#XbWhNT@Ws!Q(OFOItCMpTjWb#POtv(*S!Le7+e&L_}~$gw8P| zL03Gbd3JS|x9i3YQ^9A{*f{?sj{Xt^Ind1`_0jA##cV0EnSCV7Au_t_=NbTKHbU3@ zy$wG7sLS7)YiM>&KGoaxgiC~2%P1hYYM2w|Zt}E`^bUOooW&L%oe)WVEmjWTlm#Gj z-h)S8V$O#v21W>EMrdq2W&~6N7zdjHFrI}+l*)K(SmH^QoVF`8W9?r(x5${H3Ff90 vi~59Gvkvyg*D5Iux<0Y0wAZ(Tf;#G`qmDZI7U(|#00960xOfzx0BQgL8YnW5 literal 0 HcmV?d00001 diff --git a/assets/rancher-tracing/rancher-tracing-100.0.0.tgz b/assets/rancher-tracing/rancher-tracing-100.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6784a1b76ceb3fa7cfce7a0cdd1d66e401f977bc GIT binary patch literal 3692 zcmV-y4wLa8iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PK8ibK5wQa6a=_^rK{JXIv2_IhHb`s^_XSwkqQr$I;22>}9vM zToBokFa`kz0A*`DzTbWYfTT!@dWqxp-lU8Vwgfi18;$NpHyV^AJeZ?wYDoghXRYHo zk=kF9h`o5U)^4}ky`v-hzuj(E|F_?EIxjj$?OyxsQMcFYzG!!j4!cJ$p#69(Y;K9t zM80T$HLdF8{v?fXE;P|paMkw!0-^~MGe00&GxVuw&1o1S??Xe&1RJ#=LiK@Bp4=9m zrg~)_2Pie2QVjc$_SVC35}}GofPJ7!Q_)mQr7@}pmdKDOY??ti-b{-<64Q?;6&1V> zi;hR)IRD!558Hm*3sD7<#@hA`;B!KQYcQ&y;Xet^P{O6d1(YjI7_%~hM42u;MS~2 zJg8#ogM+ucWWIT9m+?CSE^+&;y2#*<|Q6DTImSth(>&W$? z`;L0~*JDPMI=Al7E;R`PRO-Dj$}&b0{!LPi?+IUe0B(YglZf128JQVn=o;hney8y@ z<>u+<1m$uhr0&CyN1cwRP%da-^{luxx+Qe3*!b?I9cRRDC34IXrBR-aJOI4aC^=yc zX{Xowq4!Yd`~-g*Tf*t<9`?h^p@&9kzhi{(!|5LQPyVe0@ zD-F#&Fu6`9C^>3WCL#$%pjv_80mj;Xn9^Ayt!=c3Qgp_fu?U-HuV}$R>;B%myK5R> zNI62obZ5Ik1MaOQ6}nc=gGvlf5=r^&BA8>CFv@4AGcNM(;VlMMk6EKMx-SOiC#u%#5uK;)tMxKT8lnNC@DV#~G_v#;i^wh0l@!F+fdOH?Y0 z=Cfzlxa`9OHSx>KYIe6A3_!#viQTYHd7;~dge!c8e@XZZ;ng)RU&E^fVbK5o;D2(wNjQ6dj;HS4ES>@B)iQn5V*U5SAk87!SbLA$nv(wl(R!fDG=1*l(Kj=iX* z^ZaTrTp_ZDBd%EQPASz3;4vI}h0rdazS-vX)QX)BzhHuthj{xMUQvxv(F*rj)F!Y} z{EY!TG# zEQ`JOm6}d1V!_00`AbPUh2HIou}vFx`QwME!2 zXX>=(0eZ8y=Iqd&4cb%Ny|)HIzFBtK?JYX>b@Bg}{BMrTr0rjw{_Q;fd)up?|Mz;` z?sNY46s_ox+_BnK8V_H|^kA)F1K&z8kw$-M5uo-!E*}<4%Jmc)e^IT*gAgE7n15-k z_%Rkx{p^{H)*If&gopN^o|6bcOzr2uR=2#h3^hA^H?S-8dA{I^V&?`?o){F4D&Y^% zGT{OA-q?>cx=5x|dJB!_I+eOVNk}y5=V#z|cdN8%-NMuKs8GQBrLS14V=v?#zCb!`kk3q6WaYIzvm90$dx~ zo)s9`#Y$!->F|Pl@({WZobH;|-c#E-y_8ohhkZ?0lMcoC!C)KC+~*itKsP9;rrou zaJHUmt*gmu^u=g!esyvAVLW&@yt@1}8rBX^8Q4ty+omc!CA z*0vX_UxuHyBD%(9W7jD_hWz-$*_lOq_4m`!FQ?~MKVM#su0|imm$f8*JnD4nczi#6 zZ#a8D`0uOB@!)uPQ9F8FnOsTJUsW?Js+HmYuV07bPgg$;E{0d5!R60&*p2&M8EB#8 z5BK*)ja+|XLzeq{Xw|zj3sRLIqYLDy)JTd6mQ(h**6};kgBQ1 z`qje8gb&oY;A0_l-^Acpe)OwCX^&~zIVQVp4}!p~>G}R46RaQeJWvgt3Kj~41-;v_ zLD${U@UbeTO_w;pjZ^Xs)ofJvDMI0W$N*Z4>d6i5|I%=oYgj)47tnQ8P zfeZLetz5!P0MN|WEfsET^UA{gP0OWww%24!_dabYF$9qI z7M%%dlC8iMSi7aX51njG!b}>PC_OgOt5>-8Aw_&lVlttO zYMQO@;OxvRM!NNA()c)oEOWU=ah>;OnMo*5MBy3b$!!^-MK-YaeN__23?t;4u$8Vq zo`eeFbTf}v?H6S)j5|Z93ycdkpXxcVV>{=yi*RA4A>qxm&NY8iB!luZ2oGJ7|cMrp96>{XJ#+t;aJFgo?&QrK9`aHDQW98*36 zk!TB-Y7b0EaE&~C4L9}{36Mi+M~kww(rn18fAW>@^*eN#REJvw^c|DUG4gb~qZ2T`B} zxP^zCIdYgJl!eAy$0WEWGgQ9!(*49i>faTpIWh(_CMNC%4dt`f#`uV)3$#_%LON)(s?|t~d*%Ab|BMnO?p9V%b`ksGsadn}EMDHaWizpHt zJ|15{NTu@p8PzTO*Rk*Uliy{_{>?h(vzGajeN_wIS|KvKQ4+(HGF0AyuWn-Rz@Lz7 z@4(lQ`79)zc?bXFy@ZcMQjsV)JsB#`7}jqXXwRo1l9mIP;y2G~tZ$?mHn0LlE3XZfV?C_;mpHiz%fa zM-letRD9Dc zVQyr3R8em|NM&qo0PI}FoCV_Ww?&Q~$r)+37y%_PgC)Z}(;IjEbjeYpY9~hGFfS$c zG=j-YS)Gnm*Y`HmP5Dzw6aG&KD^NY$25<-dcXm6wb^PD%>~8S?G0Nl+4aOPl9|@&n zXte@>Tu2>5zrP&-P_8g3B)(x}7(=UT-ls&9#CB9=k3ykzXygbGr3~1WKNE>5a!moPhTqvrA zoX&8uJ*H9$iD}r3b#`38k&GQxOG_JpC*7zQbq(^06wi@iqJ@m%%XI)C2PARBA}0f8 z_DIL-kck0d<%X(R$(!5dUSmcIrq6Ill{Rd)THg^|o7TU^an6X@96pVZ~HUE*8gLaFJD4PF{2!zJ0RgEG@JJ;q`T38qy4+U)|>5EZloy zjg~#@mP^WY2CaWp?bccZkSUz~XwCUSo-RFqZ-xGomD|_Cs zH}F>LXS|-~aqXL0Yws6@86(5yZdKQ*+TBV1E0ww+%(ZRmZXB{oH>abD>(xAHwLxXf z8|Ht-^`Fx)T{|MUWBu=J_qS{7zq8x#Zr1-}lr1>7nSyw&G(mg7#GpMUN~83-7}cJ1 zqwc>i?;WMz?pQ79aJ2Q8KdF%9`90}5 zXuWrryMR~aXyX&*!xqcpnCN8mw~7|l<+{jIqVZgtAZ<8xwDdH`7|sM^ln+1J1_6La zl#+qUe44@*cv+Vl057g7HFvc+c8sbqoyYZBq*tMLMfGSsimtyFeZ39s z*6nn6Fi}-P2$*G<=on6fGnhH+bC!=jQ>9fym(uj^?4wXlXo9bjL=;?~+#e6Y z!udRlKG)D1;OdJ@EJ5qbml=fJ5++A*eO+0SE1f2S6=Qs7CT$rfOzkPrqZsCdY9?Ge zxN#AtBU)=Ik)-cAo0d7Y>WkT7$71_G3RHEj0Fu0jq1Wk*%X;HwpP;@H@^XQ+W1_MS zR$(>qkyCZlhQKKd!}|9>Qb!lRXT#?VpGgPleQF2DxN8^y%d7Ind-% zXpsmO!-vCD4?aW=QJ*ffUG!Ym6aIU<*njD=di*B`Bv~&4yd(bWZ})a;@n5&QiT@s_ ztmY@%xi8N+Y?k$}6gJkev-BYva#s%ye{~qQdLo4$2}%Fg`ccv4PuBOF=hj$Z#6A-Y zzl}p#Fn7LBa{5+^BDZiGx*&I9PYeMk$gQh2K{+Vv5{WK23n4cSuzhkN-D*UQn_Hv# z^xvM|qi?)zb3q?L9GA?!ONg5|PlS*u<<+IwFopx5m4>JZ=_R>84j2IVnevqK zVFM13oEo!185%0cHBBs;(0IXhc&c8ZGGXT#W;Rt;>f#o50)RO;v%&GRMs5TN?_xt0 zga5%qFThZlW^07xKM#nThc^N4I)i>2uHQVZ_ks8ICbGJ{tTAeJLLYkuzirAkXTWQf z75#sSsR|tw-#-Sp>-=|T_htS3x3kmP`2UYlYX1Mt2d(}#mR(>sxZkGX4XC%;L9WeP z-sed9rc=}F>u7!>t)Y>B314Bb+ee-(p6=d4c7C(1>72NH*+}*;iBL`J|Lo}1>vu=d zIDMco?mYk9>DBIk_4}R8{jWzUTdQ7u4}M>*;Xj_OlM#3hR2i>47hKT+L&$^#S#VDI z5C~(SM+jz9%7h%-gFc$k#Gk(c6CzijM?}MwVKJ9Dp`uW1YKQ>kkO+zJ%Z!bADp3KW zmuTt#a`+AiPwlhen4x|FgF?fIOb`Z$9L8dTDTqRcA`7)d1T74I;>zWBZU4o~{orL) zrY#-k49CbdP_A)U9=15v6T)GDkm3ZH$T2m8Q>HD=GD~8JrSk!5XqZYmK^ZAJRNm=zRbh%b6H`OK zolCSwj*4nj(MXTk^C$?mw&1k-A_&5nx$Q0I1WXYR;H&FEHk7I=1snQ18C!eQD42niRjQ4`8Ah1c^>K-9%^%kME)nlNS+76czg zRDu1>!=I=sAf7e4Dr?4`To?r(&;Dkop~|HerYXlnn@7{wZzu3~QP_F1258Itl`>(z17THU*!lCKF~&8?{`K zsfvTGtu5I5`QW{iue;YC9K>)~BT*>R!E`Ub&w-D}!CPU3u!d4v$5Uly#DrP!?A%O; z|7C=-Ob^h{h9_v}{W%=Kna^CnK{>2>dX=W-uPC^V2wtAnFKZ?a{ ztan}aDt8GFX7#0ay5~Lsn_o0M2rbnVS!LGyK_U%a7^ibSsq`eqoml zM@(%qLbVaLF&0&I^B2RE`^jmNuG{$gFd4g{Il2V~i z`PqH}$d&Oy?1p3%W!#|){A@3@{_^qXqr>+nZ;s#Y@8v{~LM_~Ux})t($gpJk-~tAi z8DsN4S!Kk)aB45dP!2yl^M*D=U25PfkgH30`o(?+06%oEpTbu&Qw%~5KlYyg2c#nS z7vIlKp{4hO{r4N^Diz#L*!T9d|C*&K{v&yA6TD-5m>BSm_^;dV_UqsO^>;S+{~x7n z;=fJ&w~7B;{P(@r;`b;`_;2sc8J#@PC*XJBe{Z*2|Ne8gv;A^||Bq2-bL~#OCqz;c zp~q0od)olT-a?$!!+-hug}Dc zVQyr3R8em|NM&qo0PKBzZyPt#c>mU?Amsbum*Bj5v7MI_660}YB`2I?`y@N}6ve@z zc1IG=tL2vD%2C^V_Xm7iabG1lcG_M|ppCU8hr{7;IGh=h3`hPPn78Ed92j^$C++?m zGtpY%Mflx=q)w;Pd3kiC{_S)+`G32e7v1l=N8RqhVdvoGi^K0a-4~t1!|zb%VVbW` z2^W}s*ZJzU@}2vGBpgLlU_ofadkutqEO1C?EguUJLW|J04@{6LfuM&Buap)G2#-U& z@*=!|9$JnSH=+J`SXx?^;xYE2hi;PzczneLEJ}+~-a{dYlFy~N3_`#hY_n@7Zs3@F z1jY%CdT7~g;5bfy9<&ZxokjrMXCxN7ghe={Nr1+JGCTt`j0CVL_5nTXkB842#Fu5~ zLd3k+Zu@eY@Rp&9#0GN?g119DqrB}P)8fln;}%wTlm)!k@DPcn40FK}UnC3~3rr$` zNd!#g!UB`9hkP8u$2tJC{Z~<%>nDPM@*jIqK z`I2y8T0Cihm~$!p%uk<2Q!*Qa&p^ngtzc`WY^Vx&T$O055;KT^VF5iPSOV&kE_DTq zI8+(Gs;>zB_&%f)9RAzb5!-a;AgZ17^Bf z25vWn8k%4N+x>6OscKt8Y|AbjkdHZG#VGNA7MEn)1;0FD#b9j*7|Gzpq zc=4qFeT($VFCGeDN+Li_&1E-6&$%%(Z`DNJmoE)jkW4F7oKpTwtHq2&Vv3sokGGrm z0stY0^ha}z4@5!X@86oBf3Q?P|6SSUr+SqaKpfK50;27#g!S|PpmT8eB0K*Nj$XWc z+W&o%w1>vZRMfkto#>WCK@Xj#43V+B;W*~)Ww)^af#p)yOIOWu#xmK)GAPylk=8d_ z=k~MI@_7ut1jQf@iH~^?NzH>>{Y$Nw3oQKk8JeHc7RV8{}om$<)l|rRD0B>rGik({#Yx5i#Ehkgg`^4|oxx7Wx%MBnluB==Hjc zm8;ngQW&RS@N`NdB35hC$mUK8Us1a2K1~>jW@CR2K@yT^Hk?H?{XF;#eq#0Gb#l9K z1#H2y*`6Nm!RMF(=hl|(rad(J$3THe`9zOtuAGN%VbxOwJvn}@^%PLXa81=X#1Z6b zB1B_gSZx4?Q6W>?)beP_2AfhxY~H6o2M^XE@9}z6;2{odNqji*eVRn#yj~p0Bxne1 z?V?BtpjR$6p~#f@$e-hA20e5&2M%s6gc%?b35euR9EK|tkm(edWcMkf3zWoMFu)5W zD8frh0u%!05Rqtx#2gU!X)Hk^8igx#P7U{ho_2VR!!4{F6gLomfw^$x#a@QugU^Hu zp2>vi6nxQh+Hb6hzOLESRb7^Ph?;t8f`d^K`E((LKAJ#C?;Mg#skWjCiU0zHBZOx& z#mP%RF%1wbiLZ-A$j2Pe-5eqZuwv^8_;djrMO1hUaIiv@p(J8}{khzTwUAL45#i{t z(?J}38UD^@g;E znue5iv(|b)kG_2A z?NCwR8T#_YWoXQ1h1H|!dCRv)c^TaFJV6#f6Y=)2)8QrAiWEU0S^Mo@o}HYYjt1lL z^OAxg-~gDX1T~>iW`ae_JUW`r23$_QDyiE;ZK9y6dWy~V3X5q3**2?%;oMMsLl~HWH$K{hbj)D+8JvbhT z5)K|PM%i0swfh>*Qtopc6Yr;(zwLH9bwwr#K?$4XXJgFyT&|w>7&> zIajd_Z;7!cd&ZjVaUpl;5_-#YwzXW`VFq&NRx-dAlG;VR{mZldczAPu@?kK(Jn0WI zoTX5_Ou{f-9ZteKyy9E&gakV{KfSydo?n$SMiP`2bKh~iB_eKKyaB(^)2h>~- zY`(u5z{m0B-v^_C0@J@Ze>Z$z0jLeaZ!4>}#K_u0T0V`Y<&e)V-oGD=Zq5cD2WJ&9 zFGm-r*Zr&E#d#C$p^I4Sujo`(xw!l=IKSFQ>oTRS4A1*#*W;_f=%#-*9GqX>{PVJ6 zvNcO4bp?#?uSesGk*S7~VV1JW?-*Saw*pfFVK9PeF~{WTxo$Vxt&~4&_+dO44NuN) zK3<&Nob>yH@%ZLy_+fByUD2n*#XV$C$_}LxDCeWrKyxLfDtQrwE5}(~-qaRiZk-iV zRzzHvp92oX{O263RFAt<4*kEq?!3;Gh#3{sr(q9W^)E{y$BZsO%pu|Rzz@3JgDruV z`fPNX3lYD!K>-dVO|9}?>S%?sJQ5K>aCizKUZo0fx05Mj*6y`_oXL%W5gMeKFEW`^ zOu~f0)tmvJ(=c!=Tk_eydaj=dJ;n-@q3UkyQMT$=DnqXBl9BSwEvI7543Md6`sCOC zj6e8MD4ua+??&-#)vYOBqo)1NHHK2zRTLqIrP8oc231LzO8w;B_1W3Y_=ofU&G7tc zF#33McJpC)etk8lT3HV(mc%FJ;=e$-_{|jpcc)woGC_~DTXrI0cHS|&b$=(;m2a>I zHYE(fy(t%~7~aBXk?YrIv4aHN+kf1RQ>1>6t6t#$hNaAc2Eo_aDo=F+~_R3Ux zTl5X+;#@G|3(o@oLu}VwfGMoPhP`wSaVJvL{i3}GCGml7fT^1KYa>C8egTVEtWJpz z;qp8$e~7?(1e=mI7dDiunZdvf@=9%Enb=BI8z*A!`E&4Z3)Rygu!`zB5X@SWK!t*3 zffPf<%0Ow?ZC_F91CC3)w7aPgTY7KvbTzS2t=rei0>12`J@k$;bo-j4ZmatWB^-){ zCLnOvc40i!0cRy$s6f?vVYMN9WL%S}aE@s(jHdJ=QjBkd>q2_XUl;*tN@pF)YoHNph;bAWR=kT!m6#w&0(!<36j59v{ypVigu_(o`5&ZgO#fXNGX;bm1 zTwy6AKkJn^T{yPJMtSTTED5!;;vpQ9_lzbn@1Y-?O?^~>fjw!5er!fG0N&h3%~&GB z1w=wG(te1^Lg&yx{j2qp1&+A^v;;O$KxQChfsk4aHvr zc{{XaM;TxN@~EZTb;6Gg7ynD%yp{ z*JE6TMuF){Fv2lWO0){Js-cCSa6uRLlM0$9rDz#s3LN+_Bd}pQmrBR)NfeN1_6S09 zVj%Nm@*nVp5tXH@0xB9zir(36762)jjp3)b4s0XTQ91}UWcYJvpWEwy`cTe&js@52 zf8FlOR|h%$ulwR<_euZz7U_ZFzcDOmG=}?xe@njFG4Ol$P;b+S7Q|!0uz;C~P8O>e zdZ;;~VMwCcwHDP{4!fT$=mq|K9pNP=A)bVwL(ji5cHAJR)8?r0O#!qHxSc}$>?XhN z^xfCnqt9so#+qDmQn1z>y`gH}8lAO88$0xiX7hJmb+BNOPl!>>0d)@ilIy+;mtv1xw8fk5{GE9mvN=Ujs zD2l#(X)iHrhh)+=oo>frG9wXhms`?`=#*QG(`W((E$7wU*wLaxv6(@Qg3!q zmrlj=i_?LEm!C*QpJbIk((y$~DXv796xxNhDnjSB37e}8nX?X9*>JO>%J_27zZnhw zdGqn)YK1))v{-(SBkAx+j%x51VFm2Uh^j`RC7XpOU6 zUGzc3s!t;UpED9KW@Jf1m^lscH`J+NO2;{bP{KNR>I)`Tql@}=h9Y+3Jv+(R2e0`@j~`R}#(#WdiaDpXx@*G1idl2VIPB<5Hk z9IZ5Ht_g)m#7O{1%n4sFo(MC@K#3WR@eB(H&;nt+$4F0W1rZCL#52c}*q0;%!x^P?fK^r`z0A-;}CSIm(reY#`?E zN$tqQM^@<_s6IBbIx=!YT;v0)E8E9IR#w_dmB|ISY#RglV0v;cqGC7kx0UeQ%ST}B zpAhXK5wFzZrHoL$YUG*uzMGYlMO;o+`}|WSVrZIEL+^)2t6~pTjpPOED>-WIIxJes^b zg2;D+qW^4H$?Y)zo$#aGq`)Tquk-3rsR<|YRz*XfzffzHq0AbwZb<}e2az$FE zWv_Rw!YxxVbJQbq!9`u$h5Kc774tb(pX*1V2%!p-KbwU7?@nd%e>6Bb{V-@Pf(L42 zgZzKl&F}xaM~APT;=jI0+FL(;le%`Qp1*1QxOLfoKf6~rSz9oG^iiLKR=2&t5t#xP zyshv2PAk1?b&_uTIU?M-e@|aN7XT--2m&OixwIRtJ{6cxXFsh-=#u6ion;hzlHs z$~BRxuETe^MBj6_>!>SFdbvMUjMqa!X2> zf}&Id*f%Eu_qC5@UlDCe*#Zky-uPG$e2yuH08LgY7>!7)(YVTdP&Bslg>dw#T*3I% zYBcut&?N(PKPo2zc%$K^HD9(~q3grHHaxdu%WkWCB)?rG!lP49&YIj4R+ok|G86N1 z_`Knv6SG~D^jgt`m5@w(f(?Ii_c<@~=1OAjd6Z=G83Ygsf}4x%56Ny zOxPP><%BgDkZm!r#I9{!j;K$g2z+7P&vqk-exQkBfH_`j4$vs2TU#R3fURh$Lhur7m+Y28do6Y>L^bfw z(J>lXLoYfu?aIGSg24Q0H9md%BsaQ^Jv8`?7jdY1CDrxy6GDc>#sIRXmV-i2(k-ks zyAYn%+(%T*f!z@!kzA(Hs82Bo8%0ycuZ_$DN14Zsns3%WkL@!|>breT=-7RYN#)od z$M)eT{gpDIzT{s4YQD*QIc_!@g@=BcZ|0PXV`VbWKIPMV6Zl^Dcpu4s503XytJP{s zIyXL0bxE(5xsnEQH69OB*^{05Kgw@wC8MZGw4{b%cc>DwP{wgpI}s;!uiP_5V2y~&%ubb_B*+Bw z`D5@C7U<2J!NoiDt3?^%I1X3Ho1)6&?TWdz3-lt!KP6>H-QQ@ksc6jOtU>RMekySt zsCnGrLW;`MN`sz$$}97bS3Rd!@p>J%m+||S9AC@x+j0Hi;+^9BQr1^$spKmwnKE3K z=l`r(B%nTT3(RkMJM~`~^L^XGHNQOt)-zz+n&(k^fyG*>Ne|)K=ZqxpsR)zwEJQ}* zdDZHm>u&4GLhw6JW&3{|$LcQZ1w4!mV8j0Zpxb?sfB*65=;{5RZ<2mr`~Roy{L^;+ zX*>VB+0LV9BbdtS6n)Z0;ZJgN{OJ?~CUW3U*KcU^PtTtg`#)YPTmOGbfU6;WpeLX= ztpBe%hdKXm_hsksY5o5uDIIGaAhyJe=yT1rksxZ1qs}$=(0gm3a(CLnoKG_y z-PU(ytjgeXdUwN+4CiomacJa*bA47skA}%Ze|PgTv>#p~b2357@^}9{ zJ-40*IB4l!ox^iW8+kQl{S%$2I43~mNQ3k_N` zwV&>)1K4^`ePI7q`|2D;PG$9e4uc2jnzb|JTfEMH&-B;kYK`JCNN#N$dAu(3-!pjG z+#0+JfU7XuC`eNB7}P3d2TG61W{^EE8sG0DK>k&U?sjMWxOj@aeLJ~ziS6=$j)&}4-$x}<@W=W4&B{Sp|R z(*SBm>);VatM-+s3cfXz7&&i6Wk{i%h>qd0&gQ7Qv~!P)AtT?RvVgb>1;C0j?H;g( z5giRzT=lFI!EHd>5!6!bY|--ff){&LqI%S87`Z-gqjVHv_VTMsro-qwyZ#wkl{}VS zvhHnaJq_k7EcGVFuSoj>{l}m!0a>iE_B01M@Wrt%j>9IT3juaj^wTBs1gu*7vX!(G zOU?dT&0-U>Zb)LOJ|)`)DY9ofm$uH%FA!PJAFz|=_x&>r}S9q{{jF2|NnQc_-+7}002uU%(DOh literal 0 HcmV?d00001 diff --git a/assets/rancher-webhook/rancher-webhook-1.0.0+up0.2.0.tgz b/assets/rancher-webhook/rancher-webhook-1.0.0+up0.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..52f1d7e7d01b524d3dda89afcc170dcb8d86955c GIT binary patch literal 2294 zcmVDc zVQyr3R8em|NM&qo0PI}fZ`(NX@3a1jfq*aa@U3LoaqOOed&s8gp@$}GqPX6MF6aOKAW@QKS+<S1(Di) zAQ5|UH1a&p8x4oqr{{U~Pj56Fyyy@6{lQ@5T@1%By#8=-asC3l0glhvmQ`aa{iN+=1&^ zA;!o<T4(`CjD@0F$Oj*6+X_(ylE$Xr2f}Db zH0ATlFrq3Q?Vm;*m}4Tj-}PMY|C87V`@HYJj{hZL3992NfHwRO zhZlAHU-SnZ{!c+PB6IX>i#uNwz4{6T&}8nz(kx7Xtn(ycY$6y99(;H^yA^sOQ6bls zHD_WD1e1f`WE#kA@6;d5vI_xQt+icb5NG$Q4nnu zr;5k2Vu`Pjp~mgHTwWtZ)8pPJQw%iA>dk}p-GS#0o*9DQli8>FK`Z{x>-K*%8g};oB=q>`K!`KS5p09ZkD-C)N10>O24}Uh(uQ;f?gwKa47LlC z+=%J2TP!KpGqC?p_3STVfJ|Ze!(PjSJly(jRiCJ~x?M)5$dq9~;&|Hz7o1kB9~tx& z+KvAZVVLK-6*5gjbvWtcMs0F9^vD3)E`uQFarY=gy4CIE#PDJ=y{A}o73 zx#XIul8?ebqF(bYN^YB;(OLIw)`b=4CDk9M>4ry>yCDUOT+x_ z@c{3CyS$lHM9w^RAMD4+LLQ|_6t7nHR@dv>%U|AIf4sV!yxq&7x(V9D=jQ5WFPkWc z_Hntryt#fqxxBirGkGILRDCG`Gm0#{!`WtOUOpju;g@U1Ew`CvTjTb@+2dom&h{8P z7gnps$MWT7o!zy&2&7swGV$84$rsxq%YcO>G*0q9+$NSR5v2wO(ImW1rVjJ%**NNDDK_AQYDrY$|cHP z`a${J2~g^yYgQKEWe}wO8=?4<*ydBvZu=igbi!;aGTqthHJms~IAg3g7Nun1*(*I;}L-+oba;aE54p(NO z+zE!im}S!LKsf8wW|j6H9v^}7fF1*X)UG+U@wqGu3Gfcp0*Dg zgVm~?Pe|trZTnyk?1t(b5^<)NZ6BsM6S9Da#BA7?M#m*VfEZ$Ee$EJG7+NWOa!W>H z`Zp<(c+ad_09%uK$Q-I<`UeI^M>{!-_Zy1U+G(ep+VoW7wyB-EGqG3qwkU?m4(zAd zH~lE|W%~bVJHj^oKlJMQKmF3_|5MN*`hQyk9c&T4PsQJV7R8@1%=K}h_>~X8gH4Kr zQN9PM&Y=ze%EQ%4Br-tLBT96ZYRac15PU}GiRq|{E=!bC)7(g2XO-#itUjONb$-n> zt;^XgOYW`{V^tbPpQCQ(m(OG)*I0xKgG5sOkTs*&z&TOv57n^F(mtKN%IR?Z|A&}< zVIZ(g|BnZ?{NKPE567MUKLtJ2|DO^aEY`mM-^KK)I{pxM@=s$4&W~gX$^hw<1ovV# zdq*RxeK>CoeIDeYfBAI1Dguzz$mszQm~9Cpra;m~Nb6VrhESGB+!@|nhmBf!SAuwU z^$8D+;jLG7OEj;G8A&!qncqiy{^9(DTv6ttn-jYjJ&`%~1UQ1KHHzRz7T zv*tUee(ls3YBQE}Ng2-9=TjOFvzWrSldH{w$=lcK0-5kj^$&%44lUg__;7ZYmR|CQ zvnj`HO5?)oH-8Aix8VY$CuZF-X^oi#W43Q739nkI`V_n}{^vWR^4VRUhEeqjO3 zlnGcJiJe3e{>s_Ioe=sBWoY#IdMY+jcn+MI?A+N;?y?`14%h#=SK#D3y(id$w(~zD zZ&=g+=Yvsq{_iC8RR6#9{A5`ox_|17R|lykss_-{D>*YEOwr=b(% z_KunIDv}T+j3}>UxpwBbcAdo7P(a)I=ckDa?#6#^?~kAY+VFoqINv`1+u{Etv;mvC zrEiD!29P#y^^{wq;<%ENef6O@h@^>}qpqD!ilxvZ5X^_)t|pZnb#X{(^MGOFLBMZ4 zrQa2`;{WOH{uZ_2zweFe@t?uK>+pXHI*M=KLGHVy-S{sySkG_&M;G<`f1}YwxBov0 zZJht#a}Z&@1z6v7%`doKRr3?OmBl(+VdYCJ^V`co?{G=+Q!Y&IFf9A|hY3gn1dJlr zX2kqDq0v=)^JSH~9T$)@*TWoDUiN#H%dpv_3SKm+I50Dl-zxJ!SvJSYFFh2c*Z)rF zk}%xfi&UlqK+zDdXR~ZC1Gj>wd^C+vB>FuDf``h7{sgf>@XO7bZ!LO9N1%Q9KUOTDb^kx|YW{!U8+PYEPeM=J z|5xwt(CmuUR*;<|h7QTD^i=+_!=&z-|F9#wS=SIQsNZYa9X`nKD0RVsjyme7ql4*x Q0RRC1|3VR?0RT(@0Q04hsQ>@~ literal 0 HcmV?d00001 diff --git a/assets/rancher-windows-exporter/rancher-windows-exporter-100.0.0.tgz b/assets/rancher-windows-exporter/rancher-windows-exporter-100.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b0b7e70e419dec3481a39df07a96e82e6a4f87c4 GIT binary patch literal 5943 zcmV-77s%)ziwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDHSK~O+==|)zqHbU>&<8sSukOh%doByiOz-xCOW2v+1AQ`z zT}d?9l1GvQS(@)}|BfDZ>^uqd(%avMf8gPi>LFE?N+qcx2nz=&{2R(5ej|OnO}S7g z>c;~jR4^h*{M}QZMx)U<*xNI|8;!=~@5bx>gYTMq8f2%@*x&iC(L8AGAAARmCsTgF zlSxIyca100niTFEc?e@%5k)zZEe{|hip0DhghZ(r1Ip_I8b!!jP*Wnq+Ds5GTj2Dk z^tsb44G^MGv_~;&fqOd}j*$dqNiyjz{P{NQB zI1@ZUHNZ^56zzmirU+#yWXtmb6GGz_5HX}I3g`$~pNRjLixhG#sFjAe4|lvJ(y39Z z!P7LRp&3zcm`m4eX!#o6^!U%U{~?JplwZUFEV2Kcz2@Ge{qHsQU+n)mo;5hZ9?4<_ zcEF*>#atB&yfwHOPzh85fqx#of9LnONQhDxL663$0ZuTCi9i?R=wV*YLIoc_pFb5*bjM0E)*bT-*ScpP-;X^%yIVMh7TH z+eQs?jNC}3X($evM7X@;sYayvJk@3*@7+MZ)k+FySsX(fL!l?*p0QN~HwZw&kY`M3 zL=kkY!Z{ba_09m}6om{_`nXVF@%-Ox z?lpI-^Z!m`f3Nv6|3AmG2Inp!_wMd|ZKsqW)U12!IJ4~tH`Ug_zrQztvaVZ z+|bE~wuaU2S-Zlmz5b9F1J z&6K06L2z!nHTa-eoz#tGG|YN)tk=25RFE2&LS2hiAMJ#Q(+atWXiT~oOH1+kjr2*H zw&3or2#4o&MW97<8e|$w$z5p1I3gQ&la4uuG(ypW@#H^gM#pCIT+F|nV1sgqQE>|r zlOYNny=wcY{izu=_xwf;f@6}BE{&<8CJ2FVPm;tBfV9Y08F$xjrNC*XH_b_w;BqUN!(16MXDIIp0_LfFUK`OzoZQ_ zSs5-?umWIpy&963MnvIw&HI2^de&08Xtkc2|Me%(I)u#?P<+-4%2<2LTD=CftE<{p znVC(!G}s&v+0J?zTmzKJZH=LOgvPL$JN^||NHVER&rt>&^$p+xHml;0LWUE^ua?(lc=YEbo3IJbwbV<8oV7nK$$>UTLCs_*MBHs zmpRtqS%+k5fK0jM<`mrppevJ&P_HkSQJf96GBFcDF;pG5obALsyylsjqBj?CWs*IN z^sIoq_<0m67NFP^Pf|AWd1`VihK|mZv1VMkPBuQ(f)4J17JfWx@-f9!pGM zh;)ciC!#VWqB??$0iR5Ap?niiPbM}wam)vLGO3JRGk(LC5p!Uxkc*h?*i>srua`UB zks41ji=k%B(Vs!_ze=|XdF0f8j%IyFS$|AGXiJB6E@+=J5^uvg!y6M>Q5MEo^niFG zfX^lv*6eM$2;8pi-WAn$B-$8nq8UixtrbPgs5=v?vZ#8 zEL*t<4r8fn^z&Gz-&o`TIpg}7I5e;T<;*RBnfNCT3OoR5B|km~r`!KOvT2YHE9!`T zih~(4mp)Gn7l&T7biO$&;2`pIGgVS^cS-|mM3WX|a0KIHH*kO7nhT~#f6TMyI!TB& zmdjdtBL}r@sQEqpGi=rK*~xJ1BU54&q_SE2RJ7J|72=Ks9w?O-FH1dhW=;$}OD?}8 zqCJGOTusbQL|HwWjT!m(@djv#METIi+=RU8#!~xPgxvg|;~nxiOYpr`$r;^zLz(nb znojBzK%!e{PuYU2tKdq*T)Anvqg!>V4W<-z952nlSkjC|ivCThxX74O?K#^mMD!~o zZV!3QU?B&bF`AE7#5ZLud1oIVU0l37?VO#T{_yr6owK8hpGw0u-ge4&pY55&RrYSC zH(tJ|Is7{eVFeSILeiy-h><_wQu!%SgSpDDA?m2Y`qXjhFJ(`ZQFT0bItd3DUi(I7 zcN+VfGPP;;Cnl9=80*IljAd;LglYLUhGh$O(0 z^?$R`*qK=W?=<&czpVeC<8cuJVdKEQdO2ZcYG6s5B2DnX^x^o1RSF;{W${r_cX4n!7Ll|2dv7v;SjMgk);K1^t&v-UZih%#qyj z&QP35h2oq~c<^r|!|R-|4KZX^zP2 z)(;#-&5rLsL4p24Swva?o75v7<2m*;$N7LPklq8Bww_gGby{My*J5i|^5;+Pycu^T z?(e6DxERO@>fhiX&Ph8?UO3dCGcF;{O|nh3ACsNfU7qS(YtQvzvx|xpaWjwF&X~{4 z=ig#q=b>{d=#a+P$EXE85=(6d11{AER5x5)S6{w8JFdPsdwVi|Au@I(|1QyO(`nb< zf{kb%Cg(}pJ!J8jpl9S|K@2X{er|XzrpAy z_sXqe($Y=)dD*fDKo!}qDs0%Aox6R>^n9u30r9`vZGHR_U|IgB*_b^4(b(VJdx`&_ z~N!l-;|KHi$eLa=`KX|GC@GQ>^7hkP=^ss56+U5)A|EtxS zzUBP?mp>m^P-;)3ws{#B%da?t{>HoRCP-0Lz)XqJ#rT$pn;gpk&^W0*|%h7lC+Df zZD2HcUJ0$T+mQ<@?uu0;2}!M zg`C+nb}2cN+ay0xCd%XM*eQwH%3D`>EEcw%jyCnqxW+># zEK9n@sf7x!lu1Qci2qBYo4NCUFu*vWeZ~bomB!NhKfC*r^&fX%>c2kEvj%5GDHOKa zoE>kyGGWloXdF@22Uq=17S$hRmYTH@$N|PN^kd$&6AoqlZDaF_4$&lXO797ayft9h zw?%~Oc@4VaMJFy6&Gk~E+z?Q@bhsSA}XX8 z^r@AL8&CmSBpkLQN@_*%!)yIgsB)ra2Q@>JruL60Kdar^mx%OTKD$##) zLHpjT|MJ%0XCf%iB)mO2m0pkv{u_qM3uuI-Zovir%?pMyXrEMI&n2_6L{_!@&P)Q*0!Q96`qbb7X zuQN9ce%;dSo5H%eM&>kifN00tY+1>wzjn-VP2ouR4B|V z1e!C;&NQ55j5}pK{1(g#vJE8WtS@P#+l!1b-7O(cN7~8=Xr-WG783#Pptyd2`33!f z9v;E7eu*_FfmZSgs}7)Q;8X(X#yF`0kvX^=kH%70^=P(DX{-`8coKNt+ny^uYy5&K zY^+VyEG=Ta`YCI-hj#&V|G&W>CrW!sk0wtmXh zStPMQ5{+O$hB!Hl`N;jza^zYV$Sxw&zQUHBObx3&xYP)`oGYmWNlm$7w=Oi*cu5pl z@v!1EffrT2jR;Q2g^Ha2?#8@ZPl$%EJ6+C|pi}=D=B+1`{X&_{Yj_^QW!vP20{7-qtr0YXM$Pkj88ejNM^wIU<2w-V&g5ncv7Mh zTQ=cLpHR&>G#el>)hL&~Tvt{j(E-GeudZ#V|9Y>wbG|E*IjaBEdvo{wMq6=YE#@|B3tL zkD;+F|F^p{b^haE|7HL0S)R50wxG8jQ>l=h>FDwhYTv*9{-EZ0vx;b&W4dy_A4$;nNiZNxH)VdNGZheAF z8+3hIKg+K=Z+YgIc0v~@m2bj6`*Yn^Z@wE}r|-e0Z|Y0W1hs!(j8cT+w*FSRy?)jp zjFH%sjUO+>j6{WI3IBa*^ezNpvWLR|K?}3m&`l0cTZG#yH#(7O z$&ebMVkEs>o)f9c1GFAV^%Ic;6fV5fqUaYT_%W~);X>fH2rH^H#vWKO{Jn(4yqnaP z(qP#ED-GK^%ii8Ap!9PK%D6{)vhI{)Z3_KmVoB#IP(sVrRO`4xWq?cs+ z^D9*0)%2G>RE8aVO;xv;1w8e_tnR=+k!mrO*$rn(V)y)vRc(VbnPLFVeYQxlsKfY=o_=jd8#-U2>&}TPn@w0DJc~Ksliz2i)AaYuwN30UNNCipp13 z&9>dlUK%e}9GNX|-awb3zQC{+4C-+@&zKztv!HSTp`0BNu1|jz!r=Qd{b`%jKCi`LU$>QEq=#r2#v6_oFf{?R!<{r`VIZC{L$RVA2$dsyUqYEsB@S>!uL zDc zVQyr3R8em|NM&qo0PH<$bK5wQ^O?V*PxhAWtVPMs%xcfI=Z!OoYx8i~nVH*)QxQbA zB&>WHLtGKIhW3i+rS6in{Y` z%(RWCEE7L`g{Rx?c6Yb8-M`&#cmCh*)6LBvHnzLF-KX0-ySq<+=x*$6Z+3rx?$?<7 zwx=+b=^wgZJl8yN-^s(IRF+w;r0GQf3A0S7QJgSq1;$);64aItIi@`bva+z7WEq;A zCD;Ss=q1Wbjm2!?2xWS3&Sk33&BFH@1u}zef?Unrl+%di{1?=QE7^m|X2kNm`m-Bv z#2ZnHCeb{%uIV+CY=j2F)l6R61C|?ZNQ9i(F3L@T&6Lfq8u^(U#2h^CyJKD6UM@u&FCgV z?KG#pc`kV35Q-)xp&Q+9+>N_`E^_*JBf1~|7wi9oi2}{nG61*e|L(@-_PqY@?mp`O zgFH)cfJ0UY3!djNRJtyMB;Rek$d$IJ<7f%qjky7CfWbfaU%zS(mCl&8n8J_?qz(s| z2&NGxOmj96Xuv8MAmq##Oo27{9o0EX? zF^;&gdfJ0l%e~cS7&P*T+3}IaA;0KBE9sq{wxVch3EoNsr6E%qo9gY!p0@@bZ>Mya z)+_+&KlOEL4+BPIDOok0puof`?W~AZ0?RpattLFhG+J7UXdX|pGZtR=Q%_g~z%w=q zG%vxsw+C-mD?72)1C6<02_b98z@+aDcFZjNt1y;mBST~yHGXL@SB6_fs};E0sa{$( z>cPYtO!}KFb1U$kR@N_74}N!VQydhd9t@c<=o$n!7G(wZV+A+Y>SEe#|LEG>+w(EE z_=+3r$#mTlG>&(sYy)V+r%&a=1YSb?i?>f+NXk895&PlyYOz|K7PM&eFsS|UAhVwp1Jn{Nn$rQ7?$5Rpk8d@*K>Hw5%Mq6s z{^uV)pUSPHZz!0QDAL-5Zmo}$whe9j%hSK?x<7+Dl z8*G^P5=>z*jp3~wqdw;b*MZv-SGOPb-@_-B(=dYl{DK>6F5yEzf;zY!y#L@fuGh@` zRv@v1w%#X7is=)`kVy-Sw&F2M&Il|MLY>p(+Q9i(0qw&{p*2b?rr;+ezgNl1cTGfL zEcJKWN2+K#sVtZxCtKh*#2^a>RxuvMV8_ZJ8SrEbV>UrIz}a)R7o;Q!CF^s?USjlJ z4DT9EANJjWptXf;Mmz1WIhzW_(y(EZFCvX)LZF61rbxT4qGfO36SkHW<2KruHsGZt zIC237Xk@7aef)g?;Pvx3OJRUR@)4|_x+p;bN{fO3I&2Y}HFbWDo!f>QjhIWjF zX?xGF?4Bt}4i@$C969!a4zFh~e%V-aDD2OiNH456P>9BwFxe$Wfcv=AWGkxF!DIz7qd$cDox}kMaLQ zJWHjSilR@S+GH%aL}>Xy`(v;jA9V<|ThP9|bRGHd8cVV;M6ZVBnoB!`)}Ku0I#YBr z0F>#K-=igXff6+nL`3IF^h_hO2&}Sw!$OED{8ljGQkk@82T$Nv+T{zGxc(M)x7^lj zV1NlL41!Tv!_?9!7;+S;H_L)&oQ$^ILleIWH970HGdLUJh z?tKB*#%;rc^v)e2AFzElrg2%WBuY!JPu-hH0@Z2CgPWkys6vyE;C4y8$X!Zej3AU8 zp()3tes*JNlQMpqvWI))hL6yiY5+@V0b~kzVKsxTrw$30kSnLXcAh zyIbw8oxRQ7IC|0vOe`gi4A9TP{=_t?m$haZw88ZoN4s3~Ok7Jrh>txB;x}cVN(!q{ zZzrfVPw}dpT|1*-0~E$jclM)cvpjdVJo(-ptbUOru~tWBm3+3`4ZQoWbljpz;NB*=F!0qT=v7fpXSCarn+?Gmf?4hT&5^3Y}42h z;C_;*LfSWX7X2_hq=4LovGV-Y>krxU>QL5S25ADmHbF<= zKU=ZfO!4fpNDHns!R2M|v*BAdsz6#cnymz_MV2u#EALzRxf!?Cq17JJ&!pG6vdev_ zhE0?xGJH+T-#Eth%NRDab^uVl2gqoIKenDt5Z-gi?XzoH)67VH36HK@+s|L1x+8Jd zHFEUiJjcbWb9x$|(%aK3*L&uHT)VnsWo+k4QsV3I3IOHgDp4<=zk2=g`1vn~Cx>s} ze0=ls>%Tugu0eEn-5j@;tEAg8PPhxTe}~@+WwE~YCD>>C@7}$7{_*Je`A>)c{qbo3 z-OGhQ=dwJ@UwYmz}^~l~m6|%h0272jQtR@Yy z8iyoIuZBi`tBfs_uoWYFtxhSMSV}My8RkWaFc|Q~Q?Aj!7 zxd?u%DV5*aq5jUE+u}bxV9A%>1HUEy+uFTy|NH6Y)5rVY5AxK*JI8BQ*s;?5-_8k+ z&wh0I<5?QV-!wT^0zV__i$5<~i|-k&#q-gcE(E%3)-2~Qv?_AbgZC@B5+Y}<2p@H4@}S5&G##X!Ny2;p4fx;*T+&}1!msG2WLk=p8ZvCf2dugF0yhY=88EEti|+!j$M7F5eFu=PB}v z)R}Ay(6W-cBbA;6Ejn`Vzas+6R7tM+gbN(iFE5ho`3CK|(r3-a!=q=-hNHuSS%WU* zzWLc;$P|%9>cPq}weHL5ic2NE;0yC7BiD1O)T`3HA-B)}olcTy*o^jcO zZsq!A?4k#|J3CuD5x~%RRs2feG_v%q6w_m+tV>n9FnG2UjewyID+UvdcBTBY^zEs^ z-Dk$M^p4$_w)3aU>Yl}+!`v;0>wWEb6uAHk9!vTfAJVa#z#_V z{0ej2cK)}swR5HZ@A3TaVV)&8V%DOTt}MZ`9L~omVNh`4iez(^oUsv_s`@XK1{g47 z6aq#<4SedG%h5V$6wLAoI!&mxGnqz9AaUd`g{}JAHkkTb@c*$E0~rk$`{f=b$Wepf z65}X7IQe*Dl}1-7m}N@BFV9XO<=RB?h}(|)>Cunk!M}CK{VW^CqYnKj|1=ZXnE@KG zl zb2RP>=$Oe=pn)^Q{BHI0W!bE|N4u&tZRu-e?L(t}9%$U6ss=8>Ol1}l}S`P_7`p4b=fd$|8%|#sZWN)C)m6-a;3a@E~f6(%-5-`?*%#eTICCbeEGw=KMGe`r1OYEFDQu_~D=~DJd>ztLFaj}$q0%@(9lLU`m+HJm zDY=?|BZgG4iIV0a1tcox=u2j*d|AMF)sW$I=`%LFhq2}>v9B)1sUOyNlv0L~Hq#>mpNjmlzfPNoM(D? zGA~(fqKc76>KwJ-T}qx(r=fC}nVBrJoFz*KTrxfNcc#My?0(&{^~;mGxhn3)R~*Rk zG;tL9dZ%-D1>3WFH4%J`#42aTgrC~6w6nRRaO0z?)E{T3mF=I0I zoDZQcbl{Cj5sv*S8#(cUbRl>}tTxUsCEBB~SyqbKePz858bE{6KA zaAKLZ?Q+hxy9V8yQR$jQ^#1M?gihuR^g#ND1)bX07sV|Ml9il^c?@WMF)>zGQw=tE~ zfkWDH(&}3;^$o`_k3-B65J>#6I<_`9y-sJu?YJ1kiOQ;j%ktlWP=ij!sDCH8$DMG$ zwo@Sz=VoIqj-r?9oJ{*Vq?n^i*_EQ&=vwiyT4N`F&KDGe?5m@8wr zFH{XuVlYu;$7jn*{iGseU}1_jhDtJS?CbU~jZS39X80;t<2Tzx$%G5+kqujd*Gv{n zz|YS11+x{(IjL)wd6UKRTq{y7Vv;kIv@};u@;VF(O9TeQJfy;S3oF#fbCTA0+O#^( z0FSED;hJv8usILa@Z)pL9 zN}SG+f+xLeH(pOKVUReZ7;Xi);4MXI`EVMX9^X#k6EHn0oN;e_gyn`^ za<$)Xmu^6!v__LFnHmVA0!hvXs9W7$)bICa$VIC!(6*oP?2t?hIYYm4xwZMRGVnif zK}=Y2hJFuPb!1vAYcUx;dPiWR$hlLAA_u`D#hK)}ms0K^&d-1ByUgt<&1v9wII$`( z`}nDr>NWSSqW7-l&uc;6Ly`C&Tdlva_WldDpBN6EPXxJO(rJ%r)V!}l?hDxNQ0jiA z&b@zKp}Y4qbJRnnv#NZ*KPE>f0PBCyd~WhU%c z6{9hkRq|PU)jZ0&B*i}4qfu}lojD`K5OPeVSO`vsJQ4aORgPN|)O;8|TUPCS z9*w#=@~}85IWGe}O`5{M^J56^PC6uGOwLS^nFcVzv5I_%?>7F{vGw=xEYAP1Ja3bG zmf_dP0o``~|8!?Q|GV4W-gwOaJjC;u|9Q;+Jm!BM^FNRIpU3>qAC~_C=7MdHtzT~k zBz*iJg;gHo?1M?0@lO2o&ujm`vqp#RLTwds8N|77lnu)*hfDtv*5F=`)wxd|keM{~ zIBbzayx9MnFSz(JALF+3|IO~!y#Kee^H~4)AkXr1t(D$SNP3Pm4pCDa4STS1VpYBp zMN4o}cTmEI)PT*rkrh+sV*Euf|E-My!oE0XQxlz!xxm$pHTYB-cn7d;U~9MAg~uD) z-}1Rx|7-O`Uogil`oG=Xp8x*;)6K1&NBw_@=T`k67Sg>0UwG24N>QRu{v*$feE8Ms zD&Tw9fEM-YYbI0Xf~q}OcB#H~aDLHGT4hH(N0*%5gJr7=T>Aj;{RgN%ER(b20Io&u zA3lWDcW7+eIa2=Tvj0xcr&$Hw5LVmnOF|2~`rqG8bA&2vTC0x-_pR+jAoG5tA@9?L zIYTb6(d`&BHNp0w#SGfVm=xL|w11-Lq&a16apBP4t@<6_7PkGSaQ~5je=eiySBYv%#gO#Lrx)M43P)>SR>kmtun!~Q? z99>4swR@;#=hc-@-P?nc6=)9|-^iMwb*0d-!fL^63kMM84crbmG43Q6ys64_02^b7 z#nK-o-8vB3uaFI+Xx^$V=zhR;)KDL26Zcw4?=(aP)n}<&&^|EsDwfwxLog^fyOM-y zEt>Hv4K&%cFisb(%|gHgB5e5~`_sA&cIXzE_O`IF2jwa(NEPi}#oZ-~_F6>_ZSQ@! zzxylY$>ZJ}56ZmMN-K(f)!btHr7G9@ZDAuXjwLp2ckvWj@e|N_0!W6q2MI-Rd+@Vl z6UK%6q;rZUfjzLaDlTTFXh|r;<)~GPac#QRNs&;D=)Wi#)Fbu({{&ue3*G3_-3NEr zykf>azu@*6&D)j;-9;deogKl{185AY0dBO1Np1z!^@qtRPuDc zVQyr3R8em|NM&qo0PI;^Z|XQ2?sa~J#cDOutP&Cmr#q4MfDZ0>g;RGN=dyNHuiF>4^X0N;Um*KiiBCbSG?o|kH*@VS z?mGcyjBBh3XUa7Y^0CI0Pc0v7O~E3(>VwoIBoMerV&>04?(H@sK>*A}6)j_^?CrvE z1WI5ZT$H^uGv(XcnJX7j!s4%cTP0Ay3e03m7ai1L0}Jv9QW4HvGi2t`QoyM;JZ!{Wb|Njw~Qa-^nas8Plv?0VX)dQFkrRBm!m5O0x zO%IulwALz;j3N=9Lh=J434$x4c`|Cp_3ZI7$q0?7Ye#H6#S`!~Jz>(kXJHD*s@YcU z?4Vwc!}hNs5;O^K)$t6d0I4i3-sB37+JB?AZT~g<%DFt-|3~2Yx%wlTlgLF1Gztj? zy%6xXDA^W&1}^%sx?CE@^RtNp2nhpJ$y8<>WS(Lyb5~J8=5m>KBq6dMv*?kz7i+I? zS@#!`Fdd@GpH;Q;x{*K?tp8Lt5&#Qc{Qm5n{@=tY_V3eJX^@grm=G2aHho=IaLoSe zyY*k~(rJ7-+y6(PSRu&?_AMOi8JFZgX-#N7{Z%FP*4#0k2n$@)%2Z*%DO_i&U__vC zfHh9ybylyG6fB7j4IoVVVnJ>tk3|WufzS)uHA}9QCJrLP3>8oQ3BFE?STi3r1UV-@ zG<~1POsDC>v4U#VXK$VQ+287qz)AMcSxBZ47H=#Dj@W?t5i~zwk-Z*JKWDzyT!;hTwCy&HIyWA7{R9wtl_8xfypm zcb!ow-!=B1co=p`MD!NTPsdq0cg%+Cz8g(=Jlyc>!O7c<*Etdu1^77G2t4wQCV4~&HJ=jg-=|Q3TgU(~8 z>)m?o(oN_~GA9(K5ER#+o|hh7_h{5zsnEE2Gx7%Gn@+DY{JE5HH0tI`)C@Jq8^Va1 zy-J_@-DWTOzTHmmcHHTWyuo9$dziCNF&l7737dA9206#HNar-7ExP~9fcl-`l=vTj zpnMSld*gM`k@$ak<$T$V|MhzP9REK8#rThfP@7c0z5eR2$pXs4zY^f5CyhYC*IZ^N zd=b|Etcxc=RrUg*eA?nI)aKB!lzXML`P2ou6VNS|H}jxBAqGAuh2;Wij_{n500j~g zmQKA|X966Cgb}^ikTM=X^Tk_)goF^JgrFTu!lpxi20@&<(kbKX*WOp~E)h*vPO!Nc`Ha#TRNd_8JVM|OwF@qO_5#j+MmVV?KV@y2(}ZGMY_mY@eI-h(yh&|Uw7nCGS(IL4 zV!}Xf5u8#8XUGoY-#hkLx57_)h@@V^enaE#NJNd!H zHcqa33M{(}*&K(fkzVu8Gxn&~OKB5?1Zc2V*1WBc^~_y6KP&TkfB&J(+x_s5H;6p! zH(P(8-0L_}=s)K)j^HlQezkv>LHnjsbk{{BBeMCcp#AD@kJV@$iIS0<)=Z8)7WI;T z##J_cYhrO&7QGPQqBfCfkX*c=*p?9@p%-l;UG)5xGwxIJzufEK%ohKR v^1oW`$~otMAA!B+KRXAf@09+1_EOI{=v1.16.0-r0' + maintainers: + - email: maintainers@longhorn.io + name: Longhorn maintainers + name: longhorn + sources: + - https://github.com/longhorn/longhorn + - https://github.com/longhorn/longhorn-engine + - https://github.com/longhorn/longhorn-instance-manager + - https://github.com/longhorn/longhorn-share-manager + - https://github.com/longhorn/backing-image-manager + - https://github.com/longhorn/longhorn-manager + - https://github.com/longhorn/longhorn-ui + - https://github.com/longhorn/longhorn-tests + - https://github.com/longhorn/backing-image-manager + urls: + - assets/longhorn/longhorn-100.0.0+up1.1.2.tgz + version: 100.0.0+up1.1.2 - annotations: catalog.cattle.io/auto-install: longhorn-crd=match catalog.cattle.io/certified: rancher @@ -319,7 +417,7 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.1.1 - created: "2021-07-19T16:27:00.083962-07:00" + created: "2021-08-25T15:50:58.482637471-07:00" description: Longhorn is a distributed block storage system for Kubernetes. digest: bf329bb6f2429e47489851d7355e474c72b590a0123b90fb3ea6eaed5d6d449b home: https://github.com/longhorn/longhorn @@ -360,7 +458,7 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.1.0 - created: "2021-07-19T16:27:00.082312-07:00" + created: "2021-08-25T15:50:58.47911867-07:00" description: Longhorn is a distributed block storage system for Kubernetes. digest: 98b46706eb8c7b6261c1aa03f5081429867076f8f8f28ff0e4fb2f7389d66ef3 home: https://github.com/longhorn/longhorn @@ -401,7 +499,7 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.1.0 - created: "2021-07-19T16:27:00.08091-07:00" + created: "2021-08-25T15:50:58.47575538-07:00" description: Longhorn is a distributed block storage system for Kubernetes. digest: aba8166911b39cfe44529c1ff3fd910e437ade64e72f39edc20957442605f619 home: https://github.com/longhorn/longhorn @@ -442,7 +540,7 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.0.2 - created: "2021-07-19T16:27:00.07923-07:00" + created: "2021-08-25T15:50:58.47434851-07:00" description: Longhorn is a distributed block storage system for Kubernetes. digest: b18eda4e4b1170b7e9f488782fb6409da084b5beaa9945a3a3babe39f031e320 home: https://github.com/longhorn/longhorn @@ -481,7 +579,7 @@ entries: catalog.cattle.io/ui-component: longhorn apiVersion: v1 appVersion: v1.0.2 - created: "2021-07-19T16:27:00.078056-07:00" + created: "2021-08-25T15:50:58.473125348-07:00" description: Longhorn is a distributed block storage system for Kubernetes. digest: 66189346fc24f5407f7a11a41faf9913144801a72472151702e28f808d557073 home: https://github.com/longhorn/longhorn @@ -517,7 +615,21 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-07-19T16:27:00.086918-07:00" + created: "2021-08-25T15:50:58.488175028-07:00" + description: Installs the CRDs for longhorn. + digest: b11d2d8ed60e7a4767c0411324e84f9825290f346bb9532df92ea16a78a12722 + name: longhorn-crd + type: application + urls: + - assets/longhorn/longhorn-crd-100.0.0+up1.1.2.tgz + version: 100.0.0+up1.1.2 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd + apiVersion: v1 + created: "2021-08-25T15:50:58.487884147-07:00" description: Installs the CRDs for longhorn. digest: eec1b37ef0f12930cac4b8dc812e0c08af32ec5af8afb37114f3932e333bb5b6 name: longhorn-crd @@ -531,7 +643,7 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-07-19T16:27:00.086468-07:00" + created: "2021-08-25T15:50:58.487602715-07:00" description: Installs the CRDs for longhorn. digest: 305196027ef02e1f01519b99302321fbb48dd5faca8084751758c5954f83f488 name: longhorn-crd @@ -545,7 +657,7 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-07-19T16:27:00.08519-07:00" + created: "2021-08-25T15:50:58.487321099-07:00" description: Installs the CRDs for longhorn. digest: 5d5f3a3493810aa0dfd263757819e00a8a483c5410c5ff4ff61f5d5fee3561b9 name: longhorn-crd @@ -559,7 +671,7 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-07-19T16:27:00.084767-07:00" + created: "2021-08-25T15:50:58.486932268-07:00" description: Installs the CRDs for longhorn. digest: 4da0eeeef78a45c8b0111bb66cfca1734088bcd9bb15b8bfd6712b0ab6320ca1 name: longhorn-crd @@ -573,7 +685,7 @@ entries: catalog.cattle.io/namespace: longhorn-system catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - created: "2021-07-19T16:27:00.084358-07:00" + created: "2021-08-25T15:50:58.486549861-07:00" description: Installs the CRDs for longhorn. digest: c3fc8df8818d884c9df73999999834cebe41ce6567f60222792c2593ad853d31 name: longhorn-crd @@ -581,7 +693,74 @@ entries: urls: - assets/longhorn/longhorn-crd-1.0.200.tgz version: 1.0.200 + rancher-aks-operator: + - annotations: + catalog.cattle.io/auto-install: rancher-aks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.6.0-alpha' + catalog.cattle.io/release-name: rancher-aks-operator + catalog.cattle.io/scope: management + apiVersion: v2 + appVersion: 1.0.1 + created: "2021-08-25T15:50:58.488669726-07:00" + description: A Helm chart for provisioning AKS clusters + digest: f37ff6a67aed0e87ea879d86d4ce318580f693ce2d8d69060425ca99760bb177 + home: https://github.com/rancher/aks-operator + name: rancher-aks-operator + sources: + - https://github.com/rancher/aks-operator + urls: + - assets/rancher-aks-operator/rancher-aks-operator-100.0.0+up1.0.1.tgz + version: 100.0.0+up1.0.1 + rancher-aks-operator-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-aks-operator-crd + apiVersion: v2 + appVersion: 1.0.1 + created: "2021-08-25T15:50:58.488932725-07:00" + description: AKS Operator CustomResourceDefinitions + digest: f3286e4909fb5fa22e88dda79712831aa9d2c5df780d31df0e5c7ef3553984ee + name: rancher-aks-operator-crd + urls: + - assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.0+up1.0.1.tgz + version: 100.0.0+up1.0.1 rancher-alerting-drivers: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Alerting Drivers + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-alerting-drivers + catalog.cattle.io/type: cluster-tool + apiVersion: v2 + appVersion: 1.16.0 + created: "2021-08-25T15:50:58.492533886-07:00" + dependencies: + - condition: prom2teams.enabled + name: prom2teams + repository: file://./charts/prom2teams + - condition: sachet.enabled + name: sachet + repository: file://./charts/sachet + description: The manager for third-party webhook receivers used in Prometheus + Alertmanager + digest: 8ad4c89e3d8280dc9cf6ea2a9e8bd7fafce33f1e38d2e9280426dfe9c1d9dc52 + icon: https://charts.rancher.io/assets/logos/alerting-drivers.svg + keywords: + - monitoring + - alertmanger + - webhook + name: rancher-alerting-drivers + urls: + - assets/rancher-alerting-drivers/rancher-alerting-drivers-100.0.0.tgz + version: 100.0.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Alerting Drivers @@ -589,7 +768,7 @@ entries: catalog.cattle.io/release-name: rancher-alerting-drivers apiVersion: v2 appVersion: 1.16.0 - created: "2021-07-19T16:27:00.088699-07:00" + created: "2021-08-25T15:50:58.490679782-07:00" dependencies: - condition: prom2teams.enabled name: prom2teams @@ -609,6 +788,31 @@ entries: - assets/rancher-alerting-drivers/rancher-alerting-drivers-1.0.100.tgz version: 1.0.100 rancher-backup: + - annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Backups + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: rancher-backup + apiVersion: v2 + appVersion: 2.0.0 + created: "2021-08-28T11:30:18.414092-07:00" + description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster + digest: 0995c2bc4ba1949a10281c3668fc9d12fb155556bff228b7ef92097514fca523 + icon: https://charts.rancher.io/assets/logos/backup-restore.svg + keywords: + - applications + - infrastructure + name: rancher-backup + urls: + - assets/rancher-backup/rancher-backup-2.0.0.tgz + version: 2.0.0 - annotations: catalog.cattle.io/auto-install: rancher-backup-crd=match catalog.cattle.io/certified: rancher @@ -621,7 +825,7 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v2 appVersion: 1.0.4 - created: "2021-07-19T16:27:00.093022-07:00" + created: "2021-08-25T15:50:58.496656132-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster digest: 905ccec63797a472c268fb4e1bd0b5c2e33d518f4066147275e65e8a2f093c49 @@ -645,7 +849,7 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.3 - created: "2021-07-19T16:27:00.091906-07:00" + created: "2021-08-25T15:50:58.49579894-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster digest: 21e586d307c78cc6a1321adaa89bef78719f0beca7f181c719cbca27691e6f5a @@ -669,7 +873,7 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.3 - created: "2021-07-19T16:27:00.091043-07:00" + created: "2021-08-25T15:50:58.49500635-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster digest: 733d4515a014e6c6d99f73db30d3143f7cef04a870b19a3b2f5eef5b09dbfc55 @@ -693,7 +897,7 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.2 - created: "2021-07-19T16:27:00.090321-07:00" + created: "2021-08-25T15:50:58.494188047-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster digest: bd39f041d51be323dd59dbbb0bae5c21b7ebbdca5f777972080254eb996595b4 @@ -716,7 +920,7 @@ entries: catalog.cattle.io/ui-component: rancher-backup apiVersion: v1 appVersion: v1.0.2 - created: "2021-07-19T16:27:00.089497-07:00" + created: "2021-08-25T15:50:58.493306567-07:00" description: Provides ability to back up and restore the Rancher application running on any Kubernetes cluster digest: a3a4fcd83c7332bfafe1ee03c17dbdb43765364e97dc19f297884334486196c7 @@ -729,6 +933,21 @@ entries: - assets/rancher-backup/rancher-backup-1.0.200.tgz version: 1.0.200 rancher-backup-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd + apiVersion: v2 + appVersion: 2.0.0 + created: "2021-08-28T11:30:33.332456-07:00" + description: Installs the CRDs for rancher-backup. + digest: 15a2769a275b4b22d160044f60b10c39e7922f59fb2ff627c67208a045133cbc + name: rancher-backup-crd + type: application + urls: + - assets/rancher-backup-crd/rancher-backup-crd-2.0.0.tgz + version: 2.0.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -736,7 +955,7 @@ entries: catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v2 appVersion: 1.0.4 - created: "2021-07-19T16:27:00.094834-07:00" + created: "2021-08-25T15:50:58.499650376-07:00" description: Installs the CRDs for rancher-backup. digest: 26f7baa1bf1934cf7cfae2720eac74ea1c338dc56aab35a221c688cea6a7ead0 name: rancher-backup-crd @@ -750,7 +969,7 @@ entries: catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-07-19T16:27:00.094448-07:00" + created: "2021-08-25T15:50:58.49924307-07:00" description: Installs the CRDs for rancher-backup. digest: 3dedeb53130cb1050147156b87c770ab40a023be25f4d3342678eb7d8a33362d name: rancher-backup-crd @@ -764,7 +983,7 @@ entries: catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-07-19T16:27:00.094103-07:00" + created: "2021-08-25T15:50:58.498839407-07:00" description: Installs the CRDs for rancher-backup. digest: da8413d2ecc169ba43aa5f6f3cb9da45c297140a1af2e702f11c4645f644c7e4 name: rancher-backup-crd @@ -778,7 +997,7 @@ entries: catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-07-19T16:27:00.093725-07:00" + created: "2021-08-25T15:50:58.498380356-07:00" description: Installs the CRDs for rancher-backup. digest: b42794ee6663cb35c6f40c1b43ce51f6b82d2f8efe06421c9b2a1cb7cea18503 name: rancher-backup-crd @@ -792,7 +1011,7 @@ entries: catalog.cattle.io/namespace: cattle-resources-system catalog.cattle.io/release-name: rancher-backup-crd apiVersion: v1 - created: "2021-07-19T16:27:00.093384-07:00" + created: "2021-08-25T15:50:58.497828072-07:00" description: Installs the CRDs for rancher-backup. digest: 4d2cfbd4b413d0a86cd3c94a10a3316c44a668c79730a2a4063933aa0eb6e332 name: rancher-backup-crd @@ -801,6 +1020,29 @@ entries: - assets/rancher-backup/rancher-backup-crd-1.0.200.tgz version: 1.0.200 rancher-cis-benchmark: + - annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: rancher-cis-benchmark + apiVersion: v1 + appVersion: v1.0.5 + created: "2021-08-25T15:50:58.504058504-07:00" + description: The cis-operator enables running CIS benchmark security scans on + a kubernetes cluster + digest: 646328c0c9fb3c3a5620a2be277dc8b1fd740e38c6e43bb952c00825111aefc0 + icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg + keywords: + - security + name: rancher-cis-benchmark + urls: + - assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.0.tgz + version: 2.0.0 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -812,7 +1054,7 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.4 - created: "2021-07-19T16:27:00.099319-07:00" + created: "2021-08-25T15:50:58.503338288-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster digest: ef7c8837f09bcf669bcb7aef5aec2dca84a27e2c93da5b44194fb0113a1c527d @@ -834,7 +1076,7 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.3 - created: "2021-07-19T16:27:00.097964-07:00" + created: "2021-08-25T15:50:58.502640108-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster digest: c548033c5ec3822f2c89f0a1a19e3f4ce063f59a4ee021523642886ec3bf13a2 @@ -856,7 +1098,7 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.3 - created: "2021-07-19T16:27:00.096973-07:00" + created: "2021-08-25T15:50:58.501989459-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster digest: 2cce59f4f78b975edd93b0d707c5282fa44a6fa1f19d702ed4be8c221170c8d1 @@ -878,7 +1120,7 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.2 - created: "2021-07-19T16:27:00.096082-07:00" + created: "2021-08-25T15:50:58.501279836-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster digest: b3a6ce49c5e6918a1658f682fdf25e241d9638fde4b8c046a70562c13228c8c0 @@ -899,7 +1141,7 @@ entries: catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 appVersion: v1.0.1 - created: "2021-07-19T16:27:00.095463-07:00" + created: "2021-08-25T15:50:58.50069264-07:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster digest: 407c19666ce5c083c50d8ef2cbc4fbc26b811106bbfc6b3d25a659a593c0aa3c @@ -917,7 +1159,21 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-07-19T16:27:00.101318-07:00" + created: "2021-08-25T15:50:58.505271318-07:00" + description: Installs the CRDs for rancher-cis-benchmark. + digest: 33df5c14654fae5364b074129cae71fdcdb5eaa47aabae3c195906f3d9a37aa5 + name: rancher-cis-benchmark-crd + type: application + urls: + - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.0.tgz + version: 2.0.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd + apiVersion: v1 + created: "2021-08-25T15:50:58.505068882-07:00" description: Installs the CRDs for rancher-cis-benchmark. digest: df1bf2270629356a5ad545053da7f18b1782a5441ed98c66d6030c41a3d421d0 name: rancher-cis-benchmark-crd @@ -931,7 +1187,7 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-07-19T16:27:00.100918-07:00" + created: "2021-08-25T15:50:58.504864115-07:00" description: Installs the CRDs for rancher-cis-benchmark. digest: cabb44716892582bee08bd13c48caa3863c9f53218f2ffa1f1bc123ae7234d5a name: rancher-cis-benchmark-crd @@ -945,7 +1201,7 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-07-19T16:27:00.100532-07:00" + created: "2021-08-25T15:50:58.504660454-07:00" description: Installs the CRDs for rancher-cis-benchmark. digest: 20d71a2ae15f77913229f809c4acf5924f988a0cfc09061306d65c45899618ce name: rancher-cis-benchmark-crd @@ -959,7 +1215,7 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-07-19T16:27:00.10013-07:00" + created: "2021-08-25T15:50:58.504462865-07:00" description: Installs the CRDs for rancher-cis-benchmark. digest: b12e7bc934602f88087b34540446a2cdc8af5cb30ede6d4d3a48dc29ded1daaa name: rancher-cis-benchmark-crd @@ -973,7 +1229,7 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2021-07-19T16:27:00.099734-07:00" + created: "2021-08-25T15:50:58.50426485-07:00" description: Installs the CRDs for rancher-cis-benchmark. digest: 2be8b1e2aa24e83d8b20439d0b0343851fbd32495306d38d5d20c62d95b0a8b5 name: rancher-cis-benchmark-crd @@ -981,7 +1237,74 @@ entries: urls: - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.100.tgz version: 1.0.100 + rancher-eks-operator: + - annotations: + catalog.cattle.io/auto-install: rancher-eks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.6.0-alpha' + catalog.cattle.io/release-name: rancher-eks-operator + catalog.cattle.io/scope: management + apiVersion: v2 + appVersion: 1.1.1 + created: "2021-08-25T15:50:58.505668041-07:00" + description: A Helm chart for provisioning EKS clusters + digest: 2a2bf847905a4ff67086e78c7e5009a4f1d113e354a23ccde453611f04712d68 + home: https://github.com/rancher/eks-operator + name: rancher-eks-operator + sources: + - https://github.com/rancher/eks-operator + urls: + - assets/rancher-eks-operator/rancher-eks-operator-100.0.0+up1.1.1.tgz + version: 100.0.0+up1.1.1 + rancher-eks-operator-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-eks-operator-crd + apiVersion: v2 + appVersion: 1.1.1 + created: "2021-08-25T15:50:58.505848859-07:00" + description: EKS Operator CustomResourceDefinitions + digest: c5de8e1b4058f0329e78e495ebac023a8130ed4e11e9028338368831cbb6b67a + name: rancher-eks-operator-crd + urls: + - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-100.0.0+up1.1.1.tgz + version: 100.0.0+up1.1.1 rancher-external-ip-webhook: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: External IP Webhook + catalog.cattle.io/namespace: cattle-externalip-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-external-ip-webhook + catalog.cattle.io/ui-component: rancher-external-ip-webhook + apiVersion: v1 + appVersion: v1.0.0 + created: "2021-08-27T15:53:23.852232-07:00" + description: | + Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 + digest: 7183b83b6dee2a781cd862b95b6b0b1898bc2616cb68d2ff65e13646965a1a97 + home: https://github.com/rancher/externalip-webhook + keywords: + - cve + - externalip + - webhook + - security + maintainers: + - email: raul@rancher.com + name: rawmind0 + name: rancher-external-ip-webhook + sources: + - https://github.com/rancher/externalip-webhook + urls: + - assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up1.0.0.tgz + version: 100.0.0+up1.0.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: External IP Webhook @@ -991,7 +1314,7 @@ entries: catalog.cattle.io/ui-component: rancher-external-ip-webhook apiVersion: v1 appVersion: v0.1.6 - created: "2021-07-19T16:27:00.104488-07:00" + created: "2021-08-25T15:50:58.508107689-07:00" description: | Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 digest: 14ed8a7f5417a863a325a65d1f9ca1e6a686e36964a1b9bde249abe05d530fad @@ -1019,7 +1342,7 @@ entries: catalog.cattle.io/ui-component: rancher-external-ip-webhook apiVersion: v1 appVersion: v0.1.6 - created: "2021-07-19T16:27:00.103551-07:00" + created: "2021-08-25T15:50:58.507476506-07:00" description: | Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 digest: 245d80daa0b7c6316217b2ec9df111060fe6762728a5d9adfb163d7afd02fc9b @@ -1047,7 +1370,7 @@ entries: catalog.cattle.io/ui-component: rancher-external-ip-webhook apiVersion: v1 appVersion: v0.1.4 - created: "2021-07-19T16:27:00.102573-07:00" + created: "2021-08-25T15:50:58.506715089-07:00" description: | Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 digest: 7fa93b5a3f3e9bd5ebcf0e8cc670441a5fd63dd611ee0843e08a6521fa315838 @@ -1067,6 +1390,33 @@ entries: - assets/rancher-external-ip-webhook/rancher-external-ip-webhook-0.1.400.tgz version: 0.1.400 rancher-gatekeeper: + - annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: gatekeeper + apiVersion: v2 + appVersion: v3.5.1 + created: "2021-08-25T15:50:58.509566312-07:00" + description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments + digest: 51bfa57851f61cdf73d0712b2957a0c75891b79814bdb0a5304ca478971983fc + home: https://github.com/open-policy-agent/gatekeeper + icon: https://charts.rancher.io/assets/logos/gatekeeper.svg + keywords: + - open policy agent + - security + name: rancher-gatekeeper + sources: + - https://github.com/open-policy-agent/gatekeeper.git + urls: + - assets/rancher-gatekeeper/rancher-gatekeeper-100.0.0+up3.5.1.tgz + version: 100.0.0+up3.5.1 - annotations: catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match catalog.cattle.io/certified: rancher @@ -1078,7 +1428,7 @@ entries: catalog.cattle.io/ui-component: gatekeeper apiVersion: v1 appVersion: v3.3.0 - created: "2021-07-19T16:27:00.109386-07:00" + created: "2021-08-25T15:50:58.516323781-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments digest: 5f4530d14b1ede9d9b0c82d3c2dcda473ee45eb87cc5e5140e5a07c381814670 @@ -1104,7 +1454,7 @@ entries: catalog.cattle.io/ui-component: gatekeeper apiVersion: v1 appVersion: v3.3.0 - created: "2021-07-19T16:27:00.108429-07:00" + created: "2021-08-25T15:50:58.514390661-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments digest: cdd2cb75ded06543e55124c5086a12c06e323c0398319e8c8984c73e19dd58bc @@ -1131,7 +1481,7 @@ entries: catalog.cattle.io/ui-component: gatekeeper apiVersion: v1 appVersion: v3.2.1 - created: "2021-07-19T16:27:00.107397-07:00" + created: "2021-08-25T15:50:58.512017953-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments digest: 3d0e961fc109e051f08edacf9e541e5ad1c0c65f046cae72459df0ca4aa22312 @@ -1157,7 +1507,7 @@ entries: catalog.cattle.io/release-name: rancher-gatekeeper apiVersion: v1 appVersion: v3.1.1 - created: "2021-07-19T16:27:00.106481-07:00" + created: "2021-08-25T15:50:58.510640452-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments digest: 36aebc7718e4afd4d9bb65775276d2288eb0de27192d0d290553a7c7087d7f3f @@ -1182,7 +1532,7 @@ entries: catalog.cattle.io/release-name: rancher-gatekeeper apiVersion: v1 appVersion: v3.1.1 - created: "2021-07-19T16:27:00.105352-07:00" + created: "2021-08-25T15:50:58.510086044-07:00" description: Modifies Open Policy Agent's upstream gatekeeper chart that provides policy-based control for cloud native environments digest: 15a4540b7e32c62157c37cfdb9230ce4b11c5837a2f3734378fcd7ec9c824559 @@ -1204,7 +1554,21 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-07-19T16:27:00.112131-07:00" + created: "2021-08-25T15:50:58.517435386-07:00" + description: Installs the CRDs for rancher-gatekeeper. + digest: ec199aafd94d27c19e78c858ff990fe057a31a0240c062b99334e97fbdf7fb46 + name: rancher-gatekeeper-crd + type: application + urls: + - assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.0+up3.5.1.tgz + version: 100.0.0+up3.5.1 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd + apiVersion: v1 + created: "2021-08-25T15:50:58.521328824-07:00" description: Installs the CRDs for rancher-gatekeeper. digest: d82c0a0eae6ef19cd815fa0f78730403fac042c886c4564af1a0935d9be54d08 name: rancher-gatekeeper-crd @@ -1218,7 +1582,7 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-07-19T16:27:00.111656-07:00" + created: "2021-08-25T15:50:58.52019837-07:00" description: Installs the CRDs for rancher-gatekeeper. digest: 48a03a80fadacabc507fec107dbed749d94fafbef0d26e4eb37e92c974a7c56b name: rancher-gatekeeper-crd @@ -1233,7 +1597,7 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-07-19T16:27:00.111205-07:00" + created: "2021-08-25T15:50:58.519397322-07:00" description: Installs the CRDs for rancher-gatekeeper. digest: 34f449b69d1b50ff1743ae3b1e81553aec3f0a70c8ac7572c60071a8271b53e2 name: rancher-gatekeeper-crd @@ -1248,7 +1612,7 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-07-19T16:27:00.1107-07:00" + created: "2021-08-25T15:50:58.518568876-07:00" description: Installs the CRDs for rancher-gatekeeper. digest: e3da4139207bfa07850db780574a028b5e32c66c1ee57b706fb13fdec5311514 name: rancher-gatekeeper-crd @@ -1263,7 +1627,7 @@ entries: catalog.cattle.io/namespace: cattle-gatekeeper-system catalog.cattle.io/release-name: rancher-gatekeeper-crd apiVersion: v1 - created: "2021-07-19T16:27:00.110306-07:00" + created: "2021-08-25T15:50:58.518045391-07:00" description: Installs the CRDs for rancher-gatekeeper. digest: 89d80de1bea71d134b19e6092ae123c08173c172a5201d54b4baa6afedea3855 name: rancher-gatekeeper-crd @@ -1271,7 +1635,78 @@ entries: urls: - assets/rancher-gatekeeper/rancher-gatekeeper-crd-3.1.100.tgz version: 3.1.100 + rancher-gke-operator: + - annotations: + catalog.cattle.io/auto-install: rancher-gke-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: gkeclusterconfigs.gke.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.6.0-alpha' + catalog.cattle.io/release-name: rancher-gke-operator + catalog.cattle.io/scope: management + apiVersion: v2 + appVersion: 1.1.1 + created: "2021-08-25T15:50:58.522104682-07:00" + description: A Helm chart for provisioning GKE clusters + digest: 647914b2fe504d4a06d7de71ff432125d25cd8708ac9d856399097aaaaccffe4 + home: https://github.com/rancher/gke-operator + name: rancher-gke-operator + sources: + - https://github.com/rancher/gke-operator + urls: + - assets/rancher-gke-operator/rancher-gke-operator-100.0.0+up1.1.1.tgz + version: 100.0.0+up1.1.1 + rancher-gke-operator-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-gke-operator-crd + apiVersion: v2 + appVersion: 1.1.1 + created: "2021-08-25T15:50:58.522537772-07:00" + description: GKE Operator CustomResourceDefinitions + digest: c85b294e0858d0d4907c43183f6c2c139e3c63a960017452ab3bad3b2d35bec8 + name: rancher-gke-operator-crd + urls: + - assets/rancher-gke-operator-crd/rancher-gke-operator-crd-100.0.0+up1.1.1.tgz + version: 100.0.0+up1.1.1 rancher-grafana: + - annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-grafana + apiVersion: v2 + appVersion: 7.5.8 + created: "2021-08-25T15:50:58.527954631-07:00" + description: The leading tool for querying and visualizing time series and metrics. + digest: c7e3f13f88da598678e6634a1987271a6fea214d26c266286d40476b2fda7ce8 + home: https://grafana.net + icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png + kubeVersion: ^1.8.0-0 + maintainers: + - email: zanhsieh@gmail.com + name: zanhsieh + - email: rluckie@cisco.com + name: rtluckie + - email: maor.friedman@redhat.com + name: maorfr + - email: miroslav.hadzhiev@gmail.com + name: Xtigyro + - email: mail@torstenwalter.de + name: torstenwalter + name: rancher-grafana + sources: + - https://github.com/grafana/grafana + type: application + urls: + - assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz + version: 100.0.0+up6.11.0 - annotations: catalog.cattle.io/hidden: "true" catalog.cattle.io/os: linux @@ -1280,7 +1715,7 @@ entries: catalog.rancher.io/release-name: rancher-grafana apiVersion: v2 appVersion: 7.4.5 - created: "2021-07-19T16:27:00.114243-07:00" + created: "2021-08-25T15:50:58.531472926-07:00" description: The leading tool for querying and visualizing time series and metrics. digest: 938a0dc18011b95a3db0c94cb37a8db868a22fb41436242724d81391404426d2 home: https://grafana.net @@ -1305,6 +1740,39 @@ entries: - assets/rancher-grafana/rancher-grafana-6.6.401.tgz version: 6.6.401 rancher-istio: + - annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: istio + apiVersion: v1 + appVersion: 1.10.4 + created: "2021-08-25T15:50:58.558069263-07:00" + dependencies: + - condition: kiali.enabled + name: kiali + repository: file://./charts/kiali + - condition: tracing.enabled + name: tracing + repository: file://./charts/tracing + description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. + digest: 1b212435d1222256c8f1b2b269019a2a851feda00f2d6cec06231aa1cbb7f1f1 + icon: https://charts.rancher.io/assets/logos/istio.svg + keywords: + - networking + - infrastructure + name: rancher-istio + urls: + - assets/rancher-istio/rancher-istio-100.0.0+up1.10.4.tgz + version: 100.0.0+up1.10.4 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=1.32.100 catalog.cattle.io/certified: rancher @@ -1318,7 +1786,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.9.6 - created: "2021-07-19T16:27:00.136987-07:00" + created: "2021-08-25T15:50:58.58015237-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -1350,7 +1818,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.9.5 - created: "2021-07-19T16:27:00.134733-07:00" + created: "2021-08-25T15:50:58.576120803-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -1382,7 +1850,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.9.3 - created: "2021-07-19T16:27:00.130769-07:00" + created: "2021-08-25T15:50:58.57074488-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -1414,7 +1882,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.6 - created: "2021-07-19T16:27:00.128563-07:00" + created: "2021-08-25T15:50:58.563121642-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -1446,7 +1914,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.5 - created: "2021-07-19T16:27:00.126365-07:00" + created: "2021-08-25T15:50:58.560590007-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -1478,7 +1946,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.8.3 - created: "2021-07-19T16:27:00.124037-07:00" + created: "2021-08-25T15:50:58.553218645-07:00" dependencies: - condition: kiali.enabled name: kiali @@ -1508,7 +1976,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.7.3 - created: "2021-07-19T16:27:00.121782-07:00" + created: "2021-08-25T15:50:58.547208836-07:00" dependencies: - alias: kiali condition: kiali.enabled @@ -1542,7 +2010,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.7.3 - created: "2021-07-19T16:27:00.118805-07:00" + created: "2021-08-25T15:50:58.538097375-07:00" dependencies: - alias: kiali condition: kiali.enabled @@ -1571,7 +2039,7 @@ entries: catalog.cattle.io/ui-component: istio apiVersion: v1 appVersion: 1.7.1 - created: "2021-07-19T16:27:00.116974-07:00" + created: "2021-08-25T15:50:58.53416207-07:00" dependencies: - alias: kiali condition: kiali.enabled @@ -1590,6 +2058,41 @@ entries: - assets/rancher-istio/rancher-istio-1.7.100.tgz version: 1.7.100 rancher-kiali-server: + - annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server + apiVersion: v2 + appVersion: v1.35.0 + created: "2021-08-25T15:50:58.589223551-07:00" + description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. + digest: ab0eff74a8e634c685d34603626e40897e2be103c1b14434d658c6c710e87ba5 + home: https://github.com/kiali/kiali + icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png + keywords: + - istio + - kiali + - networking + - infrastructure + maintainers: + - email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io + name: rancher-kiali-server + sources: + - https://github.com/kiali/kiali + - https://github.com/kiali/kiali-ui + - https://github.com/kiali/kiali-operator + - https://github.com/kiali/helm-charts + urls: + - assets/rancher-kiali-server/rancher-kiali-server-100.0.0+up1.35.0.tgz + version: 100.0.0+up1.35.0 - annotations: catalog.cattle.io/auto-install: rancher-kiali-server-crd=match catalog.cattle.io/hidden: "true" @@ -1600,7 +2103,7 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.32.0 - created: "2021-07-19T16:27:00.142952-07:00" + created: "2021-08-25T15:50:58.58805758-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. @@ -1635,7 +2138,7 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.29.0 - created: "2021-07-19T16:27:00.141736-07:00" + created: "2021-08-25T15:50:58.586681711-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. @@ -1670,7 +2173,7 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.24.0 - created: "2021-07-19T16:27:00.140475-07:00" + created: "2021-08-25T15:50:58.585007657-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. @@ -1705,7 +2208,7 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.24.0 - created: "2021-07-19T16:27:00.139355-07:00" + created: "2021-08-25T15:50:58.583416495-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. @@ -1740,7 +2243,7 @@ entries: catalog.rancher.io/release-name: rancher-kiali-server apiVersion: v2 appVersion: v1.23.0 - created: "2021-07-19T16:27:00.138171-07:00" + created: "2021-08-25T15:50:58.581821221-07:00" description: Kiali is an open source project for service mesh observability, refer to https://www.kiali.io for details. This is installed as sub-chart with customized values in Rancher's Istio. @@ -1769,7 +2272,18 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-07-19T16:27:00.145353-07:00" + created: "2021-08-25T15:50:58.590044511-07:00" + description: Installs the CRDs for rancher-kiali-server. + digest: 04339f84a5ddac166de594dc621534a95360b967cf225933ce686f9c8cb7fb15 + name: rancher-kiali-server-crd + type: application + urls: + - assets/rancher-kiali-server/rancher-kiali-server-crd-100.0.0+up1.35.0.tgz + version: 100.0.0+up1.35.0 + - annotations: + catalog.cattle.io/hidden: "true" + apiVersion: v2 + created: "2021-08-25T15:50:58.589914223-07:00" description: Installs the CRDs for rancher-kiali-server. digest: 20b301ef9430f4d4d3dd75474e96f3ba75bd5adf0f88371970d7c77530f74874 name: rancher-kiali-server-crd @@ -1780,7 +2294,7 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-07-19T16:27:00.145062-07:00" + created: "2021-08-25T15:50:58.589786125-07:00" description: Installs the CRDs for rancher-kiali-server. digest: 4ddd8248707294cb91fdd1c2fd9994417bf265b7f649312e82a4f1a86b60e9b6 name: rancher-kiali-server-crd @@ -1791,7 +2305,7 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-07-19T16:27:00.144727-07:00" + created: "2021-08-25T15:50:58.589661995-07:00" description: Installs the CRDs for rancher-kiali-server. digest: c8635521da746674695c7833a5509ee92c615adabd47e511e1dd7c2617a4bf7b name: rancher-kiali-server-crd @@ -1802,7 +2316,7 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-07-19T16:27:00.144387-07:00" + created: "2021-08-25T15:50:58.589529589-07:00" description: Installs the CRDs for rancher-kiali-server. digest: bd55c5af7c26744e91922c6a9463c10e52ba65ddf0cf148107461f2983a71223 name: rancher-kiali-server-crd @@ -1813,7 +2327,7 @@ entries: - annotations: catalog.cattle.io/hidden: "true" apiVersion: v2 - created: "2021-07-19T16:27:00.144007-07:00" + created: "2021-08-25T15:50:58.589390683-07:00" description: Installs the CRDs for rancher-kiali-server. digest: 5d5ebb3498ac0b64cf1a73d743b0f3f45fd40c0a9ee3b26d94ae60176e523574 name: rancher-kiali-server-crd @@ -1822,6 +2336,35 @@ entries: - assets/rancher-kiali-server/rancher-kiali-server-crd-1.23.001.tgz version: 1.23.001 rancher-kube-state-metrics: + - annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-kube-state-metrics + apiVersion: v2 + appVersion: 2.0.0 + created: "2021-08-25T15:50:58.592534083-07:00" + description: Install kube-state-metrics to generate and expose cluster-level metrics + digest: c7a76ad182ca687673327e5ebef5558c9243f876f3241ade6161cd9aa739c0cc + home: https://github.com/kubernetes/kube-state-metrics/ + keywords: + - metric + - monitoring + - prometheus + - kubernetes + maintainers: + - email: tariq.ibrahim@mulesoft.com + name: tariq1890 + - email: manuel@rueg.eu + name: mrueg + name: rancher-kube-state-metrics + sources: + - https://github.com/kubernetes/kube-state-metrics/ + type: application + urls: + - assets/rancher-kube-state-metrics/rancher-kube-state-metrics-100.0.0+up3.2.0.tgz + version: 100.0.0+up3.2.0 - annotations: catalog.cattle.io/hidden: "true" catalog.cattle.io/os: linux @@ -1830,7 +2373,7 @@ entries: catalog.rancher.io/release-name: rancher-kube-state-metrics apiVersion: v1 appVersion: 1.9.8 - created: "2021-07-19T16:27:00.146602-07:00" + created: "2021-08-25T15:50:58.594362547-07:00" description: Install kube-state-metrics to generate and expose cluster-level metrics digest: bf852a0682030a0386010427fceb71204d1aedf48c7c4af85dd5e9198fbbcfb0 home: https://github.com/kubernetes/kube-state-metrics/ @@ -1851,6 +2394,30 @@ entries: - assets/rancher-kube-state-metrics/rancher-kube-state-metrics-2.13.101.tgz version: 2.13.101 rancher-logging: + - annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: logging + apiVersion: v1 + appVersion: 3.12.0 + created: "2021-08-25T15:50:58.596270546-07:00" + description: Collects and filter logs using highly configurable CRDs. Powered + by Banzai Cloud Logging Operator. + digest: 725703ad277825cf79620504a097bbd3cd529e4c33f4fdaa1834409f08b7b297 + icon: https://charts.rancher.io/assets/logos/logging.svg + keywords: + - logging + - monitoring + - security + name: rancher-logging + urls: + - assets/rancher-logging/rancher-logging-100.0.0+up3.12.0.tgz + version: 100.0.0+up3.12.0 - annotations: catalog.cattle.io/auto-install: rancher-logging-crd=match catalog.cattle.io/certified: rancher @@ -1861,7 +2428,7 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.9.4 - created: "2021-07-19T16:27:00.153064-07:00" + created: "2021-08-25T15:50:58.604366808-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. digest: 7022eaf17da08bec0ce2f3fc69e7d5ecd7b37fc61e328e80d9738b65196ce030 @@ -1885,7 +2452,7 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.9.0 - created: "2021-07-19T16:27:00.151763-07:00" + created: "2021-08-25T15:50:58.602542094-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. digest: b6b5e0c627f5594033b3558ff1f2d9c01b1f504a53cbc91b4e75d443ef81a784 @@ -1909,7 +2476,7 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.8.2 - created: "2021-07-19T16:27:00.150564-07:00" + created: "2021-08-25T15:50:58.600782944-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. digest: 7ec4dfb2441832d22651e9263f4bbdcda9e1f064b9e32c70d0fb7c4f6641331a @@ -1933,7 +2500,7 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.6.0 - created: "2021-07-19T16:27:00.149373-07:00" + created: "2021-08-25T15:50:58.599223662-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. digest: a89b3a4327484343c59a88949479c106e40b2587df194e18910cf83099291aa6 @@ -1956,7 +2523,7 @@ entries: catalog.cattle.io/ui-component: logging apiVersion: v1 appVersion: 3.6.0 - created: "2021-07-19T16:27:00.147773-07:00" + created: "2021-08-25T15:50:58.597606505-07:00" description: Collects and filter logs using highly configurable CRDs. Powered by Banzai Cloud Logging Operator. digest: 3f3cd871fe5c6708b3fcdcd7a9f6e87ee41eb8f5505bdaed3f01791ac2bf7faf @@ -1976,7 +2543,21 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-07-19T16:27:00.16297-07:00" + created: "2021-08-25T15:50:58.609939054-07:00" + description: Installs the CRDs for rancher-logging. + digest: 8543212393b921630119d9f0bbaedd046c713e81c18d125c0f9a0b54083b3281 + name: rancher-logging-crd + type: application + urls: + - assets/rancher-logging/rancher-logging-crd-100.0.0+up3.12.0.tgz + version: 100.0.0+up3.12.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd + apiVersion: v1 + created: "2021-08-25T15:50:58.619888687-07:00" description: Installs the CRDs for rancher-logging. digest: 64103cfbf9e0a3f4a590e194022aeeda582cc96a5c3450eac839c0c3d448b059 name: rancher-logging-crd @@ -1990,7 +2571,7 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-07-19T16:27:00.160359-07:00" + created: "2021-08-25T15:50:58.616512887-07:00" description: Installs the CRDs for rancher-logging. digest: 2ab6fc36daf86c405b536970d9ed4dcb68f84ac93df7ac3811dd123ba82448bd name: rancher-logging-crd @@ -2004,7 +2585,7 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-07-19T16:27:00.158843-07:00" + created: "2021-08-25T15:50:58.614196814-07:00" description: Installs the CRDs for rancher-logging. digest: 351b69ac821716e05b4648f6fe175bfc8b25fee5dc8b7088cc3b77a7d8596b76 name: rancher-logging-crd @@ -2018,7 +2599,7 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-07-19T16:27:00.156832-07:00" + created: "2021-08-25T15:50:58.612263154-07:00" description: Installs the CRDs for rancher-logging. digest: 582846a78f045a48088f355599a0abd62c98ce62698ef7fe59ed2180f2016441 name: rancher-logging-crd @@ -2032,7 +2613,7 @@ entries: catalog.cattle.io/namespace: cattle-logging-system catalog.cattle.io/release-name: rancher-logging-crd apiVersion: v1 - created: "2021-07-19T16:27:00.155178-07:00" + created: "2021-08-25T15:50:58.611096918-07:00" description: Installs the CRDs for rancher-logging. digest: 1c24d7465ba9a4ae3613ffad12cea6d6a60df66a9fbf4d0f2674c4efec2616f2 name: rancher-logging-crd @@ -2041,6 +2622,126 @@ entries: - assets/rancher-logging/rancher-logging-crd-3.6.000.tgz version: 3.6.000 rancher-monitoring: + - annotations: + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/prometheus-community/helm-charts + - name: Upstream Project + url: https://github.com/prometheus-operator/kube-prometheus + artifacthub.io/operator: "true" + catalog.cattle.io/auto-install: rancher-monitoring-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Monitoring + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 + catalog.cattle.io/release-name: rancher-monitoring + catalog.cattle.io/requests-cpu: 4500m + catalog.cattle.io/requests-memory: 4000Mi + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: monitoring + apiVersion: v2 + appVersion: 0.48.0 + created: "2021-08-25T15:50:58.670768381-07:00" + dependencies: + - condition: grafana.enabled + name: grafana + repository: file://./charts/grafana + - condition: hardenedKubelet.enabled + name: hardenedKubelet + repository: file://./charts/hardenedKubelet + - condition: hardenedNodeExporter.enabled + name: hardenedNodeExporter + repository: file://./charts/hardenedNodeExporter + - condition: k3sServer.enabled + name: k3sServer + repository: file://./charts/k3sServer + - condition: kubeStateMetrics.enabled + name: kube-state-metrics + repository: file://./charts/kube-state-metrics + - condition: kubeAdmControllerManager.enabled + name: kubeAdmControllerManager + repository: file://./charts/kubeAdmControllerManager + - condition: kubeAdmEtcd.enabled + name: kubeAdmEtcd + repository: file://./charts/kubeAdmEtcd + - condition: kubeAdmProxy.enabled + name: kubeAdmProxy + repository: file://./charts/kubeAdmProxy + - condition: kubeAdmScheduler.enabled + name: kubeAdmScheduler + repository: file://./charts/kubeAdmScheduler + - condition: prometheus-adapter.enabled + name: prometheus-adapter + repository: file://./charts/prometheus-adapter + - condition: nodeExporter.enabled + name: prometheus-node-exporter + repository: file://./charts/prometheus-node-exporter + - condition: rke2ControllerManager.enabled + name: rke2ControllerManager + repository: file://./charts/rke2ControllerManager + - condition: rke2Etcd.enabled + name: rke2Etcd + repository: file://./charts/rke2Etcd + - condition: rke2IngressNginx.enabled + name: rke2IngressNginx + repository: file://./charts/rke2IngressNginx + - condition: rke2Proxy.enabled + name: rke2Proxy + repository: file://./charts/rke2Proxy + - condition: rke2Scheduler.enabled + name: rke2Scheduler + repository: file://./charts/rke2Scheduler + - condition: rkeControllerManager.enabled + name: rkeControllerManager + repository: file://./charts/rkeControllerManager + - condition: rkeEtcd.enabled + name: rkeEtcd + repository: file://./charts/rkeEtcd + - condition: rkeIngressNginx.enabled + name: rkeIngressNginx + repository: file://./charts/rkeIngressNginx + - condition: rkeProxy.enabled + name: rkeProxy + repository: file://./charts/rkeProxy + - condition: rkeScheduler.enabled + name: rkeScheduler + repository: file://./charts/rkeScheduler + - condition: global.cattle.windows.enabled + name: windowsExporter + repository: file://./charts/windowsExporter + description: Collects several related Helm charts, Grafana dashboards, and Prometheus + rules combined with documentation and scripts to provide easy to operate end-to-end + Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. + digest: 2d5460e53b2b09f96cdadf9f8e854a3c794760bfe864cb8053be65ced23a66c5 + home: https://github.com/prometheus-operator/kube-prometheus + icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png + keywords: + - operator + - prometheus + - kube-prometheus + - monitoring + kubeVersion: '>=1.16.0-0' + maintainers: + - name: vsliouniaev + - name: bismarck + - email: gianrubio@gmail.com + name: gianrubio + - email: github.gkarthiks@gmail.com + name: gkarthiks + - email: scott@r6by.com + name: scottrigby + - email: miroslav.hadzhiev@gmail.com + name: Xtigyro + - email: arvind.iyengar@suse.com + name: Arvind + name: rancher-monitoring + sources: + - https://github.com/prometheus-community/helm-charts + - https://github.com/prometheus-operator/kube-prometheus + type: application + urls: + - assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz + version: 100.0.0+up16.6.0 - annotations: artifacthub.io/links: | - name: Chart Source @@ -2059,7 +2760,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v2 appVersion: 0.46.0 - created: "2021-07-19T16:27:00.184287-07:00" + created: "2021-08-25T15:50:58.715215559-07:00" dependencies: - condition: grafana.enabled name: grafana @@ -2167,7 +2868,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-07-19T16:27:00.257737-07:00" + created: "2021-08-25T15:50:58.832293041-07:00" dependencies: - condition: grafana.enabled name: grafana @@ -2268,7 +2969,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-07-19T16:27:00.236157-07:00" + created: "2021-08-25T15:50:58.796039312-07:00" dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics @@ -2397,7 +3098,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-07-19T16:27:00.217319-07:00" + created: "2021-08-25T15:50:58.765064124-07:00" dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics @@ -2525,7 +3226,7 @@ entries: catalog.cattle.io/ui-component: monitoring apiVersion: v1 appVersion: 0.38.1 - created: "2021-07-19T16:27:00.201646-07:00" + created: "2021-08-25T15:50:58.738044806-07:00" dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics @@ -2654,7 +3355,21 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-07-19T16:27:00.26308-07:00" + created: "2021-08-25T15:50:58.83884583-07:00" + description: Installs the CRDs for rancher-monitoring. + digest: 8df09722ba0baf7a39f809432918fd46643667d4fcf22f025697a1b77c7f5014 + name: rancher-monitoring-crd + type: application + urls: + - assets/rancher-monitoring/rancher-monitoring-crd-100.0.0+up16.6.0.tgz + version: 100.0.0+up16.6.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd + apiVersion: v1 + created: "2021-08-25T15:50:58.849143617-07:00" description: Installs the CRDs for rancher-monitoring. digest: 6f4fc35013ee3d368502857afb8c466f2e1762c656c9502a154f6354a360361b name: rancher-monitoring-crd @@ -2668,7 +3383,7 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-07-19T16:27:00.28159-07:00" + created: "2021-08-25T15:50:58.881122232-07:00" description: Installs the CRDs for rancher-monitoring. digest: 63a81f944774e646f6549c545f7c6b56635218bc135b9421eab224c6139dcbf7 name: rancher-monitoring-crd @@ -2682,7 +3397,7 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-07-19T16:27:00.277372-07:00" + created: "2021-08-25T15:50:58.875159925-07:00" description: Installs the CRDs for rancher-monitoring. digest: 60945c2274b7c169ad84240e7facc9aa8d3a0a4e649c3dcd6e6b21f336a257d8 name: rancher-monitoring-crd @@ -2696,7 +3411,7 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-07-19T16:27:00.272027-07:00" + created: "2021-08-25T15:50:58.866933331-07:00" description: Installs the CRDs for rancher-monitoring. digest: 09532cc000ee5a78dbda15c879ad1af9f9c2f8bc08db4067a6756df1a0206de3 name: rancher-monitoring-crd @@ -2710,7 +3425,7 @@ entries: catalog.cattle.io/namespace: cattle-monitoring-system catalog.cattle.io/release-name: rancher-monitoring-crd apiVersion: v1 - created: "2021-07-19T16:27:00.26798-07:00" + created: "2021-08-25T15:50:58.855926501-07:00" description: Installs the CRDs for rancher-monitoring. digest: 101721abb2876816b54234568272d0372c274ed3e4851a9c94077f61fefb8a49 name: rancher-monitoring-crd @@ -2727,7 +3442,34 @@ entries: catalog.rancher.io/release-name: rancher-node-exporter apiVersion: v1 appVersion: 1.1.2 - created: "2021-07-19T16:27:00.283143-07:00" + created: "2021-08-25T15:50:58.882959603-07:00" + description: A Helm chart for prometheus node-exporter + digest: 940f60a7e56c13351c9f6088bde9230a03e579d0791e41f911a724b002580fbb + home: https://github.com/prometheus/node_exporter/ + keywords: + - node-exporter + - prometheus + - exporter + maintainers: + - email: gianrubio@gmail.com + name: gianrubio + - name: vsliouniaev + - name: bismarck + name: rancher-node-exporter + sources: + - https://github.com/prometheus/node_exporter/ + urls: + - assets/rancher-node-exporter/rancher-node-exporter-100.0.0+up1.18.1.tgz + version: 100.0.0+up1.18.1 + - annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-node-exporter + apiVersion: v1 + appVersion: 1.1.2 + created: "2021-08-25T15:50:58.882058081-07:00" description: A Helm chart for prometheus node-exporter digest: 423bbfe53c9137e1f9937601a3e573ed22e2aae2c7a19162781518ffc041ff35 home: https://github.com/prometheus/node_exporter/ @@ -2747,6 +3489,20 @@ entries: - assets/rancher-node-exporter/rancher-node-exporter-1.16.201.tgz version: 1.16.201 rancher-prom2teams: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-prom2teams + apiVersion: v1 + appVersion: 3.2.2 + created: "2021-08-25T15:50:58.884109079-07:00" + description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams + digest: a278a9673dbe8dbb5ed21b3b6e2159f79c8fae1ba9e34e4e5e642e9a55a9bb95 + name: rancher-prom2teams + urls: + - assets/rancher-prom2teams/rancher-prom2teams-100.0.0+up0.2.0.tgz + version: 100.0.0+up0.2.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -2754,7 +3510,7 @@ entries: catalog.cattle.io/release-name: rancher-prom2teams apiVersion: v1 appVersion: 3.2.1 - created: "2021-07-19T16:27:00.290675-07:00" + created: "2021-08-25T15:50:58.883539643-07:00" description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams digest: 2c83714457d157bc77c0f74ab01c1db84b63c5a811a99225b626f297455e0e3b name: rancher-prom2teams @@ -2762,6 +3518,36 @@ entries: - assets/rancher-prom2teams/rancher-prom2teams-0.2.000.tgz version: 0.2.000 rancher-prometheus-adapter: + - annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-prometheus-adapter + apiVersion: v1 + appVersion: v0.8.4 + created: "2021-08-25T15:50:58.885121691-07:00" + description: A Helm chart for k8s prometheus adapter + digest: 45e2aad6b9edfa24e88f97038616a898b2b9693b2acb9087772d0377f009f9a4 + home: https://github.com/DirectXMan12/k8s-prometheus-adapter + keywords: + - hpa + - metrics + - prometheus + - adapter + maintainers: + - email: mattias.gees@jetstack.io + name: mattiasgees + - name: steven-sheehy + - email: hfernandez@mesosphere.com + name: hectorj2f + name: rancher-prometheus-adapter + sources: + - https://github.com/kubernetes/charts + - https://github.com/DirectXMan12/k8s-prometheus-adapter + urls: + - assets/rancher-prometheus-adapter/rancher-prometheus-adapter-100.0.0+up2.14.0.tgz + version: 100.0.0+up2.14.0 - annotations: catalog.cattle.io/hidden: "true" catalog.cattle.io/os: linux @@ -2770,7 +3556,7 @@ entries: catalog.rancher.io/release-name: rancher-prometheus-adapter apiVersion: v1 appVersion: v0.8.3 - created: "2021-07-19T16:27:00.29181-07:00" + created: "2021-08-25T15:50:58.886149815-07:00" description: A Helm chart for k8s prometheus adapter digest: f1da6d7eac3c183afdc127810f8463d6d7bb597dce2ad6046e30d66c8b9423e6 home: https://github.com/DirectXMan12/k8s-prometheus-adapter @@ -2801,7 +3587,24 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-07-19T16:27:00.296188-07:00" + created: "2021-08-25T15:50:58.89343557-07:00" + description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. + digest: d2396d0961ee525846f485efa79b6182139567141a67b378bd775c4f86f2e7e8 + name: rancher-pushprox + type: application + urls: + - assets/rancher-pushprox/rancher-pushprox-100.0.0.tgz + version: 100.0.0 + - annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox + apiVersion: v1 + appVersion: 0.1.0 + created: "2021-08-25T15:50:58.892181707-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. digest: f1f1e0d4d24a20b4b995a8ecc360ff0db310d4af92ec7fcdf87e4b9d5f977dd4 @@ -2817,7 +3620,7 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-07-19T16:27:00.295344-07:00" + created: "2021-08-25T15:50:58.891084793-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. digest: cb9552eb4ee8899ef1af5583c8080c27227dd3b10d919748f2caf79cb8197198 @@ -2833,7 +3636,7 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-07-19T16:27:00.294504-07:00" + created: "2021-08-25T15:50:58.890036048-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. digest: a4b3506a74ea6cc4e8c6610cb92451d3072f4f7bac7b503e2dea9423697eaf68 @@ -2850,7 +3653,7 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-07-19T16:27:00.293601-07:00" + created: "2021-08-25T15:50:58.888930648-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. digest: 4b53e4de2aede1f3d63c815ca36bd61f31d38c59769d9982b14aca3bbf575724 @@ -2867,7 +3670,7 @@ entries: catalog.rancher.io/release-name: rancher-pushprox apiVersion: v1 appVersion: 0.1.0 - created: "2021-07-19T16:27:00.292751-07:00" + created: "2021-08-25T15:50:58.887629174-07:00" description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx clients. digest: 73b11a51246c216a7587628fee346541d6b5e82246e11d586b4926254f7999fa @@ -2884,7 +3687,22 @@ entries: catalog.cattle.io/release-name: rancher-sachet apiVersion: v2 appVersion: 0.2.3 - created: "2021-07-19T16:27:00.296871-07:00" + created: "2021-08-25T15:50:58.895293407-07:00" + description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet + digest: face4a2ab50a6b7abcc88cf84fcf27efd9a257f19cc6869cf506c4c341a8c790 + name: rancher-sachet + type: application + urls: + - assets/rancher-sachet/rancher-sachet-100.0.0.tgz + version: 100.0.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-sachet + apiVersion: v2 + appVersion: 0.2.3 + created: "2021-08-25T15:50:58.894367879-07:00" description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet digest: 0c438e1f63546d35f8e48fbafdc5ef2bbe0fa8d59383f7a36b4f601c99677029 name: rancher-sachet @@ -2901,7 +3719,24 @@ entries: catalog.rancher.io/release-name: rancher-tracing apiVersion: v1 appVersion: 1.20.0 - created: "2021-07-19T16:27:00.298782-07:00" + created: "2021-08-25T15:50:58.900090662-07:00" + description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for + details. + digest: 0f89775e5e7ff27b041b588112465779db88629ac8180eb14e16e235b319f061 + name: rancher-tracing + urls: + - assets/rancher-tracing/rancher-tracing-100.0.0.tgz + version: 100.0.0 + - annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing + apiVersion: v1 + appVersion: 1.20.0 + created: "2021-08-25T15:50:58.899496917-07:00" description: A quick start Jaeger Tracing installation using the all-in-one demo. This is not production qualified. Refer to https://www.jaegertracing.io/ for details. @@ -2918,7 +3753,7 @@ entries: catalog.rancher.io/release-name: rancher-tracing apiVersion: v1 appVersion: 1.20.0 - created: "2021-07-19T16:27:00.298142-07:00" + created: "2021-08-25T15:50:58.898844416-07:00" description: A quick start Jaeger Tracing installation using the all-in-one demo. This is not production qualified. Refer to https://www.jaegertracing.io/ for details. @@ -2935,7 +3770,7 @@ entries: catalog.rancher.io/release-name: rancher-tracing apiVersion: v1 appVersion: 1.20.0 - created: "2021-07-19T16:27:00.297455-07:00" + created: "2021-08-25T15:50:58.898006002-07:00" description: A quick start Jaeger Tracing installation using the all-in-one demo. This is not production qualified. Refer to https://www.jaegertracing.io/ for details. @@ -2953,7 +3788,30 @@ entries: catalog.cattle.io/release-name: vsphere-cpi apiVersion: v1 appVersion: 1.0.0 - created: "2021-07-19T16:27:00.299312-07:00" + created: "2021-08-25T15:50:58.90112053-07:00" + description: vSphere Cloud Provider Interface (CPI) + digest: 6fb58545cb7aa2e7dbe3037468866bf578982535ccb10d089da0c4a86e82d3a8 + icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg + keywords: + - infrastructure + maintainers: + - email: caleb@rancher.com + name: Rancher + name: rancher-vsphere-cpi + sources: + - https://github.com/kubernetes/cloud-provider-vsphere + urls: + - assets/rancher-vsphere-cpi/rancher-vsphere-cpi-100.0.0.tgz + version: 100.0.0 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: vSphere CPI + catalog.cattle.io/namespace: kube-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: vsphere-cpi + apiVersion: v1 + appVersion: 1.0.0 + created: "2021-08-25T15:50:58.900603278-07:00" description: vSphere Cloud Provider Interface (CPI) digest: 932e0f16481f28b34d4dd991323da85da272f3d5d4cce28832a7442d4f2ca1f7 icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg @@ -2969,6 +3827,29 @@ entries: - assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000.tgz version: 1.0.000 rancher-vsphere-csi: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: vSphere CSI + catalog.cattle.io/namespace: kube-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: vsphere-csi + apiVersion: v1 + appVersion: 2.2.0 + created: "2021-08-25T15:50:58.902011206-07:00" + description: vSphere Cloud Storage Interface (CSI) + digest: 8db3385ae16017f9f354a4e746ec44519eeadec8a0452b8a4833b224a7aac404 + icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg + keywords: + - infrastructure + maintainers: + - email: caleb@rancher.com + name: Rancher + name: rancher-vsphere-csi + sources: + - https://github.com/kubernetes-sigs/vsphere-csi-driver + urls: + - assets/rancher-vsphere-csi/rancher-vsphere-csi-100.0.0.tgz + version: 100.0.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: vSphere CSI @@ -2977,7 +3858,7 @@ entries: catalog.cattle.io/release-name: vsphere-csi apiVersion: v1 appVersion: 2.1.0 - created: "2021-07-19T16:27:00.3002-07:00" + created: "2021-08-25T15:50:58.902817658-07:00" description: vSphere Cloud Storage Interface (CSI) digest: 20bfaa758a97b0b89c51fefdf70d048a7e06b576932435ac03fc045a295c0535 icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg @@ -2993,6 +3874,25 @@ entries: - assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz version: 2.1.000 rancher-webhook: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-webhook + apiVersion: v2 + appVersion: 0.2.0 + created: "2021-08-27T15:04:23.560594-07:00" + dependencies: + - condition: capi.enabled + name: capi + repository: "" + description: ValidatingAdmissionWebhook for Rancher types + digest: 504577e92566b3abd8a7740083873093f996c24551ad4dddcb34fd4c79cb7a74 + name: rancher-webhook + urls: + - assets/rancher-webhook/rancher-webhook-1.0.0+up0.2.0.tgz + version: 1.0.0+up0.2.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -3001,7 +3901,7 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.1 - created: "2021-07-19T16:27:00.305341-07:00" + created: "2021-08-25T15:50:58.904627443-07:00" description: ValidatingAdmissionWebhook for Rancher types digest: a0ee1c4f1338c8c24f3c5129bb41a67a43bffb13bf28c138266cf58dd28f2ce4 name: rancher-webhook @@ -3016,7 +3916,7 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0 - created: "2021-07-19T16:27:00.30463-07:00" + created: "2021-08-25T15:50:58.904332735-07:00" description: ValidatingAdmissionWebhook for Rancher types digest: 3c20cc0a6b0fdc9672d7fa84be46f74b208a00664397d1abcfd8acd9ae10ff0e name: rancher-webhook @@ -3031,7 +3931,7 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta9 - created: "2021-07-19T16:27:00.303896-07:00" + created: "2021-08-25T15:50:58.904023671-07:00" description: ValidatingAdmissionWebhook for Rancher types digest: 0d9ac76eff2b6e937e3e15970cd0192acff99a31aa1afa14941029088dc32f76 name: rancher-webhook @@ -3046,7 +3946,7 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta9 - created: "2021-07-19T16:27:00.303308-07:00" + created: "2021-08-25T15:50:58.903748411-07:00" description: ValidatingAdmissionWebhook for Rancher types digest: 8881f7cf8b50e3b48a967ce8af477c96f986d42d3c1f4bbb8c0bfc09202d23f4 name: rancher-webhook @@ -3061,7 +3961,7 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta7 - created: "2021-07-19T16:27:00.302793-07:00" + created: "2021-08-25T15:50:58.903468161-07:00" description: ValidatingAdmissionWebhook for Rancher types digest: e185c6765de0bb0694d6d12e16c2dcce7f4c785125e614cf6c0020e5982d5f0e name: rancher-webhook @@ -3076,7 +3976,7 @@ entries: catalog.cattle.io/release-name: rancher-webhook apiVersion: v2 appVersion: 0.1.0-beta5 - created: "2021-07-19T16:27:00.30076-07:00" + created: "2021-08-25T15:50:58.903128697-07:00" description: ValidatingAdmissionWebhook for Rancher types digest: 574407c23b5827bd1d4d4f20609a5dc9d4558d6d29ef179093288a4a730ab8c2 name: rancher-webhook @@ -3084,6 +3984,25 @@ entries: - assets/rancher-webhook/rancher-webhook-0.1.0-beta500.tgz version: 0.1.0-beta500 rancher-windows-exporter: + - annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: windows + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-windows-exporter + apiVersion: v1 + appVersion: 0.0.2 + created: "2021-08-25T15:50:58.907450417-07:00" + description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter + digest: e8343b74c657a9ac4ea3d363e51bfd8e2551dd746e5992209f7a91724f972c78 + maintainers: + - email: arvind.iyengar@rancher.com + name: aiyengar2 + name: rancher-windows-exporter + type: application + urls: + - assets/rancher-windows-exporter/rancher-windows-exporter-100.0.0.tgz + version: 100.0.0 - annotations: catalog.cattle.io/hidden: "true" catalog.cattle.io/os: windows @@ -3092,7 +4011,7 @@ entries: catalog.rancher.io/release-name: rancher-windows-exporter apiVersion: v1 appVersion: 0.0.4 - created: "2021-07-19T16:27:00.306341-07:00" + created: "2021-08-25T15:50:58.905788013-07:00" description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter digest: 329af930026bd58a3ffeeb202f362a2936031f14cc2a137593952d131db53afe maintainers: @@ -3111,7 +4030,26 @@ entries: catalog.cattle.io/release-name: rancher-wins-upgrader apiVersion: v2 appVersion: 0.1.1 - created: "2021-07-19T16:27:00.30732-07:00" + created: "2021-08-25T15:50:58.909065017-07:00" + description: Manages upgrading the wins server version and configuration across + all of your Windows nodes + digest: 5de123eda92b3a5823a8b3e6c304de112a02fc42e8531ccc1b64c0e9f4721e13 + maintainers: + - email: arvind.iyengar@suse.com + name: aiyengar2 + name: rancher-wins-upgrader + type: application + urls: + - assets/rancher-wins-upgrader/rancher-wins-upgrader-100.0.0+up0.0.1.tgz + version: 100.0.0+up0.0.1 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/namespace: cattle-wins-system + catalog.cattle.io/os: windows + catalog.cattle.io/release-name: rancher-wins-upgrader + apiVersion: v2 + appVersion: 0.1.1 + created: "2021-08-25T15:50:58.908441951-07:00" description: Manages upgrading the wins server version and configuration across all of your Windows nodes digest: 5f1a089d856a0f6a6ad17b0f6e2be19ddc42c1fbcc4f5f8576395e87368eba9d @@ -3134,7 +4072,7 @@ entries: catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 apiVersion: v1 appVersion: 0.8.0 - created: "2021-07-19T16:27:00.308585-07:00" + created: "2021-08-25T15:50:58.909802459-07:00" description: The application deployment engine for Kubernetes digest: 8baa5c330cc152b3d3d87f918ed3ff96b927efad412f4b97bd7db90445e28602 home: https://rio.io @@ -3154,7 +4092,7 @@ entries: catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 apiVersion: v1 appVersion: 0.8.0 - created: "2021-07-19T16:27:00.307928-07:00" + created: "2021-08-25T15:50:58.909456427-07:00" description: The application deployment engine for Kubernetes digest: d58ca3b147627fec6d5f4b99fae680f97edaed98967f1fc1914a537dede0d897 home: https://rio.io @@ -3163,4 +4101,69 @@ entries: urls: - assets/rio/rio-0.8.000.tgz version: 0.8.000 -generated: "2021-07-19T16:27:00.058826-07:00" + sriov: + - annotations: + catalog.cattle.io/auto-install: sriov-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/namespace: cattle-sriov-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: sriov + apiVersion: v2 + appVersion: 1.0.0 + created: "2021-08-26T18:32:38.059961868+02:00" + description: SR-IOV network operator configures and manages SR-IOV networks in + the kubernetes cluster + digest: fbb5f88710506b872767657b8b29aef0b84019d8d7e57b66eaea1563cae5a4a4 + home: https://github.com/k8snetworkplumbingwg/sriov-network-operator + icon: https://charts.rancher.io/assets/logos/sr-iov.svg + keywords: + - sriov + - Networking + kubeVersion: '>= 1.16.0-0' + maintainers: + - email: charts@rancher.com + name: Rancher Labs + name: sriov + sources: + - https://github.com/rancher/charts + type: application + urls: + - assets/rancher-sriov/sriov-100.0.0+up0.1.0.tgz + version: 100.0.0+up0.1.0 + sriov-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-sriov-system + catalog.cattle.io/release-name: sriov-crd + apiVersion: v2 + created: "2021-08-26T18:32:38.060417232+02:00" + description: Installs the CRDs for rke2-sriov. + digest: db8031e9088de70c02778bedae7149b0678439a931ef987b0b4f57ca52415589 + name: sriov-crd + type: application + urls: + - assets/rancher-sriov/sriov-crd-100.0.0+up0.1.0.tgz + version: 100.0.0+up0.1.0 + system-upgrade-controller: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: system-upgrade-controller + apiVersion: v1 + appVersion: v0.7.5 + created: "2021-08-25T15:50:58.91004463-07:00" + description: General purpose controller to make system level updates to nodes + digest: ecc9bf23666bd63dedd95b22c3a5c806ad084800f05a765fba133f8de4e4814f + home: https://github.com/rancher/system-charts/charts/system-upgrade-controller + name: system-upgrade-controller + sources: + - https://github.com/rancher/system-charts/charts/system-upgrade-controller + urls: + - assets/system-upgrade-controller/system-upgrade-controller-100.0.0+up0.3.0.tgz + version: 100.0.0+up0.3.0 +generated: "2021-08-25T15:50:58.447798684-07:00" From 2aa9afeb462bb1d2640d0af14268a08a1ba534fb Mon Sep 17 00:00:00 2001 From: Kinara Shah Date: Mon, 30 Aug 2021 09:48:23 -0700 Subject: [PATCH 2/2] add charts --- .../fleet-agent/100.0.0+up0.3.6/Chart.yaml | 12 + .../100.0.0+up0.3.6/templates/_helpers.tpl | 7 + .../100.0.0+up0.3.6/templates/configmap.yaml | 12 + .../100.0.0+up0.3.6/templates/deployment.yaml | 30 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 28 + .../100.0.0+up0.3.6/templates/rbac.yaml | 25 + .../100.0.0+up0.3.6/templates/secret.yaml | 10 + .../templates/serviceaccount.yaml | 4 + .../100.0.0+up0.3.6/templates/validate.yaml | 11 + .../fleet-agent/100.0.0+up0.3.6/values.yaml | 57 + .../fleet-crd/100.0.0+up0.3.6/Chart.yaml | 12 + .../100.0.0+up0.3.6/templates/crds.yaml | 5231 +++++ .../templates/gitjobs-crds.yaml | 6876 +++++++ charts/fleet/fleet/100.0.0+up0.3.6/Chart.yaml | 19 + .../100.0.0+up0.3.6/charts/gitjob/.helmignore | 23 + .../100.0.0+up0.3.6/charts/gitjob/Chart.yaml | 5 + .../charts/gitjob/templates/_helpers.tpl | 7 + .../charts/gitjob/templates/clusterrole.yaml | 38 + .../gitjob/templates/clusterrolebinding.yaml | 12 + .../charts/gitjob/templates/deployment.yaml | 42 + .../charts/gitjob/templates/service.yaml | 12 + .../gitjob/templates/serviceaccount.yaml | 4 + .../100.0.0+up0.3.6/charts/gitjob/values.yaml | 26 + .../100.0.0+up0.3.6/templates/_helpers.tpl | 7 + .../100.0.0+up0.3.6/templates/configmap.yaml | 23 + .../100.0.0+up0.3.6/templates/deployment.yaml | 44 + .../fleet/100.0.0+up0.3.6/templates/rbac.yaml | 106 + .../templates/serviceaccount.yaml | 10 + .../fleet/fleet/100.0.0+up0.3.6/values.yaml | 56 + .../longhorn-crd/100.0.0+up1.1.2/Chart.yaml | 10 + .../longhorn-crd/100.0.0+up1.1.2/README.md | 2 + .../100.0.0+up1.1.2/templates/crds.yaml | 524 + .../longhorn/100.0.0+up1.1.2/.helmignore | 21 + .../longhorn/100.0.0+up1.1.2/Chart.yaml | 39 + .../longhorn/100.0.0+up1.1.2/README.md | 33 + .../longhorn/100.0.0+up1.1.2/app-readme.md | 11 + .../longhorn/100.0.0+up1.1.2/questions.yml | 532 + .../100.0.0+up1.1.2/templates/NOTES.txt | 5 + .../100.0.0+up1.1.2/templates/_helpers.tpl | 66 + .../templates/clusterrole.yaml | 47 + .../templates/clusterrolebinding.yaml | 13 + .../templates/daemonset-sa.yaml | 125 + .../templates/default-setting.yaml | 41 + .../templates/deployment-driver.yaml | 104 + .../templates/deployment-ui.yaml | 72 + .../100.0.0+up1.1.2/templates/ingress.yaml | 34 + .../templates/postupgrade-job.yaml | 48 + .../100.0.0+up1.1.2/templates/psp.yaml | 66 + .../templates/registry-secret.yml | 11 + .../templates/serviceaccount.yaml | 6 + .../templates/storageclass.yaml | 26 + .../templates/tls-secrets.yaml | 16 + .../templates/uninstall-job.yaml | 49 + .../100.0.0+up1.1.2/templates/userroles.yaml | 38 + .../templates/validate-install-crd.yaml | 23 + .../longhorn/100.0.0+up1.1.2/values.yaml | 218 + .../100.0.0+up1.0.1/Chart.yaml | 11 + .../100.0.0+up1.0.1/templates/crds.yaml | 178 + .../100.0.0+up1.0.1/Chart.yaml | 18 + .../100.0.0+up1.0.1/templates/NOTES.txt | 4 + .../100.0.0+up1.0.1/templates/_helpers.tpl | 9 + .../templates/clusterrole.yaml | 15 + .../templates/clusterrolebinding.yaml | 13 + .../100.0.0+up1.0.1/templates/deployment.yaml | 50 + .../templates/serviceaccount.yaml | 5 + .../100.0.0+up1.0.1/values.yaml | 12 + .../100.0.0/Chart.yaml | 23 + .../100.0.0/README.md | 11 + .../100.0.0/app-readme.md | 11 + .../100.0.0/charts/prom2teams/.helmignore | 22 + .../100.0.0/charts/prom2teams/Chart.yaml | 10 + .../100.0.0/charts/prom2teams/files/teams.j2 | 44 + .../charts/prom2teams/templates/NOTES.txt | 2 + .../charts/prom2teams/templates/_helpers.tpl | 73 + .../prom2teams/templates/configmap.yaml | 39 + .../prom2teams/templates/deployment.yaml | 77 + .../charts/prom2teams/templates/psp.yaml | 29 + .../charts/prom2teams/templates/role.yaml | 15 + .../prom2teams/templates/rolebinding.yaml | 13 + .../prom2teams/templates/service-account.yaml | 6 + .../charts/prom2teams/templates/service.yaml | 17 + .../100.0.0/charts/prom2teams/values.yaml | 62 + .../100.0.0/charts/sachet/.helmignore | 23 + .../100.0.0/charts/sachet/Chart.yaml | 11 + .../100.0.0/charts/sachet/files/template.tmpl | 1 + .../100.0.0/charts/sachet/templates/NOTES.txt | 3 + .../charts/sachet/templates/_helpers.tpl | 79 + .../templates/configmap-pre-install.yaml | 34 + .../charts/sachet/templates/deployment.yaml | 75 + .../100.0.0/charts/sachet/templates/psp.yaml | 29 + .../100.0.0/charts/sachet/templates/role.yaml | 15 + .../charts/sachet/templates/rolebinding.yaml | 13 + .../sachet/templates/service-account.yaml | 6 + .../charts/sachet/templates/service.yaml | 17 + .../100.0.0/charts/sachet/values.yaml | 63 + .../100.0.0/questions.yml | 14 + .../100.0.0/templates/NOTES.txt | 2 + .../100.0.0/templates/_helpers.tpl | 117 + .../100.0.0/templates/cluster-role.yaml | 50 + .../100.0.0/templates/hardened.yaml | 116 + .../100.0.0/values.yaml | 20 + .../rancher-backup-crd/2.0.0/Chart.yaml | 11 + .../rancher-backup-crd/2.0.0/README.md | 3 + .../2.0.0/templates/backup.yaml | 119 + .../2.0.0/templates/resourceset.yaml | 99 + .../2.0.0/templates/restore.yaml | 102 + .../rancher-backup/2.0.0/Chart.yaml | 21 + .../rancher-backup/2.0.0/README.md | 70 + .../rancher-backup/2.0.0/app-readme.md | 15 + .../default-resourceset-contents/aks.yaml | 25 + .../default-resourceset-contents/eks.yaml | 17 + .../default-resourceset-contents/fleet.yaml | 49 + .../default-resourceset-contents/gke.yaml | 17 + .../provisioningv2.yaml | 18 + .../rancher-operator.yaml | 27 + .../default-resourceset-contents/rancher.yaml | 49 + .../2.0.0/templates/_helpers.tpl | 83 + .../2.0.0/templates/clusterrolebinding.yaml | 14 + .../2.0.0/templates/deployment.yaml | 62 + .../2.0.0/templates/hardened.yaml | 114 + .../rancher-backup/2.0.0/templates/psp.yaml | 29 + .../rancher-backup/2.0.0/templates/pvc.yaml | 27 + .../2.0.0/templates/rancher-resourceset.yaml | 13 + .../2.0.0/templates/s3-secret.yaml | 31 + .../2.0.0/templates/serviceaccount.yaml | 11 + .../2.0.0/templates/validate-install-crd.yaml | 16 + .../rancher-backup/2.0.0/values.yaml | 57 + .../2.0.0/Chart.yaml | 10 + .../rancher-cis-benchmark-crd/2.0.0/README.md | 2 + .../2.0.0/templates/clusterscan.yaml | 148 + .../2.0.0/templates/clusterscanbenchmark.yaml | 54 + .../2.0.0/templates/clusterscanprofile.yaml | 36 + .../2.0.0/templates/clusterscanreport.yaml | 39 + .../rancher-cis-benchmark/2.0.0/Chart.yaml | 19 + .../rancher-cis-benchmark/2.0.0/README.md | 9 + .../rancher-cis-benchmark/2.0.0/app-readme.md | 15 + .../2.0.0/templates/_helpers.tpl | 23 + .../2.0.0/templates/alertingrule.yaml | 14 + .../2.0.0/templates/benchmark-cis-1.5.yaml | 8 + .../2.0.0/templates/benchmark-cis-1.6.yaml | 8 + .../2.0.0/templates/benchmark-eks-1.0.yaml | 8 + .../2.0.0/templates/benchmark-gke-1.0.yaml | 8 + .../benchmark-k3s-cis-1.6-hardened.yaml | 8 + .../benchmark-k3s-cis-1.6-permissive.yaml | 8 + .../benchmark-rke-cis-1.5-hardened.yaml | 8 + .../benchmark-rke-cis-1.5-permissive.yaml | 8 + .../benchmark-rke-cis-1.6-hardened.yaml | 8 + .../benchmark-rke-cis-1.6-permissive.yaml | 8 + .../benchmark-rke2-cis-1.5-hardened.yaml | 8 + .../benchmark-rke2-cis-1.5-permissive.yaml | 8 + .../benchmark-rke2-cis-1.6-hardened.yaml | 8 + .../benchmark-rke2-cis-1.6-permissive.yaml | 8 + .../2.0.0/templates/cis-roles.yaml | 49 + .../2.0.0/templates/configmap.yaml | 17 + .../2.0.0/templates/deployment.yaml | 57 + .../templates/network_policy_allow_all.yaml | 15 + .../patch_default_serviceaccount.yaml | 20 + .../2.0.0/templates/rbac.yaml | 43 + .../2.0.0/templates/scanprofile-cis-1.5.yml | 9 + .../2.0.0/templates/scanprofile-cis-1.6.yaml | 9 + .../scanprofile-k3s-cis-1.6-hardened.yml | 9 + .../scanprofile-k3s-cis-1.6-permissive.yml | 9 + .../scanprofile-rke-1.5-hardened.yml | 9 + .../scanprofile-rke-1.5-permissive.yml | 9 + .../scanprofile-rke-1.6-hardened.yaml | 9 + .../scanprofile-rke-1.6-permissive.yaml | 9 + .../scanprofile-rke2-cis-1.5-hardened.yml | 9 + .../scanprofile-rke2-cis-1.5-permissive.yml | 9 + .../scanprofile-rke2-cis-1.6-hardened.yml | 9 + .../scanprofile-rke2-cis-1.6-permissive.yml | 9 + .../2.0.0/templates/scanprofileeks.yml | 9 + .../2.0.0/templates/scanprofilegke.yml | 9 + .../2.0.0/templates/serviceaccount.yaml | 14 + .../2.0.0/templates/validate-install-crd.yaml | 17 + .../rancher-cis-benchmark/2.0.0/values.yaml | 45 + .../100.0.0+up1.1.1/Chart.yaml | 11 + .../100.0.0+up1.1.1/templates/crds.yaml | 216 + .../100.0.0+up1.1.1/Chart.yaml | 18 + .../100.0.0+up1.1.1/templates/NOTES.txt | 4 + .../100.0.0+up1.1.1/templates/_helpers.tpl | 9 + .../templates/clusterrole.yaml | 15 + .../templates/clusterrolebinding.yaml | 13 + .../100.0.0+up1.1.1/templates/deployment.yaml | 50 + .../templates/serviceaccount.yaml | 5 + .../100.0.0+up1.1.1/values.yaml | 12 + .../100.0.0+up1.0.0/.helmignore | 21 + .../100.0.0+up1.0.0/Chart.yaml | 24 + .../100.0.0+up1.0.0/README.md | 69 + .../100.0.0+up1.0.0/app-README.md | 12 + .../100.0.0+up1.0.0/questions.yaml | 26 + .../100.0.0+up1.0.0/templates/NOTES.txt | 3 + .../100.0.0+up1.0.0/templates/_helpers.tpl | 50 + .../templates/admissionregistration.yaml | 30 + .../templates/clusterrole.yaml | 33 + .../templates/clusterrolebinding.yaml | 31 + .../100.0.0+up1.0.0/templates/deployment.yaml | 107 + .../100.0.0+up1.0.0/templates/issuer.yaml | 52 + .../100.0.0+up1.0.0/templates/service.yaml | 35 + .../templates/serviceaccount.yaml | 7 + .../templates/servicemonitor.yaml | 16 + .../tests/admissionregistration_test.yaml | 32 + .../tests/clusterrole_test.yaml | 37 + .../tests/clusterrolebinding_test.yaml | 42 + .../tests/deployment_test.yaml | 202 + .../100.0.0+up1.0.0/tests/issuer_test.yaml | 106 + .../100.0.0+up1.0.0/tests/service_test.yaml | 69 + .../tests/serviceaccount_test.yaml | 9 + .../tests/servicemonitor_test.yaml | 20 + .../100.0.0+up1.0.0/values.yaml | 67 + .../100.0.0+up3.5.1/Chart.yaml | 10 + .../100.0.0+up3.5.1/README.md | 2 + .../assign-customresourcedefinition.yaml | 208 + ...signmetadata-customresourcedefinition.yaml | 173 + .../config-customresourcedefinition.yaml | 102 + ...intpodstatus-customresourcedefinition.yaml | 66 + ...ainttemplate-customresourcedefinition.yaml | 197 + ...atepodstatus-customresourcedefinition.yaml | 65 + ...torpodstatus-customresourcedefinition.yaml | 61 + .../100.0.0+up3.5.1/templates/_helpers.tpl | 7 + .../100.0.0+up3.5.1/templates/jobs.yaml | 92 + .../100.0.0+up3.5.1/templates/manifest.yaml | 14 + .../100.0.0+up3.5.1/templates/rbac.yaml | 72 + .../100.0.0+up3.5.1/values.yaml | 11 + .../100.0.0+up3.5.1/.helmignore | 21 + .../100.0.0+up3.5.1/CHANGELOG.md | 15 + .../100.0.0+up3.5.1/Chart.yaml | 23 + .../100.0.0+up3.5.1/README.md | 113 + .../100.0.0+up3.5.1/app-readme.md | 14 + .../100.0.0+up3.5.1/templates/_helpers.tpl | 49 + .../templates/allowedrepos.yaml | 35 + .../gatekeeper-admin-podsecuritypolicy.yaml | 35 + .../gatekeeper-admin-serviceaccount.yaml | 11 + .../gatekeeper-audit-deployment.yaml | 104 + ...ekeeper-controller-manager-deployment.yaml | 118 + ...ontroller-manager-poddisruptionbudget.yaml | 22 + ...atekeeper-critical-pods-resourcequota.yaml | 21 + .../gatekeeper-manager-role-clusterrole.yaml | 153 + .../gatekeeper-manager-role-role.yaml | 32 + ...anager-rolebinding-clusterrolebinding.yaml | 18 + ...eeper-manager-rolebinding-rolebinding.yaml | 19 + ...guration-mutatingwebhookconfiguration.yaml | 40 + ...ration-validatingwebhookconfiguration.yaml | 66 + ...gatekeeper-webhook-server-cert-secret.yaml | 12 + .../gatekeeper-webhook-service-service.yaml | 29 + .../templates/namespace-post-install.yaml | 98 + .../templates/requiredlabels.yaml | 57 + .../templates/validate-install-crd.yaml | 20 + .../100.0.0+up3.5.1/values.yaml | 80 + .../100.0.0+up1.1.1/Chart.yaml | 11 + .../100.0.0+up1.1.1/templates/crds.yaml | 249 + .../100.0.0+up1.1.1/Chart.yaml | 18 + .../100.0.0+up1.1.1/templates/NOTES.txt | 4 + .../100.0.0+up1.1.1/templates/_helpers.tpl | 9 + .../templates/clusterrole.yaml | 15 + .../templates/clusterrolebinding.yaml | 13 + .../100.0.0+up1.1.1/templates/deployment.yaml | 50 + .../templates/serviceaccount.yaml | 5 + .../100.0.0+up1.1.1/values.yaml | 12 + .../100.0.0+up6.11.0/.helmignore | 23 + .../100.0.0+up6.11.0/Chart.yaml | 28 + .../100.0.0+up6.11.0/README.md | 526 + .../dashboards/custom-dashboard.json | 1 + .../100.0.0+up6.11.0/templates/NOTES.txt | 54 + .../100.0.0+up6.11.0/templates/_helpers.tpl | 158 + .../100.0.0+up6.11.0/templates/_pod.tpl | 511 + .../templates/clusterrole.yaml | 25 + .../templates/clusterrolebinding.yaml | 24 + .../configmap-dashboard-provider.yaml | 29 + .../100.0.0+up6.11.0/templates/configmap.yaml | 82 + .../templates/dashboards-json-configmap.yaml | 35 + .../templates/deployment.yaml | 50 + .../templates/headless-service.yaml | 18 + .../100.0.0+up6.11.0/templates/hpa.yaml | 20 + .../templates/image-renderer-deployment.yaml | 117 + .../image-renderer-network-policy.yaml | 76 + .../templates/image-renderer-service.yaml | 30 + .../100.0.0+up6.11.0/templates/ingress.yaml | 80 + .../templates/nginx-config.yaml | 78 + .../templates/poddisruptionbudget.yaml | 22 + .../templates/podsecuritypolicy.yaml | 46 + .../100.0.0+up6.11.0/templates/pvc.yaml | 35 + .../100.0.0+up6.11.0/templates/role.yaml | 32 + .../templates/rolebinding.yaml | 25 + .../templates/secret-env.yaml | 14 + .../100.0.0+up6.11.0/templates/secret.yaml | 26 + .../100.0.0+up6.11.0/templates/service.yaml | 51 + .../templates/serviceaccount.yaml | 13 + .../templates/servicemonitor.yaml | 40 + .../templates/statefulset.yaml | 54 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 30 + .../templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../templates/tests/test.yaml | 48 + .../100.0.0+up6.11.0/values.yaml | 757 + .../rancher-istio/100.0.0+up1.10.4/Chart.yaml | 22 + .../rancher-istio/100.0.0+up1.10.4/README.md | 69 + .../100.0.0+up1.10.4/app-readme.md | 50 + .../100.0.0+up1.10.4/charts/kiali/Chart.yaml | 31 + .../charts/kiali/templates/NOTES.txt | 5 + .../charts/kiali/templates/_helpers.tpl | 193 + .../charts/kiali/templates/cabundle.yaml | 13 + .../charts/kiali/templates/configmap.yaml | 25 + .../kiali/templates/dashboards/envoy.yaml | 56 + .../charts/kiali/templates/dashboards/go.yaml | 67 + .../kiali/templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../kiali/templates/dashboards/nodejs.yaml | 59 + .../kiali/templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../kiali/templates/dashboards/thorntail.yaml | 22 + .../kiali/templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../kiali/templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../charts/kiali/templates/deployment.yaml | 179 + .../charts/kiali/templates/hpa.yaml | 17 + .../charts/kiali/templates/ingress.yaml | 43 + .../charts/kiali/templates/oauth.yaml | 17 + .../charts/kiali/templates/psp.yaml | 67 + .../kiali/templates/role-controlplane.yaml | 15 + .../charts/kiali/templates/role-viewer.yaml | 96 + .../charts/kiali/templates/role.yaml | 106 + .../templates/rolebinding-controlplane.yaml | 17 + .../charts/kiali/templates/rolebinding.yaml | 20 + .../charts/kiali/templates/route.yaml | 30 + .../charts/kiali/templates/service.yaml | 45 + .../kiali/templates/serviceaccount.yaml | 9 + .../kiali/templates/validate-install-crd.yaml | 14 + .../kiali/templates/web-root-configmap.yaml | 12 + .../100.0.0+up1.10.4/charts/kiali/values.yaml | 98 + .../charts/tracing/.helmignore | 23 + .../charts/tracing/Chart.yaml | 12 + .../100.0.0+up1.10.4/charts/tracing/README.md | 5 + .../charts/tracing/templates/_affinity.tpl | 92 + .../charts/tracing/templates/_helpers.tpl | 32 + .../charts/tracing/templates/deployment.yaml | 86 + .../charts/tracing/templates/psp.yaml | 86 + .../charts/tracing/templates/pvc.yaml | 16 + .../charts/tracing/templates/service.yaml | 63 + .../charts/tracing/values.yaml | 44 + .../100.0.0+up1.10.4/configs/istio-base.yaml | 82 + .../100.0.0+up1.10.4/requirements.yaml | 7 + .../samples/overlay-example.yaml | 37 + .../100.0.0+up1.10.4/templates/_helpers.tpl | 12 + .../templates/admin-role.yaml | 43 + .../templates/base-config-map.yaml | 7 + .../templates/clusterrole.yaml | 126 + .../templates/clusterrolebinding.yaml | 12 + .../100.0.0+up1.10.4/templates/edit-role.yaml | 43 + .../templates/istio-cni-psp.yaml | 51 + .../templates/istio-install-job.yaml | 50 + .../templates/istio-install-psp.yaml | 30 + .../100.0.0+up1.10.4/templates/istio-psp.yaml | 81 + .../templates/istio-uninstall-job.yaml | 45 + .../templates/overlay-config-map.yaml | 9 + .../templates/service-monitors.yaml | 51 + .../templates/serviceaccount.yaml | 5 + .../100.0.0+up1.10.4/templates/view-role.yaml | 41 + .../100.0.0+up1.10.4/values.yaml | 80 + .../100.0.0+up1.35.0/Chart.yaml | 7 + .../100.0.0+up1.35.0/README.md | 2 + .../100.0.0+up1.35.0/templates/crds.yaml | 22 + .../100.0.0+up1.35.0/Chart.yaml | 31 + .../100.0.0+up1.35.0/templates/NOTES.txt | 5 + .../100.0.0+up1.35.0/templates/_helpers.tpl | 193 + .../100.0.0+up1.35.0/templates/cabundle.yaml | 13 + .../100.0.0+up1.35.0/templates/configmap.yaml | 25 + .../templates/dashboards/envoy.yaml | 56 + .../templates/dashboards/go.yaml | 67 + .../templates/dashboards/kiali.yaml | 44 + .../dashboards/micrometer-1.0.6-jvm-pool.yaml | 43 + .../dashboards/micrometer-1.0.6-jvm.yaml | 65 + .../dashboards/micrometer-1.1-jvm.yaml | 68 + .../dashboards/microprofile-1.1.yaml | 59 + .../dashboards/microprofile-x.y.yaml | 38 + .../templates/dashboards/nodejs.yaml | 59 + .../templates/dashboards/quarkus.yaml | 33 + .../dashboards/springboot-jvm-pool.yaml | 16 + .../templates/dashboards/springboot-jvm.yaml | 16 + .../dashboards/springboot-tomcat.yaml | 16 + .../templates/dashboards/thorntail.yaml | 22 + .../templates/dashboards/tomcat.yaml | 67 + .../templates/dashboards/vertx-client.yaml | 60 + .../templates/dashboards/vertx-eventbus.yaml | 59 + .../templates/dashboards/vertx-jvm.yaml | 16 + .../templates/dashboards/vertx-pool.yaml | 68 + .../templates/dashboards/vertx-server.yaml | 62 + .../templates/deployment.yaml | 179 + .../100.0.0+up1.35.0/templates/hpa.yaml | 17 + .../100.0.0+up1.35.0/templates/ingress.yaml | 43 + .../100.0.0+up1.35.0/templates/oauth.yaml | 17 + .../100.0.0+up1.35.0/templates/psp.yaml | 67 + .../templates/role-controlplane.yaml | 15 + .../templates/role-viewer.yaml | 96 + .../100.0.0+up1.35.0/templates/role.yaml | 106 + .../templates/rolebinding-controlplane.yaml | 17 + .../templates/rolebinding.yaml | 20 + .../100.0.0+up1.35.0/templates/route.yaml | 30 + .../100.0.0+up1.35.0/templates/service.yaml | 45 + .../templates/serviceaccount.yaml | 9 + .../templates/validate-install-crd.yaml | 14 + .../templates/web-root-configmap.yaml | 12 + .../100.0.0+up1.35.0/values.yaml | 98 + .../100.0.0+up3.2.0/.helmignore | 21 + .../100.0.0+up3.2.0/Chart.yaml | 25 + .../100.0.0+up3.2.0/OWNERS | 6 + .../100.0.0+up3.2.0/README.md | 68 + .../100.0.0+up3.2.0/templates/NOTES.txt | 10 + .../100.0.0+up3.2.0/templates/_helpers.tpl | 76 + .../templates/clusterrolebinding.yaml | 23 + .../100.0.0+up3.2.0/templates/deployment.yaml | 224 + .../templates/kubeconfig-secret.yaml | 15 + .../100.0.0+up3.2.0/templates/pdb.yaml | 20 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../100.0.0+up3.2.0/templates/role.yaml | 190 + .../templates/rolebinding.yaml | 27 + .../100.0.0+up3.2.0/templates/service.yaml | 42 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 34 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../100.0.0+up3.2.0/values.yaml | 189 + .../100.0.0+up3.12.0/Chart.yaml | 10 + .../100.0.0+up3.12.0/README.md | 2 + .../logging.banzaicloud.io_clusterflows.yaml | 1500 ++ ...logging.banzaicloud.io_clusteroutputs.yaml | 9436 +++++++++ .../logging.banzaicloud.io_flows.yaml | 1492 ++ .../logging.banzaicloud.io_loggings.yaml | 15844 ++++++++++++++++ .../logging.banzaicloud.io_outputs.yaml | 9424 +++++++++ .../100.0.0+up3.12.0/.helmignore | 22 + .../100.0.0+up3.12.0/Chart.yaml | 20 + .../100.0.0+up3.12.0/README.md | 131 + .../100.0.0+up3.12.0/app-readme.md | 27 + .../100.0.0+up3.12.0/templates/NOTES.txt | 0 .../100.0.0+up3.12.0/templates/_helpers.tpl | 147 + .../templates/clusterrole.yaml | 185 + .../templates/clusterrolebinding.yaml | 18 + .../100.0.0+up3.12.0/templates/crds.yaml | 6 + .../templates/deployment.yaml | 68 + .../templates/loggings/aks/logging.yaml | 89 + .../templates/loggings/eks/logging.yaml | 90 + .../templates/loggings/gke/logging.yaml | 89 + .../templates/loggings/k3s/configmap.yaml | 57 + .../templates/loggings/k3s/daemonset.yaml | 110 + .../loggings/k3s/logging-k3s-openrc.yaml | 94 + .../loggings/kube-audit/logging.yaml | 98 + .../templates/loggings/rke/configmap.yaml | 29 + .../templates/loggings/rke/daemonset.yaml | 122 + .../templates/loggings/rke2/configmap.yaml | 69 + .../templates/loggings/rke2/daemonset.yaml | 116 + .../templates/loggings/root/logging.yaml | 154 + .../100.0.0+up3.12.0/templates/psp.yaml | 34 + .../100.0.0+up3.12.0/templates/service.yaml | 20 + .../templates/serviceMonitor.yaml | 30 + .../templates/serviceaccount.yaml | 10 + .../100.0.0+up3.12.0/templates/userroles.yaml | 35 + .../templates/validate-install-crd.yaml | 18 + .../templates/validate-install.yaml | 5 + .../100.0.0+up3.12.0/values.yaml | 211 + .../100.0.0+up16.6.0/Chart.yaml | 10 + .../100.0.0+up16.6.0/README.md | 24 + .../crd-manifest/crd-alertmanagerconfigs.yaml | 1869 ++ .../crd-manifest/crd-alertmanagers.yaml | 3218 ++++ .../crd-manifest/crd-podmonitors.yaml | 358 + .../crd-manifest/crd-probes.yaml | 344 + .../crd-manifest/crd-prometheuses.yaml | 4447 +++++ .../crd-manifest/crd-prometheusrules.yaml | 90 + .../crd-manifest/crd-servicemonitors.yaml | 375 + .../crd-manifest/crd-thanosrulers.yaml | 3342 ++++ .../100.0.0+up16.6.0/templates/_helpers.tpl | 50 + .../100.0.0+up16.6.0/templates/jobs.yaml | 135 + .../100.0.0+up16.6.0/templates/manifest.yaml | 14 + .../100.0.0+up16.6.0/templates/rbac.yaml | 72 + .../100.0.0+up16.6.0/values.yaml | 11 + .../100.0.0+up16.6.0/.helmignore | 26 + .../100.0.0+up16.6.0/CHANGELOG.md | 47 + .../100.0.0+up16.6.0/CONTRIBUTING.md | 12 + .../100.0.0+up16.6.0/Chart.yaml | 116 + .../100.0.0+up16.6.0/README.md | 475 + .../100.0.0+up16.6.0/app-README.md | 15 + .../charts/grafana/.helmignore | 23 + .../charts/grafana/Chart.yaml | 28 + .../100.0.0+up16.6.0/charts/grafana/README.md | 526 + .../grafana/dashboards/custom-dashboard.json | 1 + .../charts/grafana/templates/NOTES.txt | 54 + .../charts/grafana/templates/_helpers.tpl | 158 + .../charts/grafana/templates/_pod.tpl | 511 + .../charts/grafana/templates/clusterrole.yaml | 25 + .../grafana/templates/clusterrolebinding.yaml | 24 + .../configmap-dashboard-provider.yaml | 29 + .../charts/grafana/templates/configmap.yaml | 82 + .../templates/dashboards-json-configmap.yaml | 35 + .../charts/grafana/templates/deployment.yaml | 50 + .../grafana/templates/headless-service.yaml | 18 + .../charts/grafana/templates/hpa.yaml | 20 + .../templates/image-renderer-deployment.yaml | 117 + .../image-renderer-network-policy.yaml | 76 + .../templates/image-renderer-service.yaml | 30 + .../charts/grafana/templates/ingress.yaml | 80 + .../grafana/templates/nginx-config.yaml | 78 + .../templates/poddisruptionbudget.yaml | 22 + .../grafana/templates/podsecuritypolicy.yaml | 46 + .../charts/grafana/templates/pvc.yaml | 35 + .../charts/grafana/templates/role.yaml | 32 + .../charts/grafana/templates/rolebinding.yaml | 25 + .../charts/grafana/templates/secret-env.yaml | 14 + .../charts/grafana/templates/secret.yaml | 26 + .../charts/grafana/templates/service.yaml | 51 + .../grafana/templates/serviceaccount.yaml | 13 + .../grafana/templates/servicemonitor.yaml | 40 + .../charts/grafana/templates/statefulset.yaml | 54 + .../templates/tests/test-configmap.yaml | 17 + .../tests/test-podsecuritypolicy.yaml | 30 + .../grafana/templates/tests/test-role.yaml | 14 + .../templates/tests/test-rolebinding.yaml | 17 + .../templates/tests/test-serviceaccount.yaml | 9 + .../charts/grafana/templates/tests/test.yaml | 48 + .../charts/grafana/values.yaml | 757 + .../charts/hardenedKubelet/.helmignore | 23 + .../charts/hardenedKubelet/Chart.yaml | 13 + .../charts/hardenedKubelet/README.md | 60 + .../hardenedKubelet/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/hardenedKubelet/values.yaml | 111 + .../charts/hardenedNodeExporter/.helmignore | 23 + .../charts/hardenedNodeExporter/Chart.yaml | 13 + .../charts/hardenedNodeExporter/README.md | 60 + .../templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/hardenedNodeExporter/values.yaml | 111 + .../charts/k3sServer/.helmignore | 23 + .../charts/k3sServer/Chart.yaml | 13 + .../charts/k3sServer/README.md | 60 + .../charts/k3sServer/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../k3sServer/templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../k3sServer/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/k3sServer/values.yaml | 111 + .../charts/kube-state-metrics/.helmignore | 21 + .../charts/kube-state-metrics/Chart.yaml | 25 + .../charts/kube-state-metrics/README.md | 68 + .../kube-state-metrics/templates/NOTES.txt | 10 + .../kube-state-metrics/templates/_helpers.tpl | 76 + .../templates/clusterrolebinding.yaml | 23 + .../templates/deployment.yaml | 224 + .../templates/kubeconfig-secret.yaml | 15 + .../kube-state-metrics/templates/pdb.yaml | 20 + .../templates/podsecuritypolicy.yaml | 42 + .../templates/psp-clusterrole.yaml | 22 + .../templates/psp-clusterrolebinding.yaml | 19 + .../kube-state-metrics/templates/role.yaml | 190 + .../templates/rolebinding.yaml | 27 + .../kube-state-metrics/templates/service.yaml | 42 + .../templates/serviceaccount.yaml | 18 + .../templates/servicemonitor.yaml | 34 + .../templates/stsdiscovery-role.yaml | 29 + .../templates/stsdiscovery-rolebinding.yaml | 20 + .../charts/kube-state-metrics/values.yaml | 189 + .../kubeAdmControllerManager/.helmignore | 23 + .../kubeAdmControllerManager/Chart.yaml | 13 + .../charts/kubeAdmControllerManager/README.md | 60 + .../templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../kubeAdmControllerManager/values.yaml | 111 + .../charts/kubeAdmEtcd/.helmignore | 23 + .../charts/kubeAdmEtcd/Chart.yaml | 13 + .../charts/kubeAdmEtcd/README.md | 60 + .../charts/kubeAdmEtcd/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../kubeAdmEtcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/kubeAdmEtcd/values.yaml | 111 + .../charts/kubeAdmProxy/.helmignore | 23 + .../charts/kubeAdmProxy/Chart.yaml | 13 + .../charts/kubeAdmProxy/README.md | 60 + .../kubeAdmProxy/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/kubeAdmProxy/values.yaml | 111 + .../charts/kubeAdmScheduler/.helmignore | 23 + .../charts/kubeAdmScheduler/Chart.yaml | 13 + .../charts/kubeAdmScheduler/README.md | 60 + .../kubeAdmScheduler/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/kubeAdmScheduler/values.yaml | 111 + .../charts/prometheus-adapter/.helmignore | 21 + .../charts/prometheus-adapter/Chart.yaml | 26 + .../charts/prometheus-adapter/README.md | 147 + .../prometheus-adapter/templates/NOTES.txt | 9 + .../prometheus-adapter/templates/_helpers.tpl | 72 + .../templates/certmanager.yaml | 48 + .../cluster-role-binding-auth-delegator.yaml | 19 + .../cluster-role-binding-resource-reader.yaml | 19 + .../cluster-role-resource-reader.yaml | 23 + .../templates/configmap.yaml | 96 + .../templates/custom-metrics-apiservice.yaml | 32 + ...stom-metrics-cluster-role-binding-hpa.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/deployment.yaml | 135 + .../external-metrics-apiservice.yaml | 32 + ...rnal-metrics-cluster-role-binding-hpa.yaml | 19 + .../external-metrics-cluster-role.yaml | 20 + .../prometheus-adapter/templates/pdb.yaml | 22 + .../prometheus-adapter/templates/psp.yaml | 71 + .../resource-metrics-apiservice.yaml | 32 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../templates/role-binding-auth-reader.yaml | 20 + .../prometheus-adapter/templates/secret.yaml | 15 + .../prometheus-adapter/templates/service.yaml | 22 + .../templates/serviceaccount.yaml | 16 + .../charts/prometheus-adapter/values.yaml | 185 + .../prometheus-node-exporter/.helmignore | 21 + .../prometheus-node-exporter/Chart.yaml | 23 + .../charts/prometheus-node-exporter/README.md | 63 + .../templates/NOTES.txt | 15 + .../templates/_helpers.tpl | 95 + .../templates/daemonset.yaml | 187 + .../templates/endpoints.yaml | 18 + .../templates/monitor.yaml | 32 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../templates/psp.yaml | 56 + .../templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 18 + .../prometheus-node-exporter/values.yaml | 182 + .../charts/rke2ControllerManager/.helmignore | 23 + .../charts/rke2ControllerManager/Chart.yaml | 13 + .../charts/rke2ControllerManager/README.md | 60 + .../templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/rke2ControllerManager/values.yaml | 111 + .../charts/rke2Etcd/.helmignore | 23 + .../charts/rke2Etcd/Chart.yaml | 13 + .../charts/rke2Etcd/README.md | 60 + .../charts/rke2Etcd/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../rke2Etcd/templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Etcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/rke2Etcd/values.yaml | 111 + .../charts/rke2IngressNginx/.helmignore | 23 + .../charts/rke2IngressNginx/Chart.yaml | 13 + .../charts/rke2IngressNginx/README.md | 60 + .../rke2IngressNginx/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/rke2IngressNginx/values.yaml | 111 + .../charts/rke2Proxy/.helmignore | 23 + .../charts/rke2Proxy/Chart.yaml | 13 + .../charts/rke2Proxy/README.md | 60 + .../charts/rke2Proxy/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../rke2Proxy/templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rke2Proxy/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/rke2Proxy/values.yaml | 111 + .../charts/rke2Scheduler/.helmignore | 23 + .../charts/rke2Scheduler/Chart.yaml | 13 + .../charts/rke2Scheduler/README.md | 60 + .../rke2Scheduler/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/rke2Scheduler/values.yaml | 111 + .../charts/rkeControllerManager/.helmignore | 23 + .../charts/rkeControllerManager/Chart.yaml | 13 + .../charts/rkeControllerManager/README.md | 60 + .../templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/rkeControllerManager/values.yaml | 111 + .../charts/rkeEtcd/.helmignore | 23 + .../charts/rkeEtcd/Chart.yaml | 13 + .../100.0.0+up16.6.0/charts/rkeEtcd/README.md | 60 + .../charts/rkeEtcd/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../rkeEtcd/templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeEtcd/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/rkeEtcd/values.yaml | 111 + .../charts/rkeIngressNginx/.helmignore | 23 + .../charts/rkeIngressNginx/Chart.yaml | 13 + .../charts/rkeIngressNginx/README.md | 60 + .../rkeIngressNginx/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/rkeIngressNginx/values.yaml | 111 + .../charts/rkeProxy/.helmignore | 23 + .../charts/rkeProxy/Chart.yaml | 13 + .../charts/rkeProxy/README.md | 60 + .../charts/rkeProxy/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../rkeProxy/templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../rkeProxy/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/rkeProxy/values.yaml | 111 + .../charts/rkeScheduler/.helmignore | 23 + .../charts/rkeScheduler/Chart.yaml | 13 + .../charts/rkeScheduler/README.md | 60 + .../rkeScheduler/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../charts/rkeScheduler/values.yaml | 111 + .../charts/windowsExporter/.helmignore | 23 + .../charts/windowsExporter/Chart.yaml | 15 + .../charts/windowsExporter/README.md | 17 + .../scripts/check-wins-version.ps1 | 20 + .../windowsExporter/scripts/proxy-entry.ps1 | 11 + .../charts/windowsExporter/scripts/run.ps1 | 78 + .../windowsExporter/templates/_helpers.tpl | 113 + .../windowsExporter/templates/configmap.yaml | 10 + .../windowsExporter/templates/daemonset.yaml | 77 + .../templates/prometheusrule.yaml | 13 + .../windowsExporter/templates/rbac.yaml | 78 + .../windowsExporter/templates/service.yaml | 15 + .../templates/servicemonitor.yaml | 41 + .../charts/windowsExporter/values.yaml | 50 + .../files/ingress-nginx/nginx.json | 1463 ++ .../request-handling-performance.json | 981 + .../cluster/rancher-cluster-nodes.json | 776 + .../rancher/cluster/rancher-cluster.json | 759 + .../rancher/home/rancher-default-home.json | 1273 ++ .../files/rancher/k8s/rancher-etcd-nodes.json | 670 + .../files/rancher/k8s/rancher-etcd.json | 652 + .../k8s/rancher-k8s-components-nodes.json | 510 + .../rancher/k8s/rancher-k8s-components.json | 502 + .../rancher/nodes/rancher-node-detail.json | 789 + .../files/rancher/nodes/rancher-node.json | 776 + .../rancher/pods/rancher-pod-containers.json | 620 + .../files/rancher/pods/rancher-pod.json | 620 + .../workloads/rancher-workload-pods.json | 636 + .../rancher/workloads/rancher-workload.json | 636 + .../100.0.0+up16.6.0/templates/NOTES.txt | 4 + .../100.0.0+up16.6.0/templates/_helpers.tpl | 251 + .../templates/alertmanager/alertmanager.yaml | 151 + .../templates/alertmanager/ingress.yaml | 77 + .../alertmanager/ingressperreplica.yaml | 67 + .../alertmanager/podDisruptionBudget.yaml | 21 + .../templates/alertmanager/psp-role.yaml | 21 + .../alertmanager/psp-rolebinding.yaml | 18 + .../templates/alertmanager/psp.yaml | 52 + .../templates/alertmanager/secret.yaml | 29 + .../templates/alertmanager/service.yaml | 50 + .../alertmanager/serviceaccount.yaml | 20 + .../alertmanager/servicemonitor.yaml | 45 + .../alertmanager/serviceperreplica.yaml | 46 + .../templates/exporters/core-dns/service.yaml | 24 + .../exporters/core-dns/servicemonitor.yaml | 36 + .../kube-api-server/servicemonitor.yaml | 39 + .../kube-controller-manager/endpoints.yaml | 20 + .../kube-controller-manager/service.yaml | 27 + .../servicemonitor.yaml | 47 + .../templates/exporters/kube-dns/service.yaml | 28 + .../exporters/kube-dns/servicemonitor.yaml | 49 + .../exporters/kube-etcd/endpoints.yaml | 20 + .../exporters/kube-etcd/service.yaml | 27 + .../exporters/kube-etcd/servicemonitor.yaml | 53 + .../exporters/kube-proxy/endpoints.yaml | 20 + .../exporters/kube-proxy/service.yaml | 27 + .../exporters/kube-proxy/servicemonitor.yaml | 41 + .../exporters/kube-scheduler/endpoints.yaml | 20 + .../exporters/kube-scheduler/service.yaml | 27 + .../kube-scheduler/servicemonitor.yaml | 47 + .../kube-state-metrics/serviceMonitor.yaml | 42 + .../exporters/kubelet/servicemonitor.yaml | 176 + .../node-exporter/servicemonitor.yaml | 43 + .../grafana/configmap-dashboards.yaml | 24 + .../grafana/configmaps-datasources.yaml | 47 + .../grafana/dashboards-1.14/apiserver.yaml | 1747 ++ .../dashboards-1.14/cluster-total.yaml | 1882 ++ .../dashboards-1.14/controller-manager.yaml | 1183 ++ .../grafana/dashboards-1.14/etcd.yaml | 1118 ++ .../grafana/dashboards-1.14/k8s-coredns.yaml | 1531 ++ .../k8s-resources-cluster.yaml | 3024 +++ .../k8s-resources-namespace.yaml | 2744 +++ .../dashboards-1.14/k8s-resources-node.yaml | 978 + .../dashboards-1.14/k8s-resources-pod.yaml | 2427 +++ .../k8s-resources-workload.yaml | 1986 ++ .../k8s-resources-workloads-namespace.yaml | 2151 +++ .../grafana/dashboards-1.14/kubelet.yaml | 2535 +++ .../dashboards-1.14/namespace-by-pod.yaml | 1464 ++ .../namespace-by-workload.yaml | 1736 ++ .../node-cluster-rsrc-use.yaml | 964 + .../dashboards-1.14/node-rsrc-use.yaml | 991 + .../grafana/dashboards-1.14/nodes.yaml | 991 + .../persistentvolumesusage.yaml | 577 + .../grafana/dashboards-1.14/pod-total.yaml | 1228 ++ .../prometheus-remote-write.yaml | 1670 ++ .../grafana/dashboards-1.14/prometheus.yaml | 1227 ++ .../grafana/dashboards-1.14/proxy.yaml | 1262 ++ .../grafana/dashboards-1.14/scheduler.yaml | 1106 ++ .../grafana/dashboards-1.14/statefulset.yaml | 928 + .../dashboards-1.14/workload-total.yaml | 1438 ++ .../templates/grafana/namespaces.yaml | 13 + .../templates/grafana/servicemonitor.yaml | 32 + .../job-patch/clusterrole.yaml | 33 + .../job-patch/clusterrolebinding.yaml | 20 + .../job-patch/job-createSecret.yaml | 65 + .../job-patch/job-patchWebhook.yaml | 66 + .../admission-webhooks/job-patch/psp.yaml | 54 + .../admission-webhooks/job-patch/role.yaml | 21 + .../job-patch/rolebinding.yaml | 21 + .../job-patch/serviceaccount.yaml | 17 + .../mutatingWebhookConfiguration.yaml | 41 + .../validatingWebhookConfiguration.yaml | 41 + .../prometheus-operator/certmanager.yaml | 57 + .../prometheus-operator/clusterrole.yaml | 80 + .../clusterrolebinding.yaml | 17 + .../prometheus-operator/deployment.yaml | 145 + .../prometheus-operator/psp-clusterrole.yaml | 20 + .../psp-clusterrolebinding.yaml | 17 + .../templates/prometheus-operator/psp.yaml | 51 + .../prometheus-operator/service.yaml | 55 + .../prometheus-operator/serviceaccount.yaml | 16 + .../prometheus-operator/servicemonitor.yaml | 44 + .../templates/prometheus/_rules.tpl | 38 + .../additionalAlertRelabelConfigs.yaml | 16 + .../additionalAlertmanagerConfigs.yaml | 16 + .../prometheus/additionalPrometheusRules.yaml | 43 + .../prometheus/additionalScrapeConfigs.yaml | 16 + .../templates/prometheus/clusterrole.yaml | 30 + .../prometheus/clusterrolebinding.yaml | 18 + .../templates/prometheus/ingress.yaml | 77 + .../prometheus/ingressThanosSidecar.yaml | 76 + .../prometheus/ingressperreplica.yaml | 67 + .../templates/prometheus/nginx-config.yaml | 69 + .../prometheus/podDisruptionBudget.yaml | 21 + .../templates/prometheus/podmonitors.yaml | 37 + .../templates/prometheus/prometheus.yaml | 332 + .../templates/prometheus/psp-clusterrole.yaml | 20 + .../prometheus/psp-clusterrolebinding.yaml | 18 + .../templates/prometheus/psp.yaml | 62 + .../rules-1.14/alertmanager.rules.yaml | 70 + .../templates/prometheus/rules-1.14/etcd.yaml | 181 + .../prometheus/rules-1.14/general.rules.yaml | 56 + .../prometheus/rules-1.14/k8s.rules.yaml | 117 + .../kube-apiserver-availability.rules.yaml | 160 + .../rules-1.14/kube-apiserver-slos.yaml | 95 + .../rules-1.14/kube-apiserver.rules.yaml | 358 + .../kube-prometheus-general.rules.yaml | 31 + .../kube-prometheus-node-recording.rules.yaml | 39 + .../rules-1.14/kube-scheduler.rules.yaml | 65 + .../rules-1.14/kube-state-metrics.yaml | 59 + .../prometheus/rules-1.14/kubelet.rules.yaml | 41 + .../rules-1.14/kubernetes-apps.yaml | 298 + .../rules-1.14/kubernetes-resources.yaml | 159 + .../rules-1.14/kubernetes-storage.yaml | 75 + .../kubernetes-system-apiserver.yaml | 98 + .../kubernetes-system-controller-manager.yaml | 43 + .../rules-1.14/kubernetes-system-kubelet.yaml | 188 + .../kubernetes-system-scheduler.yaml | 43 + .../rules-1.14/kubernetes-system.yaml | 55 + .../rules-1.14/node-exporter.rules.yaml | 79 + .../prometheus/rules-1.14/node-exporter.yaml | 262 + .../prometheus/rules-1.14/node-network.yaml | 37 + .../prometheus/rules-1.14/node.rules.yaml | 51 + .../rules-1.14/prometheus-operator.yaml | 113 + .../prometheus/rules-1.14/prometheus.yaml | 258 + .../templates/prometheus/service.yaml | 60 + .../prometheus/serviceThanosSidecar.yaml | 30 + .../serviceThanosSidecarExternal.yaml | 28 + .../templates/prometheus/serviceaccount.yaml | 20 + .../templates/prometheus/servicemonitor.yaml | 42 + .../templates/prometheus/servicemonitors.yaml | 38 + .../prometheus/serviceperreplica.yaml | 46 + .../rancher-monitoring/clusterrole.yaml | 131 + .../rancher-monitoring/config-role.yaml | 48 + .../rancher-monitoring/dashboard-role.yaml | 47 + .../addons/ingress-nginx-dashboard.yaml | 18 + .../rancher/cluster-dashboards.yaml | 17 + .../dashboards/rancher/default-dashboard.yaml | 17 + .../dashboards/rancher/k8s-dashboards.yaml | 17 + .../dashboards/rancher/nodes-dashboards.yaml | 17 + .../dashboards/rancher/pods-dashboards.yaml | 17 + .../rancher/workload-dashboards.yaml | 17 + .../exporters/ingress-nginx/service.yaml | 27 + .../ingress-nginx/servicemonitor.yaml | 39 + .../rancher-monitoring/hardened.yaml | 124 + .../templates/validate-install-crd.yaml | 21 + .../100.0.0+up16.6.0/values.yaml | 3160 +++ .../100.0.0+up1.18.1/.helmignore | 21 + .../100.0.0+up1.18.1/Chart.yaml | 23 + .../100.0.0+up1.18.1/OWNERS | 6 + .../100.0.0+up1.18.1/README.md | 63 + .../100.0.0+up1.18.1/ci/port-values.yaml | 3 + .../100.0.0+up1.18.1/templates/NOTES.txt | 15 + .../100.0.0+up1.18.1/templates/_helpers.tpl | 95 + .../100.0.0+up1.18.1/templates/daemonset.yaml | 187 + .../100.0.0+up1.18.1/templates/endpoints.yaml | 18 + .../100.0.0+up1.18.1/templates/monitor.yaml | 32 + .../templates/psp-clusterrole.yaml | 15 + .../templates/psp-clusterrolebinding.yaml | 17 + .../100.0.0+up1.18.1/templates/psp.yaml | 56 + .../100.0.0+up1.18.1/templates/service.yaml | 23 + .../templates/serviceaccount.yaml | 18 + .../100.0.0+up1.18.1/values.yaml | 182 + .../100.0.0+up0.2.0/.helmignore | 22 + .../100.0.0+up0.2.0/Chart.yaml | 10 + .../100.0.0+up0.2.0/files/teams.j2 | 44 + .../100.0.0+up0.2.0/templates/NOTES.txt | 2 + .../100.0.0+up0.2.0/templates/_helpers.tpl | 73 + .../100.0.0+up0.2.0/templates/configmap.yaml | 39 + .../100.0.0+up0.2.0/templates/deployment.yaml | 77 + .../100.0.0+up0.2.0/templates/psp.yaml | 29 + .../100.0.0+up0.2.0/templates/role.yaml | 15 + .../templates/rolebinding.yaml | 13 + .../templates/service-account.yaml | 6 + .../100.0.0+up0.2.0/templates/service.yaml | 17 + .../100.0.0+up0.2.0/values.yaml | 62 + .../100.0.0+up2.14.0/.helmignore | 21 + .../100.0.0+up2.14.0/Chart.yaml | 26 + .../100.0.0+up2.14.0/README.md | 147 + .../100.0.0+up2.14.0/ci/default-values.yaml | 0 .../ci/external-rules-values.yaml | 9 + .../100.0.0+up2.14.0/templates/NOTES.txt | 9 + .../100.0.0+up2.14.0/templates/_helpers.tpl | 72 + .../templates/certmanager.yaml | 48 + .../cluster-role-binding-auth-delegator.yaml | 19 + .../cluster-role-binding-resource-reader.yaml | 19 + .../cluster-role-resource-reader.yaml | 23 + .../100.0.0+up2.14.0/templates/configmap.yaml | 96 + .../templates/custom-metrics-apiservice.yaml | 32 + ...stom-metrics-cluster-role-binding-hpa.yaml | 23 + .../custom-metrics-cluster-role.yaml | 16 + .../templates/deployment.yaml | 135 + .../external-metrics-apiservice.yaml | 32 + ...rnal-metrics-cluster-role-binding-hpa.yaml | 19 + .../external-metrics-cluster-role.yaml | 20 + .../100.0.0+up2.14.0/templates/pdb.yaml | 22 + .../100.0.0+up2.14.0/templates/psp.yaml | 71 + .../resource-metrics-apiservice.yaml | 32 + ...resource-metrics-cluster-role-binding.yaml | 19 + .../resource-metrics-cluster-role.yaml | 22 + .../templates/role-binding-auth-reader.yaml | 20 + .../100.0.0+up2.14.0/templates/secret.yaml | 15 + .../100.0.0+up2.14.0/templates/service.yaml | 22 + .../templates/serviceaccount.yaml | 16 + .../100.0.0+up2.14.0/values.yaml | 185 + .../rancher-pushprox/100.0.0/.helmignore | 23 + .../rancher-pushprox/100.0.0/Chart.yaml | 13 + .../rancher-pushprox/100.0.0/README.md | 60 + .../100.0.0/templates/_helpers.tpl | 104 + .../templates/pushprox-clients-rbac.yaml | 77 + .../100.0.0/templates/pushprox-clients.yaml | 145 + .../templates/pushprox-proxy-rbac.yaml | 63 + .../100.0.0/templates/pushprox-proxy.yaml | 52 + .../templates/pushprox-servicemonitor.yaml | 33 + .../rancher-pushprox/100.0.0/values.yaml | 111 + .../rancher-sachet/100.0.0/.helmignore | 23 + .../rancher-sachet/100.0.0/Chart.yaml | 11 + .../100.0.0/files/template.tmpl | 1 + .../100.0.0/templates/NOTES.txt | 3 + .../100.0.0/templates/_helpers.tpl | 79 + .../templates/configmap-pre-install.yaml | 34 + .../100.0.0/templates/deployment.yaml | 75 + .../rancher-sachet/100.0.0/templates/psp.yaml | 29 + .../100.0.0/templates/role.yaml | 15 + .../100.0.0/templates/rolebinding.yaml | 13 + .../100.0.0/templates/service-account.yaml | 6 + .../100.0.0/templates/service.yaml | 17 + .../rancher-sachet/100.0.0/values.yaml | 63 + .../sriov-crd/100.0.0+up0.1.0/Chart.yaml | 11 + ...vnetwork.openshift.io_sriovibnetworks.yaml | 79 + ...openshift.io_sriovnetworknodepolicies.yaml | 133 + ...k.openshift.io_sriovnetworknodestates.yaml | 155 + ...iovnetwork.openshift.io_sriovnetworks.yaml | 111 + ...ork.openshift.io_sriovoperatorconfigs.yaml | 91 + .../sriov/100.0.0+up0.1.0/.helmignore | 23 + .../sriov/100.0.0+up0.1.0/Chart.yaml | 25 + .../sriov/100.0.0+up0.1.0/README.md | 73 + .../sriov/100.0.0+up0.1.0/app-README.md | 13 + .../sriov/100.0.0+up0.1.0/templates/NOTES.txt | 17 + .../100.0.0+up0.1.0/templates/_helpers.tpl | 70 + .../templates/_webhook-certs.tpl | 31 + .../templates/certmanagercerts.yaml | 41 + .../templates/clusterrole.yaml | 106 + .../templates/clusterrolebinding.yaml | 29 + .../100.0.0+up0.1.0/templates/operator.yaml | 87 + .../sriov/100.0.0+up0.1.0/templates/role.yaml | 111 + .../templates/rolebinding.yaml | 44 + .../100.0.0+up0.1.0/templates/secrets.yaml | 20 + .../templates/serviceaccount.yaml | 15 + .../templates/validate-install-crd.yaml | 18 + .../sriov/100.0.0+up0.1.0/values.yaml | 57 + .../rancher-tracing/100.0.0/.helmignore | 23 + .../rancher-tracing/100.0.0/Chart.yaml | 12 + .../rancher-tracing/100.0.0/README.md | 5 + .../100.0.0/templates/_affinity.tpl | 92 + .../100.0.0/templates/_helpers.tpl | 32 + .../100.0.0/templates/deployment.yaml | 86 + .../100.0.0/templates/psp.yaml | 86 + .../100.0.0/templates/pvc.yaml | 16 + .../100.0.0/templates/service.yaml | 63 + .../rancher-tracing/100.0.0/values.yaml | 44 + .../rancher-vsphere-cpi/100.0.0/Chart.yaml | 19 + .../rancher-vsphere-cpi/100.0.0/README.md | 57 + .../rancher-vsphere-cpi/100.0.0/app-readme.md | 9 + .../100.0.0/questions.yaml | 42 + .../100.0.0/templates/_helpers.tpl | 7 + .../templates/vsphere-cloud-config-cm.yaml | 15 + .../100.0.0/templates/vsphere-cpi-ds.yaml | 89 + .../100.0.0/templates/vsphere-cpi-rbac.yaml | 129 + .../templates/vsphere-creds-secret.yaml | 10 + .../rancher-vsphere-cpi/100.0.0/values.yaml | 22 + .../rancher-vsphere-csi/100.0.0/Chart.yaml | 19 + .../rancher-vsphere-csi/100.0.0/README.md | 73 + .../rancher-vsphere-csi/100.0.0/app-readme.md | 14 + .../100.0.0/questions.yaml | 104 + .../100.0.0/templates/_helpers.tpl | 7 + .../vsphere-csi-controller-deployment.yaml | 240 + .../vsphere-csi-controller-rbac.yaml | 55 + .../templates/vsphere-csi-node-ds.yaml | 152 + .../templates/vsphere-csi-node-rbac.yaml | 29 + .../100.0.0/templates/vsphere-csi-secret.yaml | 9 + .../templates/vsphere-csi-storageclass.yaml | 16 + .../rancher-vsphere-csi/100.0.0/values.yaml | 75 + .../rancher-webhook/1.0.0+up0.2.0/Chart.yaml | 15 + .../1.0.0+up0.2.0/charts/capi/Chart.yaml | 4 + .../charts/capi/templates/service.yaml | 13 + .../1.0.0+up0.2.0/templates/_helpers.tpl | 11 + .../1.0.0+up0.2.0/templates/deployment.yaml | 44 + .../pre-delete-hook-cluster-role-binding.yaml | 19 + .../pre-delete-hook-cluster-role.yaml | 23 + .../templates/pre-delete-hook-job.yaml | 26 + .../templates/pre-delete-hook-psp.yaml | 32 + .../pre-delete-hook-service-account.yaml | 12 + .../1.0.0+up0.2.0/templates/rbac.yaml | 12 + .../1.0.0+up0.2.0/templates/service.yaml | 13 + .../templates/serviceaccount.yaml | 4 + .../1.0.0+up0.2.0/templates/webhook.yaml | 19 + .../rancher-webhook/1.0.0+up0.2.0/values.yaml | 21 + .../100.0.0/.helmignore | 23 + .../100.0.0/Chart.yaml | 15 + .../100.0.0/README.md | 17 + .../100.0.0/scripts/check-wins-version.ps1 | 20 + .../100.0.0/scripts/proxy-entry.ps1 | 11 + .../100.0.0/scripts/run.ps1 | 78 + .../100.0.0/templates/_helpers.tpl | 113 + .../100.0.0/templates/configmap.yaml | 10 + .../100.0.0/templates/daemonset.yaml | 77 + .../100.0.0/templates/prometheusrule.yaml | 13 + .../100.0.0/templates/rbac.yaml | 78 + .../100.0.0/templates/service.yaml | 15 + .../100.0.0/templates/servicemonitor.yaml | 41 + .../100.0.0/values.yaml | 50 + .../100.0.0+up0.0.1/.helmignore | 23 + .../100.0.0+up0.0.1/Chart.yaml | 15 + .../100.0.0+up0.0.1/README.md | 41 + .../100.0.0+up0.0.1/app-readme.md | 19 + .../100.0.0+up0.0.1/scripts/noop.ps1 | 4 + .../100.0.0+up0.0.1/scripts/upgrade.ps1 | 72 + .../100.0.0+up0.0.1/templates/_helpers.tpl | 63 + .../100.0.0+up0.0.1/templates/configmap.yaml | 17 + .../100.0.0+up0.0.1/templates/daemonset.yaml | 72 + .../100.0.0+up0.0.1/templates/rbac.yaml | 70 + .../100.0.0+up0.0.1/values.yaml | 60 + .../100.0.0+up0.3.0/Chart.yaml | 14 + .../100.0.0+up0.3.0/templates/_helpers.tpl | 9 + .../templates/clusterrolebinding.yaml | 12 + .../100.0.0+up0.3.0/templates/configmap.yaml | 16 + .../100.0.0+up0.3.0/templates/deployment.yaml | 62 + .../templates/serviceaccount.yaml | 5 + .../100.0.0+up0.3.0/values.yaml | 12 + 1122 files changed, 174563 insertions(+) create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/Chart.yaml create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/_helpers.tpl create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/configmap.yaml create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/deployment.yaml create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/network_policy_allow_all.yaml create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/patch_default_serviceaccount.yaml create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/rbac.yaml create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/secret.yaml create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/serviceaccount.yaml create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/validate.yaml create mode 100644 charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/values.yaml create mode 100644 charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/Chart.yaml create mode 100644 charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/crds.yaml create mode 100644 charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/gitjobs-crds.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/Chart.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/.helmignore create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/Chart.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/_helpers.tpl create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrole.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrolebinding.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/deployment.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/service.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/serviceaccount.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/values.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/templates/_helpers.tpl create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/templates/configmap.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/templates/deployment.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/templates/rbac.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/templates/serviceaccount.yaml create mode 100644 charts/fleet/fleet/100.0.0+up0.3.6/values.yaml create mode 100644 charts/longhorn/longhorn-crd/100.0.0+up1.1.2/Chart.yaml create mode 100644 charts/longhorn/longhorn-crd/100.0.0+up1.1.2/README.md create mode 100644 charts/longhorn/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/.helmignore create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/Chart.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/README.md create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/app-readme.md create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/questions.yml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/NOTES.txt create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/ingress.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/psp.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/userroles.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml create mode 100644 charts/longhorn/longhorn/100.0.0+up1.1.2/values.yaml create mode 100644 charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/Chart.yaml create mode 100644 charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/templates/crds.yaml create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/Chart.yaml create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/NOTES.txt create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/_helpers.tpl create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrole.yaml create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/deployment.yaml create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/serviceaccount.yaml create mode 100644 charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/values.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/Chart.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/README.md create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/app-readme.md create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/.helmignore create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/Chart.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/files/teams.j2 create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/NOTES.txt create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/_helpers.tpl create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/configmap.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/deployment.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/psp.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/role.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/rolebinding.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service-account.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/values.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/.helmignore create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/Chart.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/files/template.tmpl create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/NOTES.txt create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/_helpers.tpl create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/configmap-pre-install.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/deployment.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/psp.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/role.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/rolebinding.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service-account.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/values.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/questions.yml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/NOTES.txt create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/_helpers.tpl create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/cluster-role.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/hardened.yaml create mode 100644 charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/values.yaml create mode 100644 charts/rancher-backup-crd/rancher-backup-crd/2.0.0/Chart.yaml create mode 100644 charts/rancher-backup-crd/rancher-backup-crd/2.0.0/README.md create mode 100644 charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/backup.yaml create mode 100644 charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/resourceset.yaml create mode 100644 charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/restore.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/Chart.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/README.md create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/app-readme.md create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/aks.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/eks.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/fleet.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/gke.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/provisioningv2.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher-operator.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/templates/_helpers.tpl create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/templates/deployment.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/templates/hardened.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/templates/psp.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/templates/pvc.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/templates/rancher-resourceset.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/templates/s3-secret.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/templates/validate-install-crd.yaml create mode 100644 charts/rancher-backup/rancher-backup/2.0.0/values.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/Chart.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/README.md create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscan.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanbenchmark.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanprofile.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanreport.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/Chart.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/README.md create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/app-readme.md create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/_helpers.tpl create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/alertingrule.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.5.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.6.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-eks-1.0.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-gke-1.0.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/cis-roles.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/configmap.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/deployment.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/network_policy_allow_all.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/patch_default_serviceaccount.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/rbac.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.5.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.6.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-hardened.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-permissive.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-hardened.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-permissive.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-hardened.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-permissive.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-hardened.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-permissive.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-hardened.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-permissive.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofileeks.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofilegke.yml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/validate-install-crd.yaml create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/values.yaml create mode 100644 charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/Chart.yaml create mode 100644 charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/templates/crds.yaml create mode 100644 charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/Chart.yaml create mode 100644 charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/NOTES.txt create mode 100644 charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/_helpers.tpl create mode 100644 charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrole.yaml create mode 100644 charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/deployment.yaml create mode 100644 charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml create mode 100644 charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/values.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/.helmignore create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/README.md create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/app-README.md create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/questions.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/NOTES.txt create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/_helpers.tpl create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/admissionregistration.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrole.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/deployment.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/issuer.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/service.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/servicemonitor.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/admissionregistration_test.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrole_test.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrolebinding_test.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/deployment_test.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/issuer_test.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/service_test.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/serviceaccount_test.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/servicemonitor_test.yaml create mode 100644 charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/values.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/Chart.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/README.md create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assign-customresourcedefinition.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assignmetadata-customresourcedefinition.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/config-customresourcedefinition.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/_helpers.tpl create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/jobs.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/manifest.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/rbac.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/values.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/.helmignore create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/CHANGELOG.md create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/Chart.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/README.md create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/app-readme.md create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/_helpers.tpl create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/allowedrepos.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-podsecuritypolicy.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-serviceaccount.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-audit-deployment.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-deployment.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-critical-pods-resourcequota.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-clusterrole.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-role.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-server-cert-secret.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-service-service.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/namespace-post-install.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/requiredlabels.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/validate-install-crd.yaml create mode 100644 charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/values.yaml create mode 100644 charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/Chart.yaml create mode 100644 charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/templates/crds.yaml create mode 100644 charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/Chart.yaml create mode 100644 charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/NOTES.txt create mode 100644 charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/_helpers.tpl create mode 100644 charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrole.yaml create mode 100644 charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/deployment.yaml create mode 100644 charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml create mode 100644 charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/values.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/.helmignore create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/dashboards/custom-dashboard.json create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/NOTES.txt create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_helpers.tpl create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_pod.tpl create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrole.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap-dashboard-provider.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/dashboards-json-configmap.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/deployment.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/headless-service.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/hpa.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-deployment.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-network-policy.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-service.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/ingress.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/nginx-config.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/poddisruptionbudget.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/podsecuritypolicy.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/pvc.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/role.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/rolebinding.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret-env.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/service.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/servicemonitor.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/statefulset.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-configmap.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-podsecuritypolicy.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-role.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-rolebinding.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-serviceaccount.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test.yaml create mode 100644 charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/values.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/Chart.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/README.md create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/app-readme.md create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/Chart.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/NOTES.txt create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/_helpers.tpl create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/cabundle.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/configmap.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/go.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/deployment.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/hpa.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/ingress.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/oauth.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/psp.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role-controlplane.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role-viewer.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/rolebinding.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/route.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/service.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/serviceaccount.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/validate-install-crd.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/web-root-configmap.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/values.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/.helmignore create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/Chart.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/README.md create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/_affinity.tpl create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/_helpers.tpl create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/deployment.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/psp.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/pvc.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/service.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/values.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/configs/istio-base.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/requirements.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/samples/overlay-example.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/_helpers.tpl create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/admin-role.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/base-config-map.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/clusterrole.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/edit-role.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-cni-psp.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-install-job.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-install-psp.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-psp.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-uninstall-job.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/overlay-config-map.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/service-monitors.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/serviceaccount.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/view-role.yaml create mode 100644 charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/values.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/Chart.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/README.md create mode 100644 charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/templates/crds.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/Chart.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/NOTES.txt create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/_helpers.tpl create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/cabundle.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/configmap.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/envoy.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/go.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/kiali.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.0.6-jvm.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.1-jvm.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/microprofile-1.1.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/microprofile-x.y.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/nodejs.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/quarkus.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-jvm-pool.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-jvm.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-tomcat.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/thorntail.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/tomcat.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-client.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-eventbus.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-jvm.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-pool.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-server.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/deployment.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/hpa.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/ingress.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/oauth.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/psp.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role-controlplane.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role-viewer.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/rolebinding-controlplane.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/rolebinding.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/route.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/service.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/validate-install-crd.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/web-root-configmap.yaml create mode 100644 charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/values.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/.helmignore create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/Chart.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/OWNERS create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/README.md create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/NOTES.txt create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/_helpers.tpl create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/deployment.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/kubeconfig-secret.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/pdb.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/podsecuritypolicy.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/psp-clusterrole.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/role.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/rolebinding.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/service.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/servicemonitor.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/stsdiscovery-role.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/stsdiscovery-rolebinding.yaml create mode 100644 charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/values.yaml create mode 100644 charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/Chart.yaml create mode 100644 charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/README.md create mode 100644 charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_clusterflows.yaml create mode 100644 charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_clusteroutputs.yaml create mode 100644 charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_flows.yaml create mode 100644 charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_loggings.yaml create mode 100644 charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_outputs.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/.helmignore create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/Chart.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/README.md create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/app-readme.md create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/NOTES.txt create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/_helpers.tpl create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/clusterrole.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/crds.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/deployment.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/aks/logging.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/eks/logging.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/gke/logging.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/configmap.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/daemonset.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/logging-k3s-openrc.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/kube-audit/logging.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke/configmap.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke/daemonset.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke2/configmap.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke2/daemonset.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/root/logging.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/psp.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/service.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/serviceMonitor.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/userroles.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/validate-install-crd.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/validate-install.yaml create mode 100644 charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-alertmanagerconfigs.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-alertmanagers.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-podmonitors.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-probes.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-prometheuses.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-prometheusrules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-servicemonitors.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-thanosrulers.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/jobs.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/manifest.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/CHANGELOG.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/CONTRIBUTING.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/app-README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/dashboards/custom-dashboard.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/NOTES.txt create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_pod.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/clusterrole.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap-dashboard-provider.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/dashboards-json-configmap.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/deployment.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/headless-service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/hpa.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-deployment.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-network-policy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/ingress.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/nginx-config.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/poddisruptionbudget.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/podsecuritypolicy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/pvc.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/rolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret-env.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/statefulset.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-configmap.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-podsecuritypolicy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-rolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-serviceaccount.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/NOTES.txt create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/deployment.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/kubeconfig-secret.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/pdb.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/podsecuritypolicy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/psp-clusterrole.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/rolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/stsdiscovery-role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/NOTES.txt create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/certmanager.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/configmap.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/deployment.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/pdb.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/psp.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/secret.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/NOTES.txt create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/daemonset.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/endpoints.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/monitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-clients.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/.helmignore create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/Chart.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/README.md create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/check-wins-version.ps1 create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/proxy-entry.ps1 create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/run.ps1 create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/configmap.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/daemonset.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/prometheusrule.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/rbac.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/values.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/ingress-nginx/nginx.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/ingress-nginx/request-handling-performance.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/cluster/rancher-cluster-nodes.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/cluster/rancher-cluster.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/home/rancher-default-home.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-etcd-nodes.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-etcd.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-k8s-components-nodes.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-k8s-components.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/nodes/rancher-node-detail.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/nodes/rancher-node.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/pods/rancher-pod-containers.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/pods/rancher-pod.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/workloads/rancher-workload-pods.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/workloads/rancher-workload.json create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/NOTES.txt create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/_helpers.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/alertmanager.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/ingress.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/ingressperreplica.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/podDisruptionBudget.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp-role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp-rolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/secret.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/serviceperreplica.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/core-dns/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/core-dns/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-api-server/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/endpoints.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-dns/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-dns/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/endpoints.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/endpoints.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/endpoints.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-state-metrics/serviceMonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kubelet/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/node-exporter/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/configmap-dashboards.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/configmaps-datasources.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/apiserver.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/cluster-total.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/controller-manager.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/etcd.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-coredns.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-node.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/kubelet.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/namespace-by-pod.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/namespace-by-workload.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/node-rsrc-use.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/nodes.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/pod-total.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/prometheus.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/proxy.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/scheduler.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/statefulset.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/workload-total.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/namespaces.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/certmanager.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/clusterrole.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/deployment.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp-clusterrole.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/_rules.tpl create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalAlertRelabelConfigs.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalAlertmanagerConfigs.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalPrometheusRules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalScrapeConfigs.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/clusterrole.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingress.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingressThanosSidecar.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingressperreplica.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/nginx-config.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/podDisruptionBudget.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/podmonitors.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/prometheus.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp-clusterrole.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/alertmanager.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/etcd.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/general.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/k8s.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-state-metrics.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubelet.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-apps.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-resources.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-storage.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-exporter.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-exporter.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-network.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node.rules.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/prometheus-operator.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/prometheus.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceThanosSidecar.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceThanosSidecarExternal.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceaccount.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/servicemonitors.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceperreplica.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/clusterrole.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/config-role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboard-role.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/hardened.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/validate-install-crd.yaml create mode 100644 charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/values.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/.helmignore create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/Chart.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/OWNERS create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/README.md create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/ci/port-values.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/templates/NOTES.txt create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/templates/_helpers.tpl create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/templates/daemonset.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/templates/endpoints.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/templates/monitor.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/templates/psp-clusterrole.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/templates/psp-clusterrolebinding.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/templates/psp.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/templates/service.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/templates/serviceaccount.yaml create mode 100644 charts/rancher-node-exporter/rancher-node-exporter/100.0.0+up1.18.1/values.yaml create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/.helmignore create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/Chart.yaml create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/files/teams.j2 create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/templates/NOTES.txt create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/templates/_helpers.tpl create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/templates/configmap.yaml create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/templates/deployment.yaml create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/templates/psp.yaml create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/templates/role.yaml create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/templates/rolebinding.yaml create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/templates/service-account.yaml create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/templates/service.yaml create mode 100644 charts/rancher-prom2teams/rancher-prom2teams/100.0.0+up0.2.0/values.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/.helmignore create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/Chart.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/README.md create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/ci/default-values.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/ci/external-rules-values.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/NOTES.txt create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/_helpers.tpl create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/certmanager.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/cluster-role-binding-auth-delegator.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/cluster-role-binding-resource-reader.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/cluster-role-resource-reader.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/configmap.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/custom-metrics-apiservice.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/custom-metrics-cluster-role-binding-hpa.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/custom-metrics-cluster-role.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/deployment.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/external-metrics-apiservice.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/external-metrics-cluster-role-binding-hpa.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/external-metrics-cluster-role.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/pdb.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/psp.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/resource-metrics-apiservice.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/resource-metrics-cluster-role-binding.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/resource-metrics-cluster-role.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/role-binding-auth-reader.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/secret.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/service.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-prometheus-adapter/rancher-prometheus-adapter/100.0.0+up2.14.0/values.yaml create mode 100644 charts/rancher-pushprox/rancher-pushprox/100.0.0/.helmignore create mode 100644 charts/rancher-pushprox/rancher-pushprox/100.0.0/Chart.yaml create mode 100644 charts/rancher-pushprox/rancher-pushprox/100.0.0/README.md create mode 100644 charts/rancher-pushprox/rancher-pushprox/100.0.0/templates/_helpers.tpl create mode 100644 charts/rancher-pushprox/rancher-pushprox/100.0.0/templates/pushprox-clients-rbac.yaml create mode 100644 charts/rancher-pushprox/rancher-pushprox/100.0.0/templates/pushprox-clients.yaml create mode 100644 charts/rancher-pushprox/rancher-pushprox/100.0.0/templates/pushprox-proxy-rbac.yaml create mode 100644 charts/rancher-pushprox/rancher-pushprox/100.0.0/templates/pushprox-proxy.yaml create mode 100644 charts/rancher-pushprox/rancher-pushprox/100.0.0/templates/pushprox-servicemonitor.yaml create mode 100644 charts/rancher-pushprox/rancher-pushprox/100.0.0/values.yaml create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/.helmignore create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/Chart.yaml create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/files/template.tmpl create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/templates/NOTES.txt create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/templates/_helpers.tpl create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/templates/configmap-pre-install.yaml create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/templates/deployment.yaml create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/templates/psp.yaml create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/templates/role.yaml create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/templates/rolebinding.yaml create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/templates/service-account.yaml create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/templates/service.yaml create mode 100644 charts/rancher-sachet/rancher-sachet/100.0.0/values.yaml create mode 100644 charts/rancher-sriov/sriov-crd/100.0.0+up0.1.0/Chart.yaml create mode 100644 charts/rancher-sriov/sriov-crd/100.0.0+up0.1.0/templates/sriovnetwork.openshift.io_sriovibnetworks.yaml create mode 100644 charts/rancher-sriov/sriov-crd/100.0.0+up0.1.0/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml create mode 100644 charts/rancher-sriov/sriov-crd/100.0.0+up0.1.0/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml create mode 100644 charts/rancher-sriov/sriov-crd/100.0.0+up0.1.0/templates/sriovnetwork.openshift.io_sriovnetworks.yaml create mode 100644 charts/rancher-sriov/sriov-crd/100.0.0+up0.1.0/templates/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/.helmignore create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/Chart.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/README.md create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/app-README.md create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/NOTES.txt create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/_helpers.tpl create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/_webhook-certs.tpl create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/certmanagercerts.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/clusterrole.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/operator.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/role.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/rolebinding.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/secrets.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/templates/validate-install-crd.yaml create mode 100644 charts/rancher-sriov/sriov/100.0.0+up0.1.0/values.yaml create mode 100644 charts/rancher-tracing/rancher-tracing/100.0.0/.helmignore create mode 100644 charts/rancher-tracing/rancher-tracing/100.0.0/Chart.yaml create mode 100644 charts/rancher-tracing/rancher-tracing/100.0.0/README.md create mode 100644 charts/rancher-tracing/rancher-tracing/100.0.0/templates/_affinity.tpl create mode 100644 charts/rancher-tracing/rancher-tracing/100.0.0/templates/_helpers.tpl create mode 100644 charts/rancher-tracing/rancher-tracing/100.0.0/templates/deployment.yaml create mode 100644 charts/rancher-tracing/rancher-tracing/100.0.0/templates/psp.yaml create mode 100644 charts/rancher-tracing/rancher-tracing/100.0.0/templates/pvc.yaml create mode 100644 charts/rancher-tracing/rancher-tracing/100.0.0/templates/service.yaml create mode 100644 charts/rancher-tracing/rancher-tracing/100.0.0/values.yaml create mode 100644 charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/Chart.yaml create mode 100644 charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/README.md create mode 100644 charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/app-readme.md create mode 100644 charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/questions.yaml create mode 100644 charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/templates/_helpers.tpl create mode 100644 charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/templates/vsphere-cloud-config-cm.yaml create mode 100644 charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/templates/vsphere-cpi-ds.yaml create mode 100644 charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/templates/vsphere-cpi-rbac.yaml create mode 100644 charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/templates/vsphere-creds-secret.yaml create mode 100644 charts/rancher-vsphere-cpi/rancher-vsphere-cpi/100.0.0/values.yaml create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/Chart.yaml create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/README.md create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/app-readme.md create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/questions.yaml create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/templates/_helpers.tpl create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/templates/vsphere-csi-controller-deployment.yaml create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/templates/vsphere-csi-controller-rbac.yaml create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/templates/vsphere-csi-node-ds.yaml create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/templates/vsphere-csi-node-rbac.yaml create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/templates/vsphere-csi-secret.yaml create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/templates/vsphere-csi-storageclass.yaml create mode 100644 charts/rancher-vsphere-csi/rancher-vsphere-csi/100.0.0/values.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/Chart.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/charts/capi/Chart.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/charts/capi/templates/service.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/_helpers.tpl create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/deployment.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/pre-delete-hook-cluster-role-binding.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/pre-delete-hook-cluster-role.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/pre-delete-hook-job.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/pre-delete-hook-psp.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/pre-delete-hook-service-account.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/rbac.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/service.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/serviceaccount.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/templates/webhook.yaml create mode 100644 charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0/values.yaml create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/.helmignore create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/Chart.yaml create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/README.md create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/scripts/check-wins-version.ps1 create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/scripts/proxy-entry.ps1 create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/scripts/run.ps1 create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/templates/_helpers.tpl create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/templates/configmap.yaml create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/templates/daemonset.yaml create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/templates/prometheusrule.yaml create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/templates/rbac.yaml create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/templates/service.yaml create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/templates/servicemonitor.yaml create mode 100644 charts/rancher-windows-exporter/rancher-windows-exporter/100.0.0/values.yaml create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/.helmignore create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/Chart.yaml create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/README.md create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/app-readme.md create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/scripts/noop.ps1 create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/scripts/upgrade.ps1 create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/templates/_helpers.tpl create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/templates/configmap.yaml create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/templates/daemonset.yaml create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/templates/rbac.yaml create mode 100644 charts/rancher-wins-upgrader/rancher-wins-upgrader/100.0.0+up0.0.1/values.yaml create mode 100644 charts/system-upgrade-controller/system-upgrade-controller/100.0.0+up0.3.0/Chart.yaml create mode 100644 charts/system-upgrade-controller/system-upgrade-controller/100.0.0+up0.3.0/templates/_helpers.tpl create mode 100644 charts/system-upgrade-controller/system-upgrade-controller/100.0.0+up0.3.0/templates/clusterrolebinding.yaml create mode 100644 charts/system-upgrade-controller/system-upgrade-controller/100.0.0+up0.3.0/templates/configmap.yaml create mode 100644 charts/system-upgrade-controller/system-upgrade-controller/100.0.0+up0.3.0/templates/deployment.yaml create mode 100644 charts/system-upgrade-controller/system-upgrade-controller/100.0.0+up0.3.0/templates/serviceaccount.yaml create mode 100644 charts/system-upgrade-controller/system-upgrade-controller/100.0.0+up0.3.0/values.yaml diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/Chart.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/Chart.yaml new file mode 100644 index 000000000..e2f5371e6 --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: fleet-agent +apiVersion: v2 +appVersion: 0.3.6 +description: Fleet Manager Agent - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet-agent +version: 100.0.0+up0.3.6 diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/_helpers.tpl b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/_helpers.tpl new file mode 100644 index 000000000..f652b5643 --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/configmap.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/configmap.yaml new file mode 100644 index 000000000..ce61a8756 --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/configmap.yaml @@ -0,0 +1,12 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: fleet-agent +data: + config: |- + { + {{ if .Values.labels }} + "labels":{{toJson .Values.labels}}, + {{ end }} + "clientID":"{{.Values.clientID}}" + } diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/deployment.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/deployment.yaml new file mode 100644 index 000000000..72323dc76 --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-agent +spec: + selector: + matchLabels: + app: fleet-agent + template: + metadata: + labels: + app: fleet-agent + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}' + name: fleet-agent + serviceAccountName: fleet-agent + {{- with .Values.fleetAgent.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.fleetAgent.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/network_policy_allow_all.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/network_policy_allow_all.yaml new file mode 100644 index 000000000..a72109a06 --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ .Values.internal.systemNamespace }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/patch_default_serviceaccount.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/patch_default_serviceaccount.yaml new file mode 100644 index 000000000..2448cb4f3 --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-fleet-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: fleet-agent + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ .Values.internal.systemNamespace }}] + {{- with .Values.kubectl.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.kubectl.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + backoffLimit: 1 diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/rbac.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/rbac.yaml new file mode 100644 index 000000000..805949bf2 --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-agent-system-fleet-agent-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-agent-system-fleet-agent-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-agent-system-fleet-agent-role +subjects: +- kind: ServiceAccount + name: fleet-agent + namespace: {{.Release.Namespace}} diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/secret.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/secret.yaml new file mode 100644 index 000000000..471588204 --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + systemRegistrationNamespace: "{{b64enc .Values.systemRegistrationNamespace}}" + clusterNamespace: "{{b64enc .Values.clusterNamespace}}" + token: "{{b64enc .Values.token}}" + apiServerURL: "{{b64enc .Values.apiServerURL}}" + apiServerCA: "{{b64enc .Values.apiServerCA}}" +kind: Secret +metadata: + name: fleet-agent-bootstrap diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/serviceaccount.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/serviceaccount.yaml new file mode 100644 index 000000000..73e27f0be --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-agent diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/validate.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/validate.yaml new file mode 100644 index 000000000..d53ff1c50 --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/validate.yaml @@ -0,0 +1,11 @@ +{{if ne .Release.Namespace .Values.internal.systemNamespace }} +{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }} +{{end}} + +{{if ne .Release.Name .Values.internal.managedReleaseName }} +{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }} +{{end}} + +{{if not .Values.apiServerURL }} +{{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }} +{{end}} diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/values.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/values.yaml new file mode 100644 index 000000000..e00317b4a --- /dev/null +++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/values.yaml @@ -0,0 +1,57 @@ +image: + os: "windows,linux" + repository: rancher/fleet-agent + tag: v0.3.6 + +# The public URL of the Kubernetes API server running the Fleet Manager must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager. +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# The cluster registration value +token: "" + +# Labels to add to the cluster upon registration only. They are not added after the fact. +#labels: +# foo: bar + +# The client ID of the cluster to associate with +clientID: "" + +# The namespace of the cluster we are register with +clusterNamespace: "" + +# The namespace containing the clusters registration secrets +systemRegistrationNamespace: fleet-clusters-system + +# Please do not change the below setting unless you really know what you are doing +internal: + systemNamespace: fleet-system + managedReleaseName: fleet-agent + +# The nodeSelector and tolerations for the agent deployment +fleetAgent: + nodeSelector: {} + tolerations: [] +kubectl: + nodeSelector: + kubernetes.io/os: linux + tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + - key: node.cloudprovider.kubernetes.io/uninitialized + operator: "Equal" + value: "true" + effect: NoSchedule + +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 diff --git a/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/Chart.yaml b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/Chart.yaml new file mode 100644 index 000000000..00f2ff7bc --- /dev/null +++ b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: fleet-crd +apiVersion: v2 +appVersion: 0.3.6 +description: Fleet Manager CustomResourceDefinitions +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet-crd +version: 100.0.0+up0.3.6 diff --git a/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/crds.yaml b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/crds.yaml new file mode 100644 index 000000000..f70486af5 --- /dev/null +++ b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/crds.yaml @@ -0,0 +1,5231 @@ +{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bundles.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: Bundle + plural: bundles + singular: bundle + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.display.readyClusters + name: BundleDeployments-Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + defaultNamespace: + nullable: true + type: string + dependsOn: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + chart: + nullable: true + type: string + force: + type: boolean + maxHistory: + type: integer + releaseName: + nullable: true + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + type: object + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + paused: + type: boolean + resources: + items: + properties: + content: + nullable: true + type: string + encoding: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + rolloutStrategy: + nullable: true + properties: + autoPartitionSize: + nullable: true + type: string + maxUnavailable: + nullable: true + type: string + maxUnavailablePartitions: + nullable: true + type: string + partitions: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + maxUnavailable: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + serviceAccount: + nullable: true + type: string + targetRestrictions: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + name: + nullable: true + type: string + type: object + nullable: true + type: array + targets: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + defaultNamespace: + nullable: true + type: string + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + chart: + nullable: true + type: string + force: + type: boolean + maxHistory: + type: integer + releaseName: + nullable: true + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + type: object + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + name: + nullable: true + type: string + namespace: + nullable: true + type: string + serviceAccount: + nullable: true + type: string + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + nullable: true + type: array + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + properties: + readyClusters: + nullable: true + type: string + state: + nullable: true + type: string + type: object + maxNew: + type: integer + maxUnavailable: + type: integer + maxUnavailablePartitions: + type: integer + newlyCreated: + type: integer + observedGeneration: + type: integer + partitions: + items: + properties: + count: + type: integer + maxUnavailable: + type: integer + name: + nullable: true + type: string + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + unavailable: + type: integer + type: object + nullable: true + type: array + resourceKey: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + nullable: true + type: array + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + unavailable: + type: integer + unavailablePartitions: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bundledeployments.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: BundleDeployment + plural: bundledeployments + singular: bundledeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.display.deployed + name: Deployed + type: string + - jsonPath: .status.display.monitored + name: Monitored + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + dependsOn: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + deploymentID: + nullable: true + type: string + options: + properties: + defaultNamespace: + nullable: true + type: string + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + chart: + nullable: true + type: string + force: + type: boolean + maxHistory: + type: integer + releaseName: + nullable: true + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + type: object + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + serviceAccount: + nullable: true + type: string + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + stagedDeploymentID: + nullable: true + type: string + stagedOptions: + properties: + defaultNamespace: + nullable: true + type: string + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + chart: + nullable: true + type: string + force: + type: boolean + maxHistory: + type: integer + releaseName: + nullable: true + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + type: object + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + serviceAccount: + nullable: true + type: string + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + type: object + status: + properties: + appliedDeploymentID: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + properties: + deployed: + nullable: true + type: string + monitored: + nullable: true + type: string + state: + nullable: true + type: string + type: object + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + nonModified: + type: boolean + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + ready: + type: boolean + release: + nullable: true + type: string + syncGeneration: + nullable: true + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bundlenamespacemappings.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: BundleNamespaceMapping + plural: bundlenamespacemappings + singular: bundlenamespacemapping + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + bundleSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustergroups.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + categories: + - fleet + kind: ClusterGroup + plural: clustergroups + singular: clustergroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.display.readyClusters + name: Clusters-Ready + type: string + - jsonPath: .status.display.readyBundles + name: Bundles-Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + type: object + status: + properties: + clusterCount: + type: integer + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + properties: + readyBundles: + nullable: true + type: string + readyClusters: + nullable: true + type: string + state: + nullable: true + type: string + type: object + nonReadyClusterCount: + type: integer + nonReadyClusters: + items: + nullable: true + type: string + nullable: true + type: array + resourceCounts: + properties: + desiredReady: + type: integer + missing: + type: integer + modified: + type: integer + notReady: + type: integer + orphaned: + type: integer + ready: + type: integer + unknown: + type: integer + waitApplied: + type: integer + type: object + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusters.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: Cluster + plural: clusters + singular: cluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.display.readyBundles + name: Bundles-Ready + type: string + - jsonPath: .status.display.readyNodes + name: Nodes-Ready + type: string + - jsonPath: .status.display.sampleNode + name: Sample-Node + type: string + - jsonPath: .status.agent.lastSeen + name: Last-Seen + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + agentEnvVars: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + clientID: + nullable: true + type: string + kubeConfigSecret: + nullable: true + type: string + paused: + type: boolean + redeployAgentGeneration: + type: integer + type: object + status: + properties: + agent: + properties: + lastSeen: + nullable: true + type: string + namespace: + nullable: true + type: string + nonReadyNodeNames: + items: + nullable: true + type: string + nullable: true + type: array + nonReadyNodes: + type: integer + readyNodeNames: + items: + nullable: true + type: string + nullable: true + type: array + readyNodes: + type: integer + type: object + agentDeployedGeneration: + nullable: true + type: integer + agentEnvVarsHash: + nullable: true + type: string + agentMigrated: + type: boolean + cattleNamespaceMigrated: + type: boolean + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + desiredReadyGitRepos: + type: integer + display: + properties: + readyBundles: + nullable: true + type: string + readyNodes: + nullable: true + type: string + sampleNode: + nullable: true + type: string + state: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + readyGitRepos: + type: integer + resourceCounts: + properties: + desiredReady: + type: integer + missing: + type: integer + modified: + type: integer + notReady: + type: integer + orphaned: + type: integer + ready: + type: integer + unknown: + type: integer + waitApplied: + type: integer + type: object + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterregistrationtokens.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: ClusterRegistrationToken + plural: clusterregistrationtokens + singular: clusterregistrationtoken + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.secretName + name: Secret-Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + ttl: + nullable: true + type: string + type: object + status: + properties: + expires: + nullable: true + type: string + secretName: + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gitrepos.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + categories: + - fleet + kind: GitRepo + plural: gitrepos + singular: gitrepo + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.repo + name: Repo + type: string + - jsonPath: .status.commit + name: Commit + type: string + - jsonPath: .status.display.readyBundleDeployments + name: BundleDeployments-Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + branch: + nullable: true + type: string + caBundle: + nullable: true + type: string + clientSecretName: + nullable: true + type: string + forceSyncGeneration: + type: integer + helmSecretName: + nullable: true + type: string + imageScanCommit: + properties: + authorEmail: + nullable: true + type: string + authorName: + nullable: true + type: string + messageTemplate: + nullable: true + type: string + type: object + imageScanInterval: + nullable: true + type: string + insecureSkipTLSVerify: + type: boolean + paths: + items: + nullable: true + type: string + nullable: true + type: array + paused: + type: boolean + pollingInterval: + nullable: true + type: string + repo: + nullable: true + type: string + revision: + nullable: true + type: string + serviceAccount: + nullable: true + type: string + targetNamespace: + nullable: true + type: string + targets: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + status: + properties: + commit: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + desiredReadyClusters: + type: integer + display: + properties: + error: + type: boolean + message: + nullable: true + type: string + readyBundleDeployments: + nullable: true + type: string + state: + nullable: true + type: string + type: object + gitJobStatus: + nullable: true + type: string + lastSyncedImageScanTime: + nullable: true + type: string + observedGeneration: + type: integer + readyClusters: + type: integer + resourceCounts: + properties: + desiredReady: + type: integer + missing: + type: integer + modified: + type: integer + notReady: + type: integer + orphaned: + type: integer + ready: + type: integer + unknown: + type: integer + waitApplied: + type: integer + type: object + resourceErrors: + items: + nullable: true + type: string + nullable: true + type: array + resources: + items: + properties: + apiVersion: + nullable: true + type: string + error: + type: boolean + id: + nullable: true + type: string + incompleteState: + type: boolean + kind: + nullable: true + type: string + message: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + perClusterState: + items: + properties: + clusterId: + nullable: true + type: string + error: + type: boolean + message: + nullable: true + type: string + patch: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: + nullable: true + type: string + type: object + nullable: true + type: array + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterregistrations.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: ClusterRegistration + plural: clusterregistrations + singular: clusterregistration + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.clusterName + name: Cluster-Name + type: string + - jsonPath: .spec.clusterLabels + name: Labels + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + clientID: + nullable: true + type: string + clientRandom: + nullable: true + type: string + clusterLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + status: + properties: + clusterName: + nullable: true + type: string + granted: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gitreporestrictions.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: GitRepoRestriction + plural: gitreporestrictions + singular: gitreporestriction + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .defaultServiceAccount + name: Default-ServiceAccount + type: string + - jsonPath: .allowedServiceAccounts + name: Allowed-ServiceAccounts + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + allowedClientSecretNames: + items: + nullable: true + type: string + nullable: true + type: array + allowedRepoPatterns: + items: + nullable: true + type: string + nullable: true + type: array + allowedServiceAccounts: + items: + nullable: true + type: string + nullable: true + type: array + defaultClientSecretName: + nullable: true + type: string + defaultServiceAccount: + nullable: true + type: string + type: object + served: true + storage: true + subresources: + status: {} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: contents.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: Content + plural: contents + singular: content + preserveUnknownFields: false + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + content: + nullable: true + type: string + type: object + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: imagescans.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + categories: + - fleet + kind: ImageScan + plural: imagescans + singular: imagescan + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.image + name: Repository + type: string + - jsonPath: .status.latestTag + name: Latest + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + gitrepoName: + nullable: true + type: string + image: + nullable: true + type: string + interval: + nullable: true + type: string + policy: + properties: + alphabetical: + nullable: true + properties: + order: + nullable: true + type: string + type: object + semver: + nullable: true + properties: + range: + nullable: true + type: string + type: object + type: object + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + suspend: + type: boolean + tagName: + nullable: true + type: string + type: object + status: + properties: + canonicalImageName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + lastScanTime: + nullable: true + type: string + latestDigest: + nullable: true + type: string + latestImage: + nullable: true + type: string + latestTag: + nullable: true + type: string + observedGeneration: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- else -}} +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bundles.fleet.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.display.readyClusters + name: BundleDeployments-Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: fleet.cattle.io + names: + kind: Bundle + plural: bundles + singular: bundle + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + defaultNamespace: + nullable: true + type: string + dependsOn: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + chart: + nullable: true + type: string + force: + type: boolean + maxHistory: + type: integer + releaseName: + nullable: true + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + type: object + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + paused: + type: boolean + resources: + items: + properties: + content: + nullable: true + type: string + encoding: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + rolloutStrategy: + nullable: true + properties: + autoPartitionSize: + nullable: true + type: string + maxUnavailable: + nullable: true + type: string + maxUnavailablePartitions: + nullable: true + type: string + partitions: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + maxUnavailable: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + serviceAccount: + nullable: true + type: string + targetRestrictions: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + name: + nullable: true + type: string + type: object + nullable: true + type: array + targets: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + defaultNamespace: + nullable: true + type: string + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + chart: + nullable: true + type: string + force: + type: boolean + maxHistory: + type: integer + releaseName: + nullable: true + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + type: object + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + name: + nullable: true + type: string + namespace: + nullable: true + type: string + serviceAccount: + nullable: true + type: string + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + nullable: true + type: array + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + properties: + readyClusters: + nullable: true + type: string + state: + nullable: true + type: string + type: object + maxNew: + type: integer + maxUnavailable: + type: integer + maxUnavailablePartitions: + type: integer + newlyCreated: + type: integer + observedGeneration: + type: integer + partitions: + items: + properties: + count: + type: integer + maxUnavailable: + type: integer + name: + nullable: true + type: string + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + unavailable: + type: integer + type: object + nullable: true + type: array + resourceKey: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + nullable: true + type: array + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + unavailable: + type: integer + unavailablePartitions: + type: integer + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bundledeployments.fleet.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.display.deployed + name: Deployed + type: string + - JSONPath: .status.display.monitored + name: Monitored + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: fleet.cattle.io + names: + kind: BundleDeployment + plural: bundledeployments + singular: bundledeployment + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + dependsOn: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + deploymentID: + nullable: true + type: string + options: + properties: + defaultNamespace: + nullable: true + type: string + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + chart: + nullable: true + type: string + force: + type: boolean + maxHistory: + type: integer + releaseName: + nullable: true + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + type: object + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + serviceAccount: + nullable: true + type: string + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + stagedDeploymentID: + nullable: true + type: string + stagedOptions: + properties: + defaultNamespace: + nullable: true + type: string + diff: + nullable: true + properties: + comparePatches: + items: + properties: + apiVersion: + nullable: true + type: string + jsonPointers: + items: + nullable: true + type: string + nullable: true + type: array + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + operations: + items: + properties: + op: + nullable: true + type: string + path: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + forceSyncGeneration: + type: integer + helm: + nullable: true + properties: + chart: + nullable: true + type: string + force: + type: boolean + maxHistory: + type: integer + releaseName: + nullable: true + type: string + repo: + nullable: true + type: string + takeOwnership: + type: boolean + timeoutSeconds: + type: integer + values: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + valuesFiles: + items: + nullable: true + type: string + nullable: true + type: array + valuesFrom: + items: + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + version: + nullable: true + type: string + type: object + kustomize: + nullable: true + properties: + dir: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + serviceAccount: + nullable: true + type: string + yaml: + nullable: true + properties: + overlays: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + type: object + status: + properties: + appliedDeploymentID: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + properties: + deployed: + nullable: true + type: string + monitored: + nullable: true + type: string + state: + nullable: true + type: string + type: object + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + nonModified: + type: boolean + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + ready: + type: boolean + release: + nullable: true + type: string + syncGeneration: + nullable: true + type: integer + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: bundlenamespacemappings.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: BundleNamespaceMapping + plural: bundlenamespacemappings + singular: bundlenamespacemapping + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + bundleSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaceSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clustergroups.fleet.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.display.readyClusters + name: Clusters-Ready + type: string + - JSONPath: .status.display.readyBundles + name: Bundles-Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: fleet.cattle.io + names: + categories: + - fleet + kind: ClusterGroup + plural: clustergroups + singular: clustergroup + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + type: object + status: + properties: + clusterCount: + type: integer + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + properties: + readyBundles: + nullable: true + type: string + readyClusters: + nullable: true + type: string + state: + nullable: true + type: string + type: object + nonReadyClusterCount: + type: integer + nonReadyClusters: + items: + nullable: true + type: string + nullable: true + type: array + resourceCounts: + properties: + desiredReady: + type: integer + missing: + type: integer + modified: + type: integer + notReady: + type: integer + orphaned: + type: integer + ready: + type: integer + unknown: + type: integer + waitApplied: + type: integer + type: object + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusters.fleet.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.display.readyBundles + name: Bundles-Ready + type: string + - JSONPath: .status.display.readyNodes + name: Nodes-Ready + type: string + - JSONPath: .status.display.sampleNode + name: Sample-Node + type: string + - JSONPath: .status.agent.lastSeen + name: Last-Seen + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: fleet.cattle.io + names: + kind: Cluster + plural: clusters + singular: cluster + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + agentEnvVars: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + clientID: + nullable: true + type: string + kubeConfigSecret: + nullable: true + type: string + paused: + type: boolean + redeployAgentGeneration: + type: integer + type: object + status: + properties: + agent: + properties: + lastSeen: + nullable: true + type: string + namespace: + nullable: true + type: string + nonReadyNodeNames: + items: + nullable: true + type: string + nullable: true + type: array + nonReadyNodes: + type: integer + readyNodeNames: + items: + nullable: true + type: string + nullable: true + type: array + readyNodes: + type: integer + type: object + agentDeployedGeneration: + nullable: true + type: integer + agentEnvVarsHash: + nullable: true + type: string + agentMigrated: + type: boolean + cattleNamespaceMigrated: + type: boolean + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + desiredReadyGitRepos: + type: integer + display: + properties: + readyBundles: + nullable: true + type: string + readyNodes: + nullable: true + type: string + sampleNode: + nullable: true + type: string + state: + nullable: true + type: string + type: object + namespace: + nullable: true + type: string + readyGitRepos: + type: integer + resourceCounts: + properties: + desiredReady: + type: integer + missing: + type: integer + modified: + type: integer + notReady: + type: integer + orphaned: + type: integer + ready: + type: integer + unknown: + type: integer + waitApplied: + type: integer + type: object + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterregistrationtokens.fleet.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.secretName + name: Secret-Name + type: string + group: fleet.cattle.io + names: + kind: ClusterRegistrationToken + plural: clusterregistrationtokens + singular: clusterregistrationtoken + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + ttl: + nullable: true + type: string + type: object + status: + properties: + expires: + nullable: true + type: string + secretName: + nullable: true + type: string + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: gitrepos.fleet.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.repo + name: Repo + type: string + - JSONPath: .status.commit + name: Commit + type: string + - JSONPath: .status.display.readyBundleDeployments + name: BundleDeployments-Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: fleet.cattle.io + names: + categories: + - fleet + kind: GitRepo + plural: gitrepos + singular: gitrepo + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + branch: + nullable: true + type: string + caBundle: + nullable: true + type: string + clientSecretName: + nullable: true + type: string + forceSyncGeneration: + type: integer + helmSecretName: + nullable: true + type: string + imageScanCommit: + properties: + authorEmail: + nullable: true + type: string + authorName: + nullable: true + type: string + messageTemplate: + nullable: true + type: string + type: object + imageScanInterval: + nullable: true + type: string + insecureSkipTLSVerify: + type: boolean + paths: + items: + nullable: true + type: string + nullable: true + type: array + paused: + type: boolean + pollingInterval: + nullable: true + type: string + repo: + nullable: true + type: string + revision: + nullable: true + type: string + serviceAccount: + nullable: true + type: string + targetNamespace: + nullable: true + type: string + targets: + items: + properties: + clusterGroup: + nullable: true + type: string + clusterGroupSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + clusterName: + nullable: true + type: string + clusterSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + name: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + status: + properties: + commit: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + desiredReadyClusters: + type: integer + display: + properties: + error: + type: boolean + message: + nullable: true + type: string + readyBundleDeployments: + nullable: true + type: string + state: + nullable: true + type: string + type: object + gitJobStatus: + nullable: true + type: string + lastSyncedImageScanTime: + nullable: true + type: string + observedGeneration: + type: integer + readyClusters: + type: integer + resourceCounts: + properties: + desiredReady: + type: integer + missing: + type: integer + modified: + type: integer + notReady: + type: integer + orphaned: + type: integer + ready: + type: integer + unknown: + type: integer + waitApplied: + type: integer + type: object + resourceErrors: + items: + nullable: true + type: string + nullable: true + type: array + resources: + items: + properties: + apiVersion: + nullable: true + type: string + error: + type: boolean + id: + nullable: true + type: string + incompleteState: + type: boolean + kind: + nullable: true + type: string + message: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + perClusterState: + items: + properties: + clusterId: + nullable: true + type: string + error: + type: boolean + message: + nullable: true + type: string + patch: + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: + nullable: true + type: string + type: object + nullable: true + type: array + summary: + properties: + desiredReady: + type: integer + errApplied: + type: integer + modified: + type: integer + nonReadyResources: + items: + properties: + bundleState: + nullable: true + type: string + message: + nullable: true + type: string + modifiedStatus: + items: + properties: + apiVersion: + nullable: true + type: string + delete: + type: boolean + kind: + nullable: true + type: string + missing: + type: boolean + name: + nullable: true + type: string + namespace: + nullable: true + type: string + patch: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + nonReadyStatus: + items: + properties: + apiVersion: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + namespace: + nullable: true + type: string + summary: + properties: + error: + type: boolean + message: + items: + nullable: true + type: string + nullable: true + type: array + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + uid: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + nullable: true + type: array + notReady: + type: integer + outOfSync: + type: integer + pending: + type: integer + ready: + type: integer + waitApplied: + type: integer + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterregistrations.fleet.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.clusterName + name: Cluster-Name + type: string + - JSONPath: .spec.clusterLabels + name: Labels + type: string + group: fleet.cattle.io + names: + kind: ClusterRegistration + plural: clusterregistrations + singular: clusterregistration + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clientID: + nullable: true + type: string + clientRandom: + nullable: true + type: string + clusterLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + status: + properties: + clusterName: + nullable: true + type: string + granted: + type: boolean + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: gitreporestrictions.fleet.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .defaultServiceAccount + name: Default-ServiceAccount + type: string + - JSONPath: .allowedServiceAccounts + name: Allowed-ServiceAccounts + type: string + group: fleet.cattle.io + names: + kind: GitRepoRestriction + plural: gitreporestrictions + singular: gitreporestriction + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + allowedClientSecretNames: + items: + nullable: true + type: string + nullable: true + type: array + allowedRepoPatterns: + items: + nullable: true + type: string + nullable: true + type: array + allowedServiceAccounts: + items: + nullable: true + type: string + nullable: true + type: array + defaultClientSecretName: + nullable: true + type: string + defaultServiceAccount: + nullable: true + type: string + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: contents.fleet.cattle.io +spec: + group: fleet.cattle.io + names: + kind: Content + plural: contents + singular: content + preserveUnknownFields: false + scope: Cluster + validation: + openAPIV3Schema: + properties: + content: + nullable: true + type: string + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: imagescans.fleet.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.image + name: Repository + type: string + - JSONPath: .status.latestTag + name: Latest + type: string + group: fleet.cattle.io + names: + categories: + - fleet + kind: ImageScan + plural: imagescans + singular: imagescan + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + gitrepoName: + nullable: true + type: string + image: + nullable: true + type: string + interval: + nullable: true + type: string + policy: + properties: + alphabetical: + nullable: true + properties: + order: + nullable: true + type: string + type: object + semver: + nullable: true + properties: + range: + nullable: true + type: string + type: object + type: object + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + suspend: + type: boolean + tagName: + nullable: true + type: string + type: object + status: + properties: + canonicalImageName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + lastScanTime: + nullable: true + type: string + latestDigest: + nullable: true + type: string + latestImage: + nullable: true + type: string + latestTag: + nullable: true + type: string + observedGeneration: + type: integer + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +{{- end -}} \ No newline at end of file diff --git a/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/gitjobs-crds.yaml b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/gitjobs-crds.yaml new file mode 100644 index 000000000..958aad932 --- /dev/null +++ b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/gitjobs-crds.yaml @@ -0,0 +1,6876 @@ +{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gitjobs.gitjob.cattle.io +spec: + group: gitjob.cattle.io + names: + kind: GitJob + plural: gitjobs + singular: gitjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.git.repo + name: REPO + type: string + - jsonPath: .spec.git.branch + name: BRANCH + type: string + - jsonPath: .status.commit + name: COMMIT + type: string + - jsonPath: .status.jobStatus + name: JOBSTATUS + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + forceUpdateGeneration: + type: integer + git: + properties: + branch: + nullable: true + type: string + caBundle: + nullable: true + type: string + clientSecretName: + nullable: true + type: string + insecureSkipTLSVerify: + type: boolean + provider: + nullable: true + type: string + repo: + nullable: true + type: string + revision: + nullable: true + type: string + type: object + jobSpec: + properties: + activeDeadlineSeconds: + nullable: true + type: integer + backoffLimit: + nullable: true + type: integer + completions: + nullable: true + type: integer + manualSelector: + nullable: true + type: boolean + parallelism: + nullable: true + type: integer + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + clusterName: + nullable: true + type: string + creationTimestamp: + nullable: true + type: string + deletionGracePeriodSeconds: + nullable: true + type: integer + deletionTimestamp: + nullable: true + type: string + finalizers: + items: + nullable: true + type: string + nullable: true + type: array + generateName: + nullable: true + type: string + generation: + type: integer + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + managedFields: + items: + properties: + apiVersion: + nullable: true + type: string + fieldsType: + nullable: true + type: string + fieldsV1: + nullable: true + type: object + manager: + nullable: true + type: string + operation: + nullable: true + type: string + time: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + namespace: + nullable: true + type: string + ownerReferences: + items: + properties: + apiVersion: + nullable: true + type: string + blockOwnerDeletion: + nullable: true + type: boolean + controller: + nullable: true + type: boolean + kind: + nullable: true + type: string + name: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + nullable: true + type: array + resourceVersion: + nullable: true + type: string + selfLink: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + nullable: true + type: integer + affinity: + nullable: true + properties: + nodeAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchFields: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + nullable: true + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchFields: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + type: object + podAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + podAntiAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + type: object + automountServiceAccountToken: + nullable: true + type: boolean + containers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + dnsConfig: + nullable: true + properties: + nameservers: + items: + nullable: true + type: string + nullable: true + type: array + options: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + searches: + items: + nullable: true + type: string + nullable: true + type: array + type: object + dnsPolicy: + nullable: true + type: string + enableServiceLinks: + nullable: true + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + nullable: true + type: string + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + hostAliases: + items: + properties: + hostnames: + items: + nullable: true + type: string + nullable: true + type: array + ip: + nullable: true + type: string + type: object + nullable: true + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + nullable: true + type: string + imagePullSecrets: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + initContainers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + nodeName: + nullable: true + type: string + nodeSelector: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + overhead: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + preemptionPolicy: + nullable: true + type: string + priority: + nullable: true + type: integer + priorityClassName: + nullable: true + type: string + readinessGates: + items: + properties: + conditionType: + nullable: true + type: string + type: object + nullable: true + type: array + restartPolicy: + nullable: true + type: string + runtimeClassName: + nullable: true + type: string + schedulerName: + nullable: true + type: string + securityContext: + nullable: true + properties: + fsGroup: + nullable: true + type: integer + fsGroupChangePolicy: + nullable: true + type: string + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + supplementalGroups: + items: + type: integer + nullable: true + type: array + sysctls: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + runAsUserName: + nullable: true + type: string + type: object + type: object + serviceAccount: + nullable: true + type: string + serviceAccountName: + nullable: true + type: string + setHostnameAsFQDN: + nullable: true + type: boolean + shareProcessNamespace: + nullable: true + type: boolean + subdomain: + nullable: true + type: string + terminationGracePeriodSeconds: + nullable: true + type: integer + tolerations: + items: + properties: + effect: + nullable: true + type: string + key: + nullable: true + type: string + operator: + nullable: true + type: string + tolerationSeconds: + nullable: true + type: integer + value: + nullable: true + type: string + type: object + nullable: true + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + maxSkew: + type: integer + topologyKey: + nullable: true + type: string + whenUnsatisfiable: + nullable: true + type: string + type: object + nullable: true + type: array + volumes: + items: + properties: + awsElasticBlockStore: + nullable: true + properties: + fsType: + nullable: true + type: string + partition: + type: integer + readOnly: + type: boolean + volumeID: + nullable: true + type: string + type: object + azureDisk: + nullable: true + properties: + cachingMode: + nullable: true + type: string + diskName: + nullable: true + type: string + diskURI: + nullable: true + type: string + fsType: + nullable: true + type: string + kind: + nullable: true + type: string + readOnly: + nullable: true + type: boolean + type: object + azureFile: + nullable: true + properties: + readOnly: + type: boolean + secretName: + nullable: true + type: string + shareName: + nullable: true + type: string + type: object + cephfs: + nullable: true + properties: + monitors: + items: + nullable: true + type: string + nullable: true + type: array + path: + nullable: true + type: string + readOnly: + type: boolean + secretFile: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + user: + nullable: true + type: string + type: object + cinder: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + volumeID: + nullable: true + type: string + type: object + configMap: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + csi: + nullable: true + properties: + driver: + nullable: true + type: string + fsType: + nullable: true + type: string + nodePublishSecretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + readOnly: + nullable: true + type: boolean + volumeAttributes: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + downwardAPI: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + mode: + nullable: true + type: integer + path: + nullable: true + type: string + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + emptyDir: + nullable: true + properties: + medium: + nullable: true + type: string + sizeLimit: + nullable: true + type: string + type: object + ephemeral: + nullable: true + properties: + readOnly: + type: boolean + volumeClaimTemplate: + nullable: true + properties: + metadata: + properties: + annotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + clusterName: + nullable: true + type: string + creationTimestamp: + nullable: true + type: string + deletionGracePeriodSeconds: + nullable: true + type: integer + deletionTimestamp: + nullable: true + type: string + finalizers: + items: + nullable: true + type: string + nullable: true + type: array + generateName: + nullable: true + type: string + generation: + type: integer + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + managedFields: + items: + properties: + apiVersion: + nullable: true + type: string + fieldsType: + nullable: true + type: string + fieldsV1: + nullable: true + type: object + manager: + nullable: true + type: string + operation: + nullable: true + type: string + time: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + namespace: + nullable: true + type: string + ownerReferences: + items: + properties: + apiVersion: + nullable: true + type: string + blockOwnerDeletion: + nullable: true + type: boolean + controller: + nullable: true + type: boolean + kind: + nullable: true + type: string + name: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + nullable: true + type: array + resourceVersion: + nullable: true + type: string + selfLink: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + spec: + properties: + accessModes: + items: + nullable: true + type: string + nullable: true + type: array + dataSource: + nullable: true + properties: + apiGroup: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + type: object + resources: + properties: + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + storageClassName: + nullable: true + type: string + volumeMode: + nullable: true + type: string + volumeName: + nullable: true + type: string + type: object + type: object + type: object + fc: + nullable: true + properties: + fsType: + nullable: true + type: string + lun: + nullable: true + type: integer + readOnly: + type: boolean + targetWWNs: + items: + nullable: true + type: string + nullable: true + type: array + wwids: + items: + nullable: true + type: string + nullable: true + type: array + type: object + flexVolume: + nullable: true + properties: + driver: + nullable: true + type: string + fsType: + nullable: true + type: string + options: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + type: object + flocker: + nullable: true + properties: + datasetName: + nullable: true + type: string + datasetUUID: + nullable: true + type: string + type: object + gcePersistentDisk: + nullable: true + properties: + fsType: + nullable: true + type: string + partition: + type: integer + pdName: + nullable: true + type: string + readOnly: + type: boolean + type: object + gitRepo: + nullable: true + properties: + directory: + nullable: true + type: string + repository: + nullable: true + type: string + revision: + nullable: true + type: string + type: object + glusterfs: + nullable: true + properties: + endpoints: + nullable: true + type: string + path: + nullable: true + type: string + readOnly: + type: boolean + type: object + hostPath: + nullable: true + properties: + path: + nullable: true + type: string + type: + nullable: true + type: string + type: object + iscsi: + nullable: true + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + nullable: true + type: string + initiatorName: + nullable: true + type: string + iqn: + nullable: true + type: string + iscsiInterface: + nullable: true + type: string + lun: + type: integer + portals: + items: + nullable: true + type: string + nullable: true + type: array + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + targetPortal: + nullable: true + type: string + type: object + name: + nullable: true + type: string + nfs: + nullable: true + properties: + path: + nullable: true + type: string + readOnly: + type: boolean + server: + nullable: true + type: string + type: object + persistentVolumeClaim: + nullable: true + properties: + claimName: + nullable: true + type: string + readOnly: + type: boolean + type: object + photonPersistentDisk: + nullable: true + properties: + fsType: + nullable: true + type: string + pdID: + nullable: true + type: string + type: object + portworxVolume: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + volumeID: + nullable: true + type: string + type: object + projected: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + sources: + items: + properties: + configMap: + nullable: true + properties: + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + downwardAPI: + nullable: true + properties: + items: + items: + properties: + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + mode: + nullable: true + type: integer + path: + nullable: true + type: string + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + secret: + nullable: true + properties: + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + serviceAccountToken: + nullable: true + properties: + audience: + nullable: true + type: string + expirationSeconds: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + quobyte: + nullable: true + properties: + group: + nullable: true + type: string + readOnly: + type: boolean + registry: + nullable: true + type: string + tenant: + nullable: true + type: string + user: + nullable: true + type: string + volume: + nullable: true + type: string + type: object + rbd: + nullable: true + properties: + fsType: + nullable: true + type: string + image: + nullable: true + type: string + keyring: + nullable: true + type: string + monitors: + items: + nullable: true + type: string + nullable: true + type: array + pool: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + user: + nullable: true + type: string + type: object + scaleIO: + nullable: true + properties: + fsType: + nullable: true + type: string + gateway: + nullable: true + type: string + protectionDomain: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + sslEnabled: + type: boolean + storageMode: + nullable: true + type: string + storagePool: + nullable: true + type: string + system: + nullable: true + type: string + volumeName: + nullable: true + type: string + type: object + secret: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + optional: + nullable: true + type: boolean + secretName: + nullable: true + type: string + type: object + storageos: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + volumeName: + nullable: true + type: string + volumeNamespace: + nullable: true + type: string + type: object + vsphereVolume: + nullable: true + properties: + fsType: + nullable: true + type: string + storagePolicyID: + nullable: true + type: string + storagePolicyName: + nullable: true + type: string + volumePath: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + type: object + ttlSecondsAfterFinished: + nullable: true + type: integer + type: object + syncInterval: + type: integer + type: object + status: + properties: + commit: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + event: + nullable: true + type: string + hookId: + nullable: true + type: string + jobStatus: + nullable: true + type: string + lastExecutedCommit: + nullable: true + type: string + lastSyncedTime: + nullable: true + type: string + observedGeneration: + type: integer + secretToken: + nullable: true + type: string + updateGeneration: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- else -}} +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: gitjobs.gitjob.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.git.repo + name: REPO + type: string + - JSONPath: .spec.git.branch + name: BRANCH + type: string + - JSONPath: .status.commit + name: COMMIT + type: string + - JSONPath: .status.jobStatus + name: JOBSTATUS + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: gitjob.cattle.io + names: + kind: GitJob + plural: gitjobs + singular: gitjob + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + forceUpdateGeneration: + type: integer + git: + properties: + branch: + nullable: true + type: string + caBundle: + nullable: true + type: string + clientSecretName: + nullable: true + type: string + insecureSkipTLSVerify: + type: boolean + provider: + nullable: true + type: string + repo: + nullable: true + type: string + revision: + nullable: true + type: string + type: object + jobSpec: + properties: + activeDeadlineSeconds: + nullable: true + type: integer + backoffLimit: + nullable: true + type: integer + completions: + nullable: true + type: integer + manualSelector: + nullable: true + type: boolean + parallelism: + nullable: true + type: integer + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + clusterName: + nullable: true + type: string + creationTimestamp: + nullable: true + type: string + deletionGracePeriodSeconds: + nullable: true + type: integer + deletionTimestamp: + nullable: true + type: string + finalizers: + items: + nullable: true + type: string + nullable: true + type: array + generateName: + nullable: true + type: string + generation: + type: integer + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + managedFields: + items: + properties: + apiVersion: + nullable: true + type: string + fieldsType: + nullable: true + type: string + fieldsV1: + nullable: true + type: object + manager: + nullable: true + type: string + operation: + nullable: true + type: string + time: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + namespace: + nullable: true + type: string + ownerReferences: + items: + properties: + apiVersion: + nullable: true + type: string + blockOwnerDeletion: + nullable: true + type: boolean + controller: + nullable: true + type: boolean + kind: + nullable: true + type: string + name: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + nullable: true + type: array + resourceVersion: + nullable: true + type: string + selfLink: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + nullable: true + type: integer + affinity: + nullable: true + properties: + nodeAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchFields: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + nullable: true + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchFields: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + type: object + nullable: true + type: array + type: object + type: object + podAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + podAntiAffinity: + nullable: true + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + weight: + type: integer + type: object + nullable: true + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + namespaces: + items: + nullable: true + type: string + nullable: true + type: array + topologyKey: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + type: object + automountServiceAccountToken: + nullable: true + type: boolean + containers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + dnsConfig: + nullable: true + properties: + nameservers: + items: + nullable: true + type: string + nullable: true + type: array + options: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + searches: + items: + nullable: true + type: string + nullable: true + type: array + type: object + dnsPolicy: + nullable: true + type: string + enableServiceLinks: + nullable: true + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + nullable: true + type: string + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + hostAliases: + items: + properties: + hostnames: + items: + nullable: true + type: string + nullable: true + type: array + ip: + nullable: true + type: string + type: object + nullable: true + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + nullable: true + type: string + imagePullSecrets: + items: + properties: + name: + nullable: true + type: string + type: object + nullable: true + type: array + initContainers: + items: + properties: + args: + items: + nullable: true + type: string + nullable: true + type: array + command: + items: + nullable: true + type: string + nullable: true + type: array + env: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + valueFrom: + nullable: true + properties: + configMapKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + secretKeyRef: + nullable: true + properties: + key: + nullable: true + type: string + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + type: object + nullable: true + type: array + envFrom: + items: + properties: + configMapRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + prefix: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + type: object + nullable: true + type: array + image: + nullable: true + type: string + imagePullPolicy: + nullable: true + type: string + lifecycle: + nullable: true + properties: + postStart: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + preStop: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + type: object + type: object + livenessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + name: + nullable: true + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + nullable: true + type: string + hostPort: + type: integer + name: + nullable: true + type: string + protocol: + nullable: true + type: string + type: object + nullable: true + type: array + readinessProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + securityContext: + nullable: true + properties: + allowPrivilegeEscalation: + nullable: true + type: boolean + capabilities: + nullable: true + properties: + add: + items: + nullable: true + type: string + nullable: true + type: array + drop: + items: + nullable: true + type: string + nullable: true + type: array + type: object + privileged: + nullable: true + type: boolean + procMount: + nullable: true + type: string + readOnlyRootFilesystem: + nullable: true + type: boolean + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + runAsUserName: + nullable: true + type: string + type: object + type: object + startupProbe: + nullable: true + properties: + exec: + nullable: true + properties: + command: + items: + nullable: true + type: string + nullable: true + type: array + type: object + failureThreshold: + type: integer + httpGet: + nullable: true + properties: + host: + nullable: true + type: string + httpHeaders: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + path: + nullable: true + type: string + port: + nullable: true + type: string + scheme: + nullable: true + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + nullable: true + properties: + host: + nullable: true + type: string + port: + nullable: true + type: string + type: object + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + nullable: true + type: string + terminationMessagePolicy: + nullable: true + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + nullable: true + type: string + name: + nullable: true + type: string + type: object + nullable: true + type: array + volumeMounts: + items: + properties: + mountPath: + nullable: true + type: string + mountPropagation: + nullable: true + type: string + name: + nullable: true + type: string + readOnly: + type: boolean + subPath: + nullable: true + type: string + subPathExpr: + nullable: true + type: string + type: object + nullable: true + type: array + workingDir: + nullable: true + type: string + type: object + nullable: true + type: array + nodeName: + nullable: true + type: string + nodeSelector: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + overhead: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + preemptionPolicy: + nullable: true + type: string + priority: + nullable: true + type: integer + priorityClassName: + nullable: true + type: string + readinessGates: + items: + properties: + conditionType: + nullable: true + type: string + type: object + nullable: true + type: array + restartPolicy: + nullable: true + type: string + runtimeClassName: + nullable: true + type: string + schedulerName: + nullable: true + type: string + securityContext: + nullable: true + properties: + fsGroup: + nullable: true + type: integer + fsGroupChangePolicy: + nullable: true + type: string + runAsGroup: + nullable: true + type: integer + runAsNonRoot: + nullable: true + type: boolean + runAsUser: + nullable: true + type: integer + seLinuxOptions: + nullable: true + properties: + level: + nullable: true + type: string + role: + nullable: true + type: string + type: + nullable: true + type: string + user: + nullable: true + type: string + type: object + seccompProfile: + nullable: true + properties: + localhostProfile: + nullable: true + type: string + type: + nullable: true + type: string + type: object + supplementalGroups: + items: + type: integer + nullable: true + type: array + sysctls: + items: + properties: + name: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + windowsOptions: + nullable: true + properties: + gmsaCredentialSpec: + nullable: true + type: string + gmsaCredentialSpecName: + nullable: true + type: string + runAsUserName: + nullable: true + type: string + type: object + type: object + serviceAccount: + nullable: true + type: string + serviceAccountName: + nullable: true + type: string + setHostnameAsFQDN: + nullable: true + type: boolean + shareProcessNamespace: + nullable: true + type: boolean + subdomain: + nullable: true + type: string + terminationGracePeriodSeconds: + nullable: true + type: integer + tolerations: + items: + properties: + effect: + nullable: true + type: string + key: + nullable: true + type: string + operator: + nullable: true + type: string + tolerationSeconds: + nullable: true + type: integer + value: + nullable: true + type: string + type: object + nullable: true + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + maxSkew: + type: integer + topologyKey: + nullable: true + type: string + whenUnsatisfiable: + nullable: true + type: string + type: object + nullable: true + type: array + volumes: + items: + properties: + awsElasticBlockStore: + nullable: true + properties: + fsType: + nullable: true + type: string + partition: + type: integer + readOnly: + type: boolean + volumeID: + nullable: true + type: string + type: object + azureDisk: + nullable: true + properties: + cachingMode: + nullable: true + type: string + diskName: + nullable: true + type: string + diskURI: + nullable: true + type: string + fsType: + nullable: true + type: string + kind: + nullable: true + type: string + readOnly: + nullable: true + type: boolean + type: object + azureFile: + nullable: true + properties: + readOnly: + type: boolean + secretName: + nullable: true + type: string + shareName: + nullable: true + type: string + type: object + cephfs: + nullable: true + properties: + monitors: + items: + nullable: true + type: string + nullable: true + type: array + path: + nullable: true + type: string + readOnly: + type: boolean + secretFile: + nullable: true + type: string + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + user: + nullable: true + type: string + type: object + cinder: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + volumeID: + nullable: true + type: string + type: object + configMap: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + csi: + nullable: true + properties: + driver: + nullable: true + type: string + fsType: + nullable: true + type: string + nodePublishSecretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + readOnly: + nullable: true + type: boolean + volumeAttributes: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + downwardAPI: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + mode: + nullable: true + type: integer + path: + nullable: true + type: string + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + emptyDir: + nullable: true + properties: + medium: + nullable: true + type: string + sizeLimit: + nullable: true + type: string + type: object + ephemeral: + nullable: true + properties: + readOnly: + type: boolean + volumeClaimTemplate: + nullable: true + properties: + metadata: + properties: + annotations: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + clusterName: + nullable: true + type: string + creationTimestamp: + nullable: true + type: string + deletionGracePeriodSeconds: + nullable: true + type: integer + deletionTimestamp: + nullable: true + type: string + finalizers: + items: + nullable: true + type: string + nullable: true + type: array + generateName: + nullable: true + type: string + generation: + type: integer + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + managedFields: + items: + properties: + apiVersion: + nullable: true + type: string + fieldsType: + nullable: true + type: string + fieldsV1: + nullable: true + type: object + manager: + nullable: true + type: string + operation: + nullable: true + type: string + time: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + namespace: + nullable: true + type: string + ownerReferences: + items: + properties: + apiVersion: + nullable: true + type: string + blockOwnerDeletion: + nullable: true + type: boolean + controller: + nullable: true + type: boolean + kind: + nullable: true + type: string + name: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + nullable: true + type: array + resourceVersion: + nullable: true + type: string + selfLink: + nullable: true + type: string + uid: + nullable: true + type: string + type: object + spec: + properties: + accessModes: + items: + nullable: true + type: string + nullable: true + type: array + dataSource: + nullable: true + properties: + apiGroup: + nullable: true + type: string + kind: + nullable: true + type: string + name: + nullable: true + type: string + type: object + resources: + properties: + limits: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + requests: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + selector: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + nullable: true + type: string + operator: + nullable: true + type: string + values: + items: + nullable: true + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + storageClassName: + nullable: true + type: string + volumeMode: + nullable: true + type: string + volumeName: + nullable: true + type: string + type: object + type: object + type: object + fc: + nullable: true + properties: + fsType: + nullable: true + type: string + lun: + nullable: true + type: integer + readOnly: + type: boolean + targetWWNs: + items: + nullable: true + type: string + nullable: true + type: array + wwids: + items: + nullable: true + type: string + nullable: true + type: array + type: object + flexVolume: + nullable: true + properties: + driver: + nullable: true + type: string + fsType: + nullable: true + type: string + options: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + type: object + flocker: + nullable: true + properties: + datasetName: + nullable: true + type: string + datasetUUID: + nullable: true + type: string + type: object + gcePersistentDisk: + nullable: true + properties: + fsType: + nullable: true + type: string + partition: + type: integer + pdName: + nullable: true + type: string + readOnly: + type: boolean + type: object + gitRepo: + nullable: true + properties: + directory: + nullable: true + type: string + repository: + nullable: true + type: string + revision: + nullable: true + type: string + type: object + glusterfs: + nullable: true + properties: + endpoints: + nullable: true + type: string + path: + nullable: true + type: string + readOnly: + type: boolean + type: object + hostPath: + nullable: true + properties: + path: + nullable: true + type: string + type: + nullable: true + type: string + type: object + iscsi: + nullable: true + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + nullable: true + type: string + initiatorName: + nullable: true + type: string + iqn: + nullable: true + type: string + iscsiInterface: + nullable: true + type: string + lun: + type: integer + portals: + items: + nullable: true + type: string + nullable: true + type: array + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + targetPortal: + nullable: true + type: string + type: object + name: + nullable: true + type: string + nfs: + nullable: true + properties: + path: + nullable: true + type: string + readOnly: + type: boolean + server: + nullable: true + type: string + type: object + persistentVolumeClaim: + nullable: true + properties: + claimName: + nullable: true + type: string + readOnly: + type: boolean + type: object + photonPersistentDisk: + nullable: true + properties: + fsType: + nullable: true + type: string + pdID: + nullable: true + type: string + type: object + portworxVolume: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + volumeID: + nullable: true + type: string + type: object + projected: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + sources: + items: + properties: + configMap: + nullable: true + properties: + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + downwardAPI: + nullable: true + properties: + items: + items: + properties: + fieldRef: + nullable: true + properties: + apiVersion: + nullable: true + type: string + fieldPath: + nullable: true + type: string + type: object + mode: + nullable: true + type: integer + path: + nullable: true + type: string + resourceFieldRef: + nullable: true + properties: + containerName: + nullable: true + type: string + divisor: + nullable: true + type: string + resource: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + secret: + nullable: true + properties: + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + name: + nullable: true + type: string + optional: + nullable: true + type: boolean + type: object + serviceAccountToken: + nullable: true + properties: + audience: + nullable: true + type: string + expirationSeconds: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + quobyte: + nullable: true + properties: + group: + nullable: true + type: string + readOnly: + type: boolean + registry: + nullable: true + type: string + tenant: + nullable: true + type: string + user: + nullable: true + type: string + volume: + nullable: true + type: string + type: object + rbd: + nullable: true + properties: + fsType: + nullable: true + type: string + image: + nullable: true + type: string + keyring: + nullable: true + type: string + monitors: + items: + nullable: true + type: string + nullable: true + type: array + pool: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + user: + nullable: true + type: string + type: object + scaleIO: + nullable: true + properties: + fsType: + nullable: true + type: string + gateway: + nullable: true + type: string + protectionDomain: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + sslEnabled: + type: boolean + storageMode: + nullable: true + type: string + storagePool: + nullable: true + type: string + system: + nullable: true + type: string + volumeName: + nullable: true + type: string + type: object + secret: + nullable: true + properties: + defaultMode: + nullable: true + type: integer + items: + items: + properties: + key: + nullable: true + type: string + mode: + nullable: true + type: integer + path: + nullable: true + type: string + type: object + nullable: true + type: array + optional: + nullable: true + type: boolean + secretName: + nullable: true + type: string + type: object + storageos: + nullable: true + properties: + fsType: + nullable: true + type: string + readOnly: + type: boolean + secretRef: + nullable: true + properties: + name: + nullable: true + type: string + type: object + volumeName: + nullable: true + type: string + volumeNamespace: + nullable: true + type: string + type: object + vsphereVolume: + nullable: true + properties: + fsType: + nullable: true + type: string + storagePolicyID: + nullable: true + type: string + storagePolicyName: + nullable: true + type: string + volumePath: + nullable: true + type: string + type: object + type: object + nullable: true + type: array + type: object + type: object + ttlSecondsAfterFinished: + nullable: true + type: integer + type: object + syncInterval: + type: integer + type: object + status: + properties: + commit: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + event: + nullable: true + type: string + hookId: + nullable: true + type: string + jobStatus: + nullable: true + type: string + lastExecutedCommit: + nullable: true + type: string + lastSyncedTime: + nullable: true + type: string + observedGeneration: + type: integer + secretToken: + nullable: true + type: string + updateGeneration: + type: integer + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +{{- end -}} diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/Chart.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/Chart.yaml new file mode 100644 index 000000000..f830ac69b --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/release-name: fleet +apiVersion: v2 +appVersion: 0.3.6 +dependencies: +- condition: gitops.enabled + name: gitjob + repository: file://./charts/gitjob +description: Fleet Manager - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet +version: 100.0.0+up0.3.6 diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/.helmignore b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/.helmignore new file mode 100644 index 000000000..691fa13d6 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/Chart.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/Chart.yaml new file mode 100644 index 000000000..cf9151510 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +appVersion: v0.1.21 +description: Controller that run jobs based on git events +name: gitjob +version: v0.1.21 diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/_helpers.tpl b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/_helpers.tpl new file mode 100644 index 000000000..f652b5643 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrole.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrole.yaml new file mode 100644 index 000000000..bcad90164 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrole.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitjob +rules: + - apiGroups: + - "batch" + resources: + - 'jobs' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'pods' + verbs: + - 'list' + - 'get' + - 'watch' + - apiGroups: + - "" + resources: + - 'secrets' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'configmaps' + verbs: + - '*' + - apiGroups: + - "gitjob.cattle.io" + resources: + - "gitjobs" + - "gitjobs/status" + verbs: + - "*" \ No newline at end of file diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrolebinding.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..0bf07c4ef --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitjob-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/deployment.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/deployment.yaml new file mode 100644 index 000000000..a12a30d92 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitjob +spec: + selector: + matchLabels: + app: "gitjob" + template: + metadata: + labels: + app: "gitjob" + spec: + serviceAccountName: gitjob + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}" + name: gitjob + command: + - gitjob + - --tekton-image + - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/service.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/service.yaml new file mode 100644 index 000000000..bf57c1b55 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitjob +spec: + ports: + - name: http-80 + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: "gitjob" \ No newline at end of file diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/serviceaccount.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/serviceaccount.yaml new file mode 100644 index 000000000..5f8aecb04 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitjob diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/values.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/values.yaml new file mode 100644 index 000000000..0cb5b31a6 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/values.yaml @@ -0,0 +1,26 @@ +gitjob: + repository: rancher/gitjob + tag: v0.1.21 + +tekton: + repository: rancher/tekton-utils + tag: v0.1.2 + +global: + cattle: + systemDefaultRegistry: "" + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/templates/_helpers.tpl b/charts/fleet/fleet/100.0.0+up0.3.6/templates/_helpers.tpl new file mode 100644 index 000000000..f652b5643 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/templates/configmap.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/templates/configmap.yaml new file mode 100644 index 000000000..c546c4b97 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/templates/configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/templates/deployment.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/templates/deployment.yaml new file mode 100644 index 000000000..c22a23739 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/templates/deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + {{- end }} + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + command: + - fleetcontroller + {{- if not .Values.gitops.enabled }} + - --disable-gitops + {{- end }} + serviceAccountName: fleet-controller + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/templates/rbac.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/templates/rbac.yaml new file mode 100644 index 000000000..59df51b1f --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/templates/rbac.yaml @@ -0,0 +1,106 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/templates/serviceaccount.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/templates/serviceaccount.yaml new file mode 100644 index 000000000..bd99d9958 --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/values.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/values.yaml new file mode 100644 index 000000000..3132f673f --- /dev/null +++ b/charts/fleet/fleet/100.0.0+up0.3.6/values.yaml @@ -0,0 +1,56 @@ +image: + repository: rancher/fleet + tag: v0.3.6 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.3.6 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local + +bootstrap: + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, it's configuration and all it's downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + +global: + cattle: + systemDefaultRegistry: "" + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +gitops: + enabled: true \ No newline at end of file diff --git a/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/Chart.yaml b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/Chart.yaml new file mode 100644 index 000000000..f2baeee0b --- /dev/null +++ b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd +apiVersion: v1 +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application +version: 100.0.0+up1.1.2 diff --git a/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/README.md b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/README.md new file mode 100644 index 000000000..d9f7f14b3 --- /dev/null +++ b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/README.md @@ -0,0 +1,2 @@ +# longhorn-crd +A Rancher chart that installs the CRDs used by longhorn. diff --git a/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml new file mode 100644 index 000000000..f352ce370 --- /dev/null +++ b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml @@ -0,0 +1,524 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.2 + longhorn-manager: Engine + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the engine + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the engine is on + jsonPath: .spec.nodeID + - name: InstanceManager + type: string + description: The instance manager of the engine + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the engine + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.2 + longhorn-manager: Replica + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the replica + jsonPath: .status.currentState + - name: Node + type: string + description: The node that the replica is on + jsonPath: .spec.nodeID + - name: Disk + type: string + description: The disk that the replica is on + jsonPath: .spec.diskID + - name: InstanceManager + type: string + description: The instance manager of the replica + jsonPath: .status.instanceManagerName + - name: Image + type: string + description: The current image of the replica + jsonPath: .status.currentImage + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.2 + longhorn-manager: Setting + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Value + type: string + description: The value of the setting + jsonPath: .value + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.2 + longhorn-manager: Volume + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the volume + jsonPath: .status.state + - name: Robustness + type: string + description: The robustness of the volume + jsonPath: .status.robustness + - name: Scheduled + type: string + description: The scheduled condition of the volume + jsonPath: .status.conditions['scheduled']['status'] + - name: Size + type: string + description: The size of the volume + jsonPath: .spec.size + - name: Node + type: string + description: The node that the volume is currently attaching to + jsonPath: .status.currentNodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.2 + longhorn-manager: EngineImage + name: engineimages.longhorn.io +spec: + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: State of the engine image + jsonPath: .status.state + - name: Image + type: string + description: The Longhorn engine image + jsonPath: .spec.image + - name: RefCount + type: integer + description: Number of volumes are using the engine image + jsonPath: .status.refCount + - name: BuildDate + type: date + description: The build date of the engine image + jsonPath: .status.buildDate + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.2 + longhorn-manager: Node + name: nodes.longhorn.io +spec: + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + description: Indicate whether the node is ready + jsonPath: .status.conditions['Ready']['status'] + - name: AllowScheduling + type: boolean + description: Indicate whether the user disabled/enabled replica scheduling for the node + jsonPath: .spec.allowScheduling + - name: Schedulable + type: string + description: Indicate whether Longhorn can schedule replicas on the node + jsonPath: .status.conditions['Schedulable']['status'] + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.2 + longhorn-manager: InstanceManager + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the instance manager + jsonPath: .status.currentState + - name: Type + type: string + description: The type of the instance manager (engine or replica) + jsonPath: .spec.type + - name: Node + type: string + description: The node that the instance manager is running on + jsonPath: .spec.nodeID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.2 + longhorn-manager: ShareManager + name: sharemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: ShareManager + listKind: ShareManagerList + plural: sharemanagers + shortNames: + - lhsm + singular: sharemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The state of the share manager + jsonPath: .status.state + - name: Node + type: string + description: The node that the share manager is owned by + jsonPath: .status.ownerID + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.2 + longhorn-manager: BackingImage + name: backingimages.longhorn.io +spec: + group: longhorn.io + names: + kind: BackingImage + listKind: BackingImageList + plural: backingimages + shortNames: + - lhbi + singular: backingimage + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Image + type: string + description: The backing image name + jsonPath: .spec.image + - name: Age + type: date + jsonPath: .metadata.creationTimestamp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: longhorn + helm.sh/chart: longhorn-1.1.2 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.1.2 + longhorn-manager: BackingImageManager + name: backingimagemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: BackingImageManager + listKind: BackingImageManagerList + plural: backingimagemanagers + shortNames: + - lhbim + singular: backingimagemanager + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: State + type: string + description: The current state of the manager + jsonPath: .status.currentState + - name: Image + type: string + description: The image the manager pod will use + jsonPath: .spec.image + - name: Node + type: string + description: The node the manager is on + jsonPath: .spec.nodeID + - name: DiskUUID + type: string + description: The disk the manager is responsible for + jsonPath: .spec.diskUUID + - name: DiskPath + type: string + description: The disk path the manager is using + jsonPath: .spec.diskPath + - name: Age + type: date + jsonPath: .metadata.creationTimestamp diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/.helmignore b/charts/longhorn/longhorn/100.0.0+up1.1.2/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/Chart.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/Chart.yaml new file mode 100644 index 000000000..84f5e763c --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/Chart.yaml @@ -0,0 +1,39 @@ +annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: longhorn +apiVersion: v1 +appVersion: v1.1.2 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +- nfs +kubeVersion: '>=v1.16.0-r0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-share-manager +- https://github.com/longhorn/backing-image-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +- https://github.com/longhorn/backing-image-manager +version: 100.0.0+up1.1.2 diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/README.md b/charts/longhorn/longhorn/100.0.0+up1.1.2/README.md new file mode 100644 index 000000000..765694619 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/README.md @@ -0,0 +1,33 @@ +# Longhorn Chart + +> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager +4. Backing Image Manager -- Backing image file lifecycle management. https://github.com/longhorn/backing-image-manager +5. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +6. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. A container runtime compatible with Kubernetes (Docker v1.13+, containerd v1.3.7+, etc.) +2. Kubernetes v1.16+ +3. Make sure `bash`, `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +4. Make sure `open-iscsi` has been installed, and the `iscsid` daemon is running on all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Uninstallation + +To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab. + + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/app-readme.md b/charts/longhorn/longhorn/100.0.0+up1.1.2/app-readme.md new file mode 100644 index 000000000..cb23135ca --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/app-readme.md @@ -0,0 +1,11 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/questions.yml b/charts/longhorn/longhorn/100.0.0+up1.1.2/questions.yml new file mode 100644 index 000000000..fd9326551 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/questions.yml @@ -0,0 +1,532 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: rancher/mirrored-longhornio-longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.1.2 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: rancher/mirrored-longhornio-longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.1.2 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: rancher/mirrored-longhornio-longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.1.2 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: rancher/mirrored-longhornio-longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1_20210621 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.repository + default: rancher/mirrored-longhornio-longhorn-share-manager + description: "Specify Longhorn Share Manager Image Repository" + type: string + label: Longhorn Share Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.tag + default: v1_20210416 + description: "Specify Longhorn Share Manager Image Tag" + type: string + label: Longhorn Share Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.backingImageManager.repository + default: rancher/mirrored-longhornio-backing-image-manager + description: "Specify Longhorn Backing Image Manager Image Repository" + type: string + label: Longhorn Backing Image Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.backingImageManager.tag + default: v1_20210422 + description: "Specify Longhorn Backing Image Manager Image Tag" + type: string + label: Longhorn Backing Image Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: rancher/mirrored-longhornio-csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v2.2.1-lh2 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: rancher/mirrored-longhornio-csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v1.6.0-lh2 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: rancher/mirrored-longhornio-csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v1.2.0-lh1 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: rancher/mirrored-longhornio-csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v0.5.1-lh2 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.repository + default: rancher/mirrored-longhornio-csi-snapshotter + description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.tag + default: v2.1.1-lh2 + description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry. Leave blank to apply system default registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry" + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry" + group: "Private Registry Settings" + type: password + default: "" +- variable: privateRegistry.registrySecret + label: Private registry secret name + description: "Longhorn will automatically generate a Kubernetes secret with this name and use it to pull images from your private registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.resizerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Resizer. By default 3." + label: Longhorn CSI Resizer replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.snapshotterReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Snapshotter. By default 3." + label: Longhorn CSI Snapshotter replica count + group: "Longhorn CSI Driver Settings" + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.allowRecurringJobWhileVolumeDetached + label: Allow Recurring Job While Volume Is Detached + description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup. +Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.defaultDataLocality + label: Default Data Locality + description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume. +This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass +The available modes are: +- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload) +- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 200 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly + label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly + description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount. +If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume. +**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.nodeDownPodDeletionPolicy + label: Pod Deletion Policy When Node is Down + description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down. +- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down. +- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods." + group: "Longhorn Default Settings" + type: enum + options: + - "do-nothing" + - "delete-statefulset-pod" + - "delete-deployment-pod" + - "delete-both-statefulset-and-deployment-pod" + default: "do-nothing" + - variable: defaultSettings.allowNodeDrainWithLastHealthyReplica + label: Allow Node Drain with the Last Healthy Replica + description: "By default, Longhorn will block `kubectl drain` action on a node if the node contains the last healthy replica of a volume. +If this setting is enabled, Longhorn will **not** block `kubectl drain` action on a node even if the node contains the last healthy replica of a volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.mkfsExt4Parameters + label: Custom mkfs.ext4 parameters + description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." + group: "Longhorn Default Settings" + type: string + - variable: defaultSettings.disableReplicaRebuild + label: Disable Replica Rebuild + description: "This setting disable replica rebuild cross the whole cluster, eviction and data locality feature won't work if this setting is true. But doesn't have any impact to any current replica rebuild and restore disaster recovery volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.replicaReplenishmentWaitInterval + label: Replica Replenishment Wait Interval + description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume. +Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 600 + - variable: defaultSettings.disableRevisionCounter + label: Disable Revision Counter + description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the repica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.systemManagedPodsImagePullPolicy + label: System Managed Pod Image Pull Policy + description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart." + group: "Longhorn Default Settings" + type: enum + options: + - "if-not-present" + - "always" + - "never" + default: "if-not-present" + - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability + label: Allow Volume Creation with Degraded Availability + description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot + label: Automatically Cleanup System Generated Snapshot + description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit + label: Concurrent Automatic Engine Upgrade Per Node Limit + description: "This setting controls how Longhorn automatically upgrades volumes' engines to the new default engine image after upgrading Longhorn manager. The value of this setting specifies the maximum number of engines per node that are allowed to upgrade to the default engine image at the same time. If the value is 0, Longhorn will not automatically upgrade volumes' engines to default version." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 0 + - variable: defaultSettings.backingImageCleanupWaitInterval + label: Backing Image Cleanup Wait Interval + description: "This interval in minutes determines how long Longhorn will wait before cleaning up the backing image file when there is no replica in the disk using it." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 60 + - variable: defaultSettings.guaranteedEngineManagerCPU + label: Guaranteed Engine Manager CPU + description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each engine manager Pod. For example, 10 means 10% of the total CPU on a node will be allocated to each engine manager pod on this node. This will help maintain engine stability during high node workload. + In order to prevent unexpected volume engine crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting: + Guaranteed Engine Manager CPU = The estimated max Longhorn volume engine count on a node * 0.1 / The total allocatable CPUs on the node * 100. + The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting. + If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes. + WARNING: + - Value 0 means unsetting CPU requests for engine manager pods. + - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Engine Manager CPU' should not be greater than 40. + - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then. + - This global setting will be ignored for a node if the field \"EngineManagerCPURequest\" on the node is set. + - After this setting is changed, all engine manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 40 + default: 12 + - variable: defaultSettings.guaranteedReplicaManagerCPU + label: Guaranteed Replica Manager CPU + description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each replica manager Pod. 10 means 10% of the total CPU on a node will be allocated to each replica manager pod on this node. This will help maintain replica stability during high node workload. + In order to prevent unexpected volume replica crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting: + Guaranteed Replica Manager CPU = The estimated max Longhorn volume replica count on a node * 0.1 / The total allocatable CPUs on the node * 100. + The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting. + If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes. + WARNING: + - Value 0 means unsetting CPU requests for replica manager pods. + - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Replica Manager CPU' should not be greater than 40. + - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then. + - This global setting will be ignored for a node if the field \"ReplicaManagerCPURequest\" on the node is set. + - After this setting is changed, all replica manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 40 + default: 12 +- variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass for Longhorn" + label: Default Storage Class + group: "Longhorn Storage Class Settings" + required: true + type: boolean +- variable: persistence.reclaimPolicy + label: Storage Class Retain Policy + description: "Define reclaim policy (Retain or Delete)" + group: "Longhorn Storage Class Settings" + required: true + type: enum + options: + - "Delete" + - "Retain" + default: "Delete" +- variable: persistence.defaultClassReplicaCount + description: "Set replica count for Longhorn StorageClass" + label: Default Storage Class Replica Count + group: "Longhorn Storage Class Settings" + type: int + min: 1 + max: 10 + default: 3 +- variable: persistence.recurringJobs.enable + description: "Enable recurring job for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Recurring Job + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.recurringJobs.jobList + description: 'Recurring job list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1,"labels": {"interval":"2m"}}]' + label: Storage Class Recurring Job List + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "true" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/NOTES.txt b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/NOTES.txt new file mode 100644 index 000000000..cca7cd77b --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl new file mode 100644 index 000000000..3fbc2ac02 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "registry_url" -}} +{{- if .Values.privateRegistry.registryUrl -}} +{{- printf "%s/" .Values.privateRegistry.registryUrl -}} +{{- else -}} +{{ include "system_default_registry" . }} +{{- end -}} +{{- end -}} + +{{- /* + define the longhorn release namespace +*/ -}} +{{- define "release_namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml new file mode 100644 index 000000000..cd5aafb50 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] + verbs: ["*"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list"] diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..66ac62f9b --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml new file mode 100644 index 000000000..636a4c0c2 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml @@ -0,0 +1,125 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ include "release_namespace" . }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - -d + - daemon + - --engine-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --share-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}" + - --backing-image-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.backingImageManager.repository }}:{{ .Values.image.longhorn.backingImageManager.tag }}" + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-default-setting + mountPath: /var/lib/longhorn-setting/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DEFAULT_SETTING_PATH + value: /var/lib/longhorn-setting/default-setting.yaml + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-default-setting + configMap: + name: longhorn-default-setting + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote}} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if .Values.longhornManager.tolerations }} + tolerations: +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornManager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ include "release_namespace" . }} +spec: + type: {{ .Values.service.manager.type }} + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml new file mode 100644 index 000000000..7c1861a78 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + backup-target: {{ .Values.defaultSettings.backupTarget }} + backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }} + allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }} + create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }} + default-data-path: {{ .Values.defaultSettings.defaultDataPath }} + replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }} + storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }} + storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }} + upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }} + default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }} + default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }} + default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }} + backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }} + taint-toleration: {{ .Values.defaultSettings.taintToleration }} + system-managed-components-node-selector: {{ .Values.defaultSettings.systemManagedComponentsNodeSelector }} + priority-class: {{ .Values.defaultSettings.priorityClass }} + auto-salvage: {{ .Values.defaultSettings.autoSalvage }} + auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }} + disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }} + replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }} + node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }} + allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }} + mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }} + disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }} + replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }} + disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }} + system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }} + allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }} + auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }} + concurrent-automatic-engine-upgrade-per-node-limit: {{ .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit }} + backing-image-cleanup-wait-interval: {{ .Values.defaultSettings.backingImageCleanupWaitInterval }} + guaranteed-engine-manager-cpu: {{ .Values.defaultSettings.guaranteedEngineManagerCPU }} + guaranteed-replica-manager-cpu: {{ .Values.defaultSettings.guaranteedReplicaManagerCPU }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml new file mode 100644 index 000000000..fb0390a6b --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }} + - name: CSI_SNAPSHOTTER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.snapshotterReplicaCount }} + - name: CSI_SNAPSHOTTER_REPLICA_COUNT + value: {{ .Values.csi.snapshotterReplicaCount | quote }} + {{- end }} + + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornDriver.priorityClass }} + priorityClassName: {{ .Values.longhornDriver.priorityClass | quote}} + {{- end }} + {{- if .Values.longhornDriver.tolerations }} + tolerations: +{{ toYaml .Values.longhornDriver.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornDriver.nodeSelector }} + nodeSelector: +{{ toYaml .Values.longhornDriver.nodeSelector | indent 8 }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml new file mode 100644 index 000000000..e46a84213 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ include "release_namespace" . }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + containers: + - name: longhorn-ui + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornUI.priorityClass }} + priorityClassName: {{ .Values.longhornUI.priorityClass | quote}} + {{- end }} + {{- if .Values.longhornUI.tolerations }} + tolerations: +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornUI.nodeSelector }} + nodeSelector: +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ include "release_namespace" . }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/ingress.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/ingress.yaml new file mode 100644 index 000000000..13555f814 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/ingress.yaml @@ -0,0 +1,34 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: longhorn-ingress + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.tls }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + backend: + serviceName: longhorn-frontend + servicePort: 80 +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml new file mode 100644 index 000000000..4af75e236 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml @@ -0,0 +1,48 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote}} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if .Values.longhornManager.tolerations }} + tolerations: +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornManager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/psp.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/psp.yaml new file mode 100644 index 000000000..a2dfc05be --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +- kind: ServiceAccount + name: default + namespace: {{ include "release_namespace" . }} +{{- end }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml new file mode 100644 index 000000000..1c7565fea --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml @@ -0,0 +1,11 @@ +{{- if .Values.privateRegistry.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.privateRegistry.registrySecret }} + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} \ No newline at end of file diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml new file mode 100644 index 000000000..ad576c353 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml new file mode 100644 index 000000000..dea6aafd4 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-storageclass + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + storageclass.yaml: | + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + provisioner: driver.longhorn.io + allowVolumeExpansion: true + reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}" + volumeBindingMode: Immediate + parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + baseImage: "" + {{- if .Values.persistence.recurringJobs.enable }} + recurringJobs: '{{ .Values.persistence.recurringJobs.jobList }}' + {{- end }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml new file mode 100644 index 000000000..74c43426d --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "release_namespace" $ }} + labels: {{- include "longhorn.labels" $ | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml new file mode 100644 index 000000000..5f21b1024 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml @@ -0,0 +1,49 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded + name: longhorn-uninstall + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote}} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if .Values.longhornManager.tolerations }} + tolerations: +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornManager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/userroles.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/userroles.yaml new file mode 100644 index 000000000..00dda116a --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/userroles.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"] + verbs: [ "get", "list", "watch" ] diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml new file mode 100644 index 000000000..f93413640 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml @@ -0,0 +1,23 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- set $found "longhorn.io/v1beta1/Replica" false -}} +# {{- set $found "longhorn.io/v1beta1/Setting" false -}} +# {{- set $found "longhorn.io/v1beta1/Volume" false -}} +# {{- set $found "longhorn.io/v1beta1/EngineImage" false -}} +# {{- set $found "longhorn.io/v1beta1/Node" false -}} +# {{- set $found "longhorn.io/v1beta1/InstanceManager" false -}} +# {{- set $found "longhorn.io/v1beta1/ShareManager" false -}} +# {{- set $found "longhorn.io/v1beta1/BackingImage" false -}} +# {{- set $found "longhorn.io/v1beta1/BackingImageManager" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/values.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/values.yaml new file mode 100644 index 000000000..1d2e75890 --- /dev/null +++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/values.yaml @@ -0,0 +1,218 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + +image: + longhorn: + engine: + repository: rancher/mirrored-longhornio-longhorn-engine + tag: v1.1.2 + manager: + repository: rancher/mirrored-longhornio-longhorn-manager + tag: v1.1.2 + ui: + repository: rancher/mirrored-longhornio-longhorn-ui + tag: v1.1.2 + instanceManager: + repository: rancher/mirrored-longhornio-longhorn-instance-manager + tag: v1_20210621 + shareManager: + repository: rancher/mirrored-longhornio-longhorn-share-manager + tag: v1_20210416 + backingImageManager: + repository: rancher/mirrored-longhornio-backing-image-manager + tag: v1_20210422 + csi: + attacher: + repository: rancher/mirrored-longhornio-csi-attacher + tag: v2.2.1-lh2 + provisioner: + repository: rancher/mirrored-longhornio-csi-provisioner + tag: v1.6.0-lh2 + nodeDriverRegistrar: + repository: rancher/mirrored-longhornio-csi-node-driver-registrar + tag: v1.2.0-lh1 + resizer: + repository: rancher/mirrored-longhornio-csi-resizer + tag: v0.5.1-lh2 + snapshotter: + repository: rancher/mirrored-longhornio-csi-snapshotter + tag: v2.1.1-lh2 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + +persistence: + defaultClass: true + defaultClassReplicaCount: 3 + reclaimPolicy: Delete + recurringJobs: + enable: false + jobList: [] + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + snapshotterReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + allowRecurringJobWhileVolumeDetached: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + defaultDataLocality: ~ + replicaSoftAntiAffinity: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + taintToleration: ~ + systemManagedComponentsNodeSelector: ~ + priorityClass: ~ + autoSalvage: ~ + autoDeletePodWhenVolumeDetachedUnexpectedly: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + nodeDownPodDeletionPolicy: ~ + allowNodeDrainWithLastHealthyReplica: ~ + mkfsExt4Parameters: ~ + disableReplicaRebuild: ~ + replicaReplenishmentWaitInterval: ~ + disableRevisionCounter: ~ + systemManagedPodsImagePullPolicy: ~ + allowVolumeCreationWithDegradedAvailability: ~ + autoCleanupSystemGeneratedSnapshot: ~ + concurrentAutomaticEngineUpgradePerNodeLimit: ~ + backingImageCleanupWaitInterval: ~ + guaranteedEngineManagerCPU: ~ + guaranteedReplicaManagerCPU: ~ +privateRegistry: + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + registrySecret: ~ + +longhornManager: + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +longhornDriver: + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +longhornUI: + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + ## Add ingressClassName to the Ingress + ## Can replace the kubernetes.io/ingress.class annotation on v1.18+ + ingressClassName: ~ + + host: xip.io + + ## Set this to true in order to enable TLS on the ingress record + ## A side effect of this will be that the backend service will be connected at port 443 + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# Configure a pod security policy in the Longhorn namespace to allow privileged pods +enablePSP: true + +## Specify override namespace, specifically this is useful for using longhorn as sub-chart +## and its release namespace is not the `longhorn-system` +namespaceOverride: "" + +# Annotations to add to the Longhorn Manager DaemonSet Pods. Optional. +annotations: {} diff --git a/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/Chart.yaml b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/Chart.yaml new file mode 100644 index 000000000..cd6dc177d --- /dev/null +++ b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-aks-operator-crd +apiVersion: v2 +appVersion: 1.0.1 +description: AKS Operator CustomResourceDefinitions +name: rancher-aks-operator-crd +version: 100.0.0+up1.0.1 diff --git a/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/templates/crds.yaml b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/templates/crds.yaml new file mode 100644 index 000000000..002a459bd --- /dev/null +++ b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/templates/crds.yaml @@ -0,0 +1,178 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + name: aksclusterconfigs.aks.cattle.io +spec: + group: aks.cattle.io + names: + kind: AKSClusterConfig + plural: aksclusterconfigs + shortNames: + - akscc + singular: aksclusterconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + authBaseUrl: + nullable: true + type: string + authorizedIpRanges: + items: + nullable: true + type: string + nullable: true + type: array + azureCredentialSecret: + nullable: true + type: string + baseUrl: + nullable: true + type: string + clusterName: + nullable: true + type: string + dnsPrefix: + nullable: true + type: string + dnsServiceIp: + nullable: true + type: string + dockerBridgeCidr: + nullable: true + type: string + httpApplicationRouting: + nullable: true + type: boolean + imported: + type: boolean + kubernetesVersion: + nullable: true + type: string + linuxAdminUsername: + nullable: true + type: string + loadBalancerSku: + nullable: true + type: string + logAnalyticsWorkspaceGroup: + nullable: true + type: string + logAnalyticsWorkspaceName: + nullable: true + type: string + monitoring: + nullable: true + type: boolean + networkPlugin: + nullable: true + type: string + networkPolicy: + nullable: true + type: string + nodePools: + items: + properties: + availabilityZones: + items: + nullable: true + type: string + nullable: true + type: array + count: + nullable: true + type: integer + enableAutoScaling: + nullable: true + type: boolean + maxCount: + nullable: true + type: integer + maxPods: + nullable: true + type: integer + minCount: + nullable: true + type: integer + mode: + nullable: true + type: string + name: + nullable: true + type: string + orchestratorVersion: + nullable: true + type: string + osDiskSizeGB: + nullable: true + type: integer + osDiskType: + nullable: true + type: string + osType: + nullable: true + type: string + vmSize: + nullable: true + type: string + type: object + nullable: true + type: array + podCidr: + nullable: true + type: string + privateCluster: + nullable: true + type: boolean + resourceGroup: + nullable: true + type: string + resourceLocation: + nullable: true + type: string + serviceCidr: + nullable: true + type: string + sshPublicKey: + nullable: true + type: string + subnet: + nullable: true + type: string + tags: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + virtualNetwork: + nullable: true + type: string + virtualNetworkResourceGroup: + nullable: true + type: string + type: object + status: + properties: + failureMessage: + nullable: true + type: string + phase: + nullable: true + type: string + rbacEnabled: + nullable: true + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/Chart.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/Chart.yaml new file mode 100644 index 000000000..d5b77f9cf --- /dev/null +++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-aks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.6.0-alpha' + catalog.cattle.io/release-name: rancher-aks-operator + catalog.cattle.io/scope: management +apiVersion: v2 +appVersion: 1.0.1 +description: A Helm chart for provisioning AKS clusters +home: https://github.com/rancher/aks-operator +name: rancher-aks-operator +sources: +- https://github.com/rancher/aks-operator +version: 100.0.0+up1.0.1 diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/NOTES.txt b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/NOTES.txt new file mode 100644 index 000000000..5ba05b482 --- /dev/null +++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/NOTES.txt @@ -0,0 +1,4 @@ +You have deployed the Rancher AKS operator +Version: {{ .Chart.AppVersion }} +Description: This operator provisions AKS clusters +from AKSClusterConfig CRs. diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/_helpers.tpl b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/_helpers.tpl new file mode 100644 index 000000000..be11b4a66 --- /dev/null +++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrole.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrole.yaml new file mode 100644 index 000000000..5e2ce9756 --- /dev/null +++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: aks-operator + namespace: cattle-system +rules: + - apiGroups: [''] + resources: ['secrets'] + verbs: ['get', 'list', 'create', 'watch', 'update'] + - apiGroups: ['aks.cattle.io'] + resources: ['aksclusterconfigs'] + verbs: ['get', 'list', 'update', 'watch'] + - apiGroups: ['aks.cattle.io'] + resources: ['aksclusterconfigs/status'] + verbs: ['update'] diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrolebinding.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..7aa7e785a --- /dev/null +++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: aks-operator + namespace: cattle-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aks-operator +subjects: +- kind: ServiceAccount + name: aks-operator + namespace: cattle-system diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/deployment.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/deployment.yaml new file mode 100644 index 000000000..9e3dcd21c --- /dev/null +++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aks-config-operator + namespace: cattle-system +spec: + replicas: 1 + selector: + matchLabels: + ke.cattle.io/operator: aks + template: + metadata: + labels: + ke.cattle.io/operator: aks + spec: + serviceAccountName: aks-operator + securityContext: + fsGroup: 1007 + runAsUser: 1007 + containers: + - name: aks-operator + image: {{ template "system_default_registry" . }}{{ .Values.aksOperator.image.repository }}:{{ .Values.aksOperator.image.tag }} + imagePullPolicy: IfNotPresent + env: + - name: HTTP_PROXY + value: {{ .Values.httpProxy }} + - name: HTTPS_PROXY + value: {{ .Values.httpsProxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} +{{- if .Values.additionalTrustedCAs }} + # aks-operator mounts the additional CAs in two places: + volumeMounts: + # This directory is owned by the aks-operator user so c_rehash works here. + - mountPath: /etc/rancher/ssl/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + # This directory is root-owned so c_rehash doesn't work here, + # but the cert is here in case update-ca-certificates is called in the future or by the OS. + - mountPath: /etc/pki/trust/anchors/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + volumes: + - name: tls-ca-additional-volume + secret: + defaultMode: 0400 + secretName: tls-ca-additional + {{- end }} diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/serviceaccount.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/serviceaccount.yaml new file mode 100644 index 000000000..9c40a152f --- /dev/null +++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: cattle-system + name: aks-operator diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/values.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/values.yaml new file mode 100644 index 000000000..fe4edec80 --- /dev/null +++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/values.yaml @@ -0,0 +1,12 @@ +global: + systemDefaultRegistry: "" + +aksOperator: + image: + repository: rancher/aks-operator + tag: v1.0.1 + +httpProxy: "" +httpsProxy: "" +noProxy: "" +additionalTrustedCAs: false diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/Chart.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/Chart.yaml new file mode 100644 index 000000000..89d24da21 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Alerting Drivers + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-alerting-drivers + catalog.cattle.io/type: cluster-tool +apiVersion: v2 +appVersion: 1.16.0 +dependencies: +- condition: prom2teams.enabled + name: prom2teams + repository: file://./charts/prom2teams +- condition: sachet.enabled + name: sachet + repository: file://./charts/sachet +description: The manager for third-party webhook receivers used in Prometheus Alertmanager +icon: https://charts.rancher.io/assets/logos/alerting-drivers.svg +keywords: +- monitoring +- alertmanger +- webhook +name: rancher-alerting-drivers +version: 100.0.0 diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/README.md b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/README.md new file mode 100644 index 000000000..ea3f11801 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/README.md @@ -0,0 +1,11 @@ +# Rancher Alerting Drivers + +This chart installs one or more [Alertmanager Webhook Receiver Integrations](https://prometheus.io/docs/operating/integrations/#alertmanager-webhook-receiver) (i.e. Drivers). + +Those Drivers can be targeted by an existing deployment of Alertmanager to send alerts to notification mechanisms that are not natively supported. + +Currently, this chart supports the following Drivers: +- Microsoft Teams, based on [prom2teams](https://github.com/idealista/prom2teams) +- SMS, based on [Sachet](https://github.com/messagebird/sachet) + +After installing rancher-alerting-drivers, please refer to the upstream documentation for each Driver for configuration options. \ No newline at end of file diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/app-readme.md b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/app-readme.md new file mode 100644 index 000000000..ea3f11801 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/app-readme.md @@ -0,0 +1,11 @@ +# Rancher Alerting Drivers + +This chart installs one or more [Alertmanager Webhook Receiver Integrations](https://prometheus.io/docs/operating/integrations/#alertmanager-webhook-receiver) (i.e. Drivers). + +Those Drivers can be targeted by an existing deployment of Alertmanager to send alerts to notification mechanisms that are not natively supported. + +Currently, this chart supports the following Drivers: +- Microsoft Teams, based on [prom2teams](https://github.com/idealista/prom2teams) +- SMS, based on [Sachet](https://github.com/messagebird/sachet) + +After installing rancher-alerting-drivers, please refer to the upstream documentation for each Driver for configuration options. \ No newline at end of file diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/.helmignore b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/Chart.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/Chart.yaml new file mode 100644 index 000000000..696e9e3dd --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-prom2teams +apiVersion: v1 +appVersion: 3.2.2 +description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams +name: prom2teams +version: 0.2.0 diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/files/teams.j2 b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/files/teams.j2 new file mode 100644 index 000000000..f1cf61d4e --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/files/teams.j2 @@ -0,0 +1,44 @@ +{%- set + theme_colors = { + 'resolved' : '2DC72D', + 'critical' : '8C1A1A', + 'severe' : '8C1A1A', + 'warning' : 'FF9A0B', + 'unknown' : 'CCCCCC' + } +-%} + +{ + "@type": "MessageCard", + "@context": "http://schema.org/extensions", + "themeColor": "{% if status=='resolved' %} {{ theme_colors.resolved }} {% else %} {{ theme_colors[msg_text.severity] }} {% endif %}", + "summary": "{% if status=='resolved' %}(Resolved) {% endif %}{{ msg_text.summary }}", + "title": "Prometheus alert {% if status=='resolved' %}(Resolved) {% elif status=='unknown' %} (status unknown) {% endif %}", + "sections": [{ + "activityTitle": "{{ msg_text.summary }}", + "facts": [{% if msg_text.name %}{ + "name": "Alert", + "value": "{{ msg_text.name }}" + },{% endif %}{% if msg_text.instance %}{ + "name": "In host", + "value": "{{ msg_text.instance }}" + },{% endif %}{% if msg_text.severity %}{ + "name": "Severity", + "value": "{{ msg_text.severity }}" + },{% endif %}{% if msg_text.description %}{ + "name": "Description", + "value": "{{ msg_text.description }}" + },{% endif %}{ + "name": "Status", + "value": "{{ msg_text.status }}" + }{% if msg_text.extra_labels %}{% for key in msg_text.extra_labels %},{ + "name": "{{ key }}", + "value": "{{ msg_text.extra_labels[key] }}" + }{% endfor %}{% endif %} + {% if msg_text.extra_annotations %}{% for key in msg_text.extra_annotations %},{ + "name": "{{ key }}", + "value": "{{ msg_text.extra_annotations[key] }}" + }{% endfor %}{% endif %}], + "markdown": true + }] +} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/NOTES.txt b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/NOTES.txt new file mode 100644 index 000000000..a94c4132b --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/NOTES.txt @@ -0,0 +1,2 @@ +Prom2Teams has been installed. Check its status by running: + kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/_helpers.tpl b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/_helpers.tpl new file mode 100644 index 000000000..ffc0fa356 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/_helpers.tpl @@ -0,0 +1,73 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "prom2teams.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prom2teams.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "prom2teams.namespace" -}} +{{ default .Release.Namespace .Values.global.namespaceOverride }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "prom2teams.labels" -}} +app.kubernetes.io/name: {{ include "prom2teams.name" . }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +app.kubernetes.io/instance: {{ .Release.Name }} +release: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/configmap.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/configmap.yaml new file mode 100644 index 000000000..ccf38953e --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/configmap.yaml @@ -0,0 +1,39 @@ +{{- $valid := list "DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" -}} +{{- if not (has .Values.prom2teams.loglevel $valid) -}} +{{- fail "Invalid log level"}} +{{- end -}} +{{- if and .Values.prom2teams.connector (hasKey .Values.prom2teams.connectors "Connector") -}} +{{- fail "Invalid configuration: prom2teams.connectors can't have a connector named Connector when prom2teams.connector is set"}} +{{- end -}} +{{/* Create the configmap when the operation is helm install and the target configmap does not exist. */}} +{{- if not (lookup "v1" "ConfigMap" (include "prom2teams.namespace" . ) (include "prom2teams.fullname" .)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ include "prom2teams.namespace" . }} + name: {{ include "prom2teams.fullname" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "3" + "helm.sh/resource-policy": keep +data: + config.ini: |- + [HTTP Server] + Host: {{ .Values.prom2teams.host }} + Port: {{ .Values.prom2teams.port }} + [Microsoft Teams] + {{- with .Values.prom2teams.connector }} + Connector: {{ . }} + {{- end }} + {{- range $key, $val := .Values.prom2teams.connectors }} + {{ $key }}: {{ $val }} + {{- end }} + [Group Alerts] + Field: {{ .Values.prom2teams.group_alerts_by }} + [Log] + Level: {{ .Values.prom2teams.loglevel }} + [Template] + Path: {{ .Values.prom2teams.templatepath }} + teams.j2: {{ .Files.Get "files/teams.j2" | quote }} + {{- end -}} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/deployment.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/deployment.yaml new file mode 100644 index 000000000..c7149b9da --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "prom2teams.fullname" . }} + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "prom2teams.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "prom2teams.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: {{ include "prom2teams.fullname" . }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ include "prom2teams.fullname" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ include "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8089 + protocol: TCP + volumeMounts: + - name: config + mountPath: /opt/prom2teams/helmconfig/ + env: + - name: APP_CONFIG_FILE + value: {{ .Values.prom2teams.config | quote }} + - name: PROM2TEAMS_PORT + value: {{ .Values.prom2teams.port | quote }} + - name: PROM2TEAMS_HOST + value: {{ .Values.prom2teams.ip | quote }} + - name: PROM2TEAMS_CONNECTOR + value: {{ .Values.prom2teams.connector | quote }} + - name: PROM2TEAMS_GROUP_ALERTS_BY + value: {{ .Values.prom2teams.group_alerts_by | quote }} + resources: {{ toYaml .Values.resources | nindent 12 }} + {{- if .Values.securityContext.enabled }} + securityContext: + privileged: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.tolerations }} + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: {{ if eq (int .Values.securityContext.runAsUser) 0 }}false{{ else }}true{{ end }} + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/psp.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/psp.yaml new file mode 100644 index 000000000..d1578a430 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/psp.yaml @@ -0,0 +1,29 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "prom2teams.fullname" . }}-psp + labels: {{ include "prom2teams.labels" . | nindent 4 }} +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/role.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/role.yaml new file mode 100644 index 000000000..25391d588 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "prom2teams.fullname" . }}-psp + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} +rules: + - apiGroups: + - policy + resourceNames: + - {{ include "prom2teams.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/rolebinding.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/rolebinding.yaml new file mode 100644 index 000000000..3ca8bc252 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "prom2teams.fullname" . }}-psp + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "prom2teams.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ include "prom2teams.fullname" . }} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service-account.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service-account.yaml new file mode 100644 index 000000000..a9572c5cd --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service-account.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "prom2teams.fullname" . }} + namespace: {{ include "prom2teams.namespace" . }} + labels: {{ include "prom2teams.labels" . | nindent 4 }} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service.yaml new file mode 100644 index 000000000..cc95cad35 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "prom2teams.fullname" . }} + namespace: {{ include "prom2teams.namespace" . }} + labels: +{{ include "prom2teams.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: 8089 + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "prom2teams.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/values.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/values.yaml new file mode 100644 index 000000000..f98e8f2f4 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/values.yaml @@ -0,0 +1,62 @@ +# Default values for prom2teams. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + namespaceOverride: "" + +nameOverride: "prom2teams" +fullnameOverride: "" + +replicaCount: 1 + +image: + repository: rancher/mirrored-idealista-prom2teams + tag: 3.2.2 + pullPolicy: IfNotPresent + +resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 200m + memory: 200Mi + +service: + type: ClusterIP + port: 8089 + +prom2teams: + host: 0.0.0.0 + port: 8089 + connector: the-connector-url + connectors: {} + # group_alerts_by can be one of + # ("name" | "description" | "instance" | "severity" | "status" | "summary" | "fingerprint" | "runbook_url") + group_alerts_by: + # loglevel can be one of (DEBUG | INFO | WARNING | ERROR | CRITICAL) + loglevel: INFO + templatepath: /opt/prom2teams/helmconfig/teams.j2 + config: /opt/prom2teams/helmconfig/config.ini + +# Security Context properties +securityContext: + # enabled is a flag to enable Security Context + enabled: true + # runAsUser is the user ID used to run the container + runAsUser: 65534 + # runAsGroup is the primary group ID used to run all processes within any container of the pod + runAsGroup: 65534 + # fsGroup is the group ID associated with the container + fsGroup: 65534 + # readOnlyRootFilesystem is a flag to enable readOnlyRootFilesystem for the Hazelcast security context + readOnlyRootFilesystem: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/.helmignore b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/Chart.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/Chart.yaml new file mode 100644 index 000000000..493bd9d9e --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-sachet +apiVersion: v2 +appVersion: 0.2.3 +description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet +name: sachet +type: application +version: 1.0.1 diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/files/template.tmpl b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/files/template.tmpl new file mode 100644 index 000000000..08f24e138 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/files/template.tmpl @@ -0,0 +1 @@ +# reference: https://github.com/messagebird/sachet/blob/master/examples/telegram.tmpl diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/NOTES.txt b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/NOTES.txt new file mode 100644 index 000000000..247a91fc1 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/NOTES.txt @@ -0,0 +1,3 @@ +rancher-sachet is now installed on the cluster! +Please refer to the upstream documentation for configuration options: +https://github.com/messagebird/sachet diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/_helpers.tpl b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/_helpers.tpl new file mode 100644 index 000000000..eaa61fee5 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "sachet.namespace" -}} +{{ default .Release.Namespace .Values.global.namespaceOverride }} +{{- end }} + +{{/* +Expand the name of the chart. +*/}} +{{- define "sachet.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sachet.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "sachet.labels" -}} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{ include "sachet.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "sachet.selectorLabels" -}} +app.kubernetes.io/name: {{ include "sachet.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/configmap-pre-install.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/configmap-pre-install.yaml new file mode 100644 index 000000000..e8c63ac03 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/configmap-pre-install.yaml @@ -0,0 +1,34 @@ +{{/*This file is applied when the operation is helm install and the target confimap does not exist. */}} +{{- if not (lookup "v1" "ConfigMap" (include "sachet.namespace" . ) (include "sachet.fullname" .)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ include "sachet.namespace" . }} + name: {{ include "sachet.fullname" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "3" + "helm.sh/resource-policy": keep +data: + config.yaml: |- + {{- if and (not .Values.sachet.providers) (not .Values.sachet.receivers) }} + # please refer to the upstream documentation for configuration options: + # https://github.com/messagebird/sachet + # + # providers: + # aliyun: + # region_id: + # ... + # receivers: + # - name: 'team-sms' + # provider: 'aliyu' + # ... + {{- end }} + {{- with .Values.sachet.providers }} + providers: {{ toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.sachet.receivers }} + receivers: {{ toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/deployment.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/deployment.yaml new file mode 100644 index 000000000..17215eebd --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/deployment.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "sachet.fullname" . }} + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: {{ include "sachet.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: {{ include "sachet.selectorLabels" . | nindent 8 }} + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.tolerations }} + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "sachet.fullname" . }} + {{- with .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + image: {{ include "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 9876 + protocol: TCP + livenessProbe: + httpGet: + path: /-/live + port: http + readinessProbe: + httpGet: + path: /-/ready + port: http + volumeMounts: + - mountPath: /etc/sachet/ + name: config-volume + {{- with .Values.resources }} + resources: {{ toYaml .Values.resources | nindent 12 }} + {{- end }} + - name: config-reloader + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + image: {{ include "system_default_registry" . }}{{ .Values.configReloader.repository }}:{{ .Values.configReloader.tag }} + imagePullPolicy: {{ .Values.configReloader.pullPolicy }} + args: + - -volume-dir=/watch-config + - -webhook-method=POST + - -webhook-status-code=200 + - -webhook-url=http://127.0.0.1:{{ .Values.service.port }}/-/reload + volumeMounts: + - mountPath: /watch-config + name: config-volume + volumes: + - name: config-volume + configMap: + name: {{ include "sachet.fullname" . }} + defaultMode: 0777 diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/psp.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/psp.yaml new file mode 100644 index 000000000..3469d3fcc --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/psp.yaml @@ -0,0 +1,29 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "sachet.fullname" . }}-psp + labels: {{ include "sachet.labels" . | nindent 4 }} +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/role.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/role.yaml new file mode 100644 index 000000000..05d4410e3 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "sachet.fullname" . }}-psp + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +rules: + - apiGroups: + - policy + resourceNames: + - {{ include "sachet.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/rolebinding.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/rolebinding.yaml new file mode 100644 index 000000000..174f0d9e8 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "sachet.fullname" . }}-psp + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "sachet.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ include "sachet.fullname" . }} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service-account.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service-account.yaml new file mode 100644 index 000000000..8833f1b3b --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service-account.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sachet.fullname" . }} + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service.yaml new file mode 100644 index 000000000..216e8322c --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "sachet.fullname" . }} + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + {{- if contains "NodePort" .Values.service.type }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: {{ include "sachet.selectorLabels" . | nindent 4 }} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/values.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/values.yaml new file mode 100644 index 000000000..b00cf0b18 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/values.yaml @@ -0,0 +1,63 @@ +# Default values for sachet. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + namespaceOverride: "" + +nameOverride: "sachet" +fullnameOverride: "" + +configReloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + pullPolicy: IfNotPresent + tag: v0.4.0 + +sachet: + # reference: https://github.com/messagebird/sachet/blob/master/examples/config.yaml + providers: {} + + receivers: [] + +replicaCount: 1 + +image: + repository: rancher/mirrored-messagebird-sachet + pullPolicy: IfNotPresent + tag: 0.2.3 + +imagePullSecrets: [] + +podAnnotations: {} + +podSecurityContext: + +securityContext: + runAsUser: 1000 + runAsNonRoot: true + runAsGroup: 1000 + +service: + type: ClusterIP + port: 9876 + nodePort: 30001 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/questions.yml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/questions.yml new file mode 100644 index 000000000..741808c23 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/questions.yml @@ -0,0 +1,14 @@ +categories: + - monitoring +namespace: cattle-monitoring-system +questions: + - variable: prom2teams.enabled + default: false + label: Enable Microsoft Teams + type: boolean + group: "General" + - variable: sachet.enabled + default: false + label: Enable SMS + type: boolean + group: "General" diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/NOTES.txt b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/NOTES.txt new file mode 100644 index 000000000..59c1415e0 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/NOTES.txt @@ -0,0 +1,2 @@ +rancher-alerting-drivers is now installed on the cluster! +Please refer to the upstream documentation for each Driver for configuration options. \ No newline at end of file diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/_helpers.tpl b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/_helpers.tpl new file mode 100644 index 000000000..e1dbe3370 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/_helpers.tpl @@ -0,0 +1,117 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "drivers.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "drivers.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "drivers.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "drivers.labels" -}} +helm.sh/chart: {{ include "drivers.chart" . }} +{{ include "drivers.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "drivers.selectorLabels" -}} +app.kubernetes.io/name: {{ include "drivers.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "drivers.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "drivers.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +https://github.com/helm/helm/issues/4535#issuecomment-477778391 +Usage: {{ include "call-nested" (list . "SUBCHART_NAME" "TEMPLATE") }} +e.g. {{ include "call-nested" (list . "grafana" "grafana.fullname") }} +*/}} +{{- define "call-nested" }} +{{- $dot := index . 0 }} +{{- $subchart := index . 1 | splitList "." }} +{{- $template := index . 2 }} +{{- $values := $dot.Values }} +{{- range $subchart }} +{{- $values = index $values . }} +{{- end }} +{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} +{{- end }} + + +{{/* +Get the list of configMaps to be managed +*/}} +{{- define "drivers.configmapList" -}} +{{- if .Values.sachet.enabled -}} +- {{ include "call-nested" (list . "sachet" "sachet.fullname") }} +{{- end }} +{{- if .Values.prom2teams.enabled -}} +- {{ include "call-nested" (list . "prom2teams" "prom2teams.fullname") }} +{{- end }} +{{- end }} diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/cluster-role.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/cluster-role.yaml new file mode 100644 index 000000000..e3022a7ca --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/cluster-role.yaml @@ -0,0 +1,50 @@ +{{- if and (not .Values.sachet.enabled) (not .Values.prom2teams.enabled) -}} +{{- fail "At least one Driver must be enabled to install the chart. " }} +{{- end -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "drivers.fullname" . }}-admin + labels: {{ include "drivers.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "" + resources: + - configmaps + resourceNames: {{ include "drivers.configmapList" . | nindent 6 }} + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "drivers.fullname" . }}-edit + labels: {{ include "drivers.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "" + resources: + - configmaps + resourceNames: {{ include "drivers.configmapList" . | nindent 6 }} + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "drivers.fullname" . }}-view + labels: {{ include "drivers.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - "" + resources: + - configmaps + resourceNames: {{ include "drivers.configmapList" . | nindent 6 }} + verbs: + - 'get' + - 'list' + - 'watch' diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/hardened.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/hardened.yaml new file mode 100644 index 000000000..eaaa70187 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/hardened.yaml @@ -0,0 +1,116 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "drivers.fullname" . }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: {{ include "drivers.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + backoffLimit: 1 + template: + spec: + serviceAccountName: {{ include "drivers.fullname" . }}-patch-sa + securityContext: + runAsNonRoot: true + runAsUser: 1000 + restartPolicy: Never + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + containers: + - name: {{ include "drivers.fullname" . }}-patch-sa + image: "{{ include "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: IfNotPresent + command: ["kubectl", "-n", {{ .Release.Namespace | quote }}, "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "drivers.fullname" . }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: {{ include "drivers.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "drivers.fullname" . }}-patch-sa + labels: {{ include "drivers.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +rules: + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "patch"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ include "drivers.fullname" . }}-patch-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "drivers.fullname" . }}-patch-sa + labels: {{ include "drivers.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "drivers.fullname" . }}-patch-sa +subjects: + - kind: ServiceAccount + name: {{ include "drivers.fullname" . }}-patch-sa + namespace: {{ .Release.Namespace }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "drivers.fullname" . }}-patch-sa + labels: {{ include "drivers.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "drivers.fullname" . }}-default-allow-all + namespace: {{ .Release.Namespace }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/values.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/values.yaml new file mode 100644 index 000000000..00ae3bc62 --- /dev/null +++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/values.yaml @@ -0,0 +1,20 @@ +# Default values for rancher-alerting-driver. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + # the registry where all images will be pulled from + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 + # set this value if you want the sub-charts to be installed into + # a namespace rather than where this chart is installed + namespaceOverride: "" + +prom2teams: + enabled: false + +sachet: + enabled: false diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/Chart.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/Chart.yaml new file mode 100644 index 000000000..d6571abee --- /dev/null +++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/release-name: rancher-backup-crd +apiVersion: v2 +appVersion: 2.0.0 +description: Installs the CRDs for rancher-backup. +name: rancher-backup-crd +type: application +version: 2.0.0 diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/README.md b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/README.md new file mode 100644 index 000000000..046410962 --- /dev/null +++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/README.md @@ -0,0 +1,3 @@ +# Rancher Backup CRD + +A Rancher chart that installs the CRDs used by `rancher-backup`. diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/backup.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/backup.yaml new file mode 100644 index 000000000..a4b9471c0 --- /dev/null +++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/backup.yaml @@ -0,0 +1,119 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: backups.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.storageLocation + name: Location + type: string + - JSONPath: .status.backupType + name: Type + type: string + - JSONPath: .status.filename + name: Latest-Backup + type: string + - JSONPath: .spec.resourceSetName + name: ResourceSet + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Backup + plural: backups + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + encryptionConfigSecretName: + description: Name of the Secret containing the encryption config + type: string + resourceSetName: + description: Name of the ResourceSet CR to use for backup + type: string + retentionCount: + minimum: 1 + type: integer + schedule: + description: Cron schedule for recurring backups + example: + Descriptors: '@midnight' + Standard crontab specs: 0 0 * * * + type: string + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - resourceSetName + type: object + status: + properties: + backupType: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + filename: + type: string + lastSnapshotTs: + type: string + nextSnapshotAt: + type: string + observedGeneration: + type: integer + storageLocation: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/resourceset.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/resourceset.yaml new file mode 100644 index 000000000..d97fbae48 --- /dev/null +++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/resourceset.yaml @@ -0,0 +1,99 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: resourcesets.resources.cattle.io +spec: + group: resources.cattle.io + names: + kind: ResourceSet + plural: resourcesets + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + controllerReferences: + items: + properties: + apiVersion: + type: string + name: + type: string + namespace: + type: string + replicas: + type: integer + resource: + type: string + type: object + nullable: true + type: array + resourceSelectors: + items: + properties: + apiVersion: + type: string + excludeKinds: + items: + type: string + nullable: true + type: array + kinds: + items: + type: string + nullable: true + type: array + kindsRegexp: + type: string + labelSelectors: + nullable: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + nullable: true + type: array + type: object + nullable: true + type: array + matchLabels: + additionalProperties: + type: string + nullable: true + type: object + type: object + namespaceRegexp: + type: string + namespaces: + items: + type: string + nullable: true + type: array + resourceNameRegexp: + type: string + resourceNames: + items: + type: string + nullable: true + type: array + type: object + nullable: true + required: + - apiVersion + type: array + required: + - resourceSelectors + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/restore.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/restore.yaml new file mode 100644 index 000000000..1ad7d1721 --- /dev/null +++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/restore.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: restores.resources.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .status.backupSource + name: Backup-Source + type: string + - JSONPath: .spec.backupFilename + name: Backup-File + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + group: resources.cattle.io + names: + kind: Restore + plural: restores + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + backupFilename: + type: string + deleteTimeoutSeconds: + maximum: 10 + type: integer + encryptionConfigSecretName: + type: string + prune: + nullable: true + type: boolean + storageLocation: + nullable: true + properties: + s3: + nullable: true + properties: + bucketName: + type: string + credentialSecretName: + type: string + credentialSecretNamespace: + type: string + endpoint: + type: string + endpointCA: + type: string + folder: + type: string + insecureTLSSkipVerify: + type: boolean + region: + type: string + type: object + type: object + required: + - backupFilename + type: object + status: + properties: + backupSource: + type: string + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + nullable: true + type: array + observedGeneration: + type: integer + restoreCompletionTs: + type: string + summary: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/charts/rancher-backup/rancher-backup/2.0.0/Chart.yaml b/charts/rancher-backup/rancher-backup/2.0.0/Chart.yaml new file mode 100644 index 000000000..e1b0eb24c --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + catalog.cattle.io/auto-install: rancher-backup-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher Backups + catalog.cattle.io/namespace: cattle-resources-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1 + catalog.cattle.io/release-name: rancher-backup + catalog.cattle.io/scope: management + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: rancher-backup +apiVersion: v2 +appVersion: 2.0.0 +description: Provides ability to back up and restore the Rancher application running + on any Kubernetes cluster +icon: https://charts.rancher.io/assets/logos/backup-restore.svg +keywords: +- applications +- infrastructure +name: rancher-backup +version: 2.0.0 diff --git a/charts/rancher-backup/rancher-backup/2.0.0/README.md b/charts/rancher-backup/rancher-backup/2.0.0/README.md new file mode 100644 index 000000000..8d645b479 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/README.md @@ -0,0 +1,70 @@ +# Rancher Backup + +This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster. + +Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details. + +----- + +### Get Repo Info +```bash +helm repo add rancher-chart https://charts.rancher.io +helm repo update +``` + +----- + +### Install Chart +```bash +helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace +helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system +``` + +----- + +### Configuration +The following table lists the configurable parameters of the rancher-backup chart and their default values: + +| Parameter | Description | Default | +|----------|---------------|-------| +| image.repository | Container image repository | rancher/backup-restore-operator | +| image.tag | Container image tag | v0.1.0-rc1 | +| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false | +| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" | +| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials. This can be any namespace. | "" | +| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" | +| s3.bucketName | Name of the Bucket | "" | +| s3.folder | Base folder within the Bucket (optional) | "" | +| s3.endpoint | Endpoint for the S3 storage provider | "" | +| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" | +| s3.insecureTLSSkipVerify | Skip SSL verification | false | +| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false | +| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" | +| persistence.volumeName | Persistent Volume to use for storing backups | "" | +| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" | +| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} | +| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] | +| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} | +| serviceAccount.annotations | Annotations to apply to created service account | {} | + +----- + +### CRDs + +Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs. + +----- +### Upgrading Chart +```bash +helm upgrade rancher-backup-crd -n cattle-resources-system +helm upgrade rancher-backup -n cattle-resources-system +``` + +----- +### Uninstall Chart + +```bash +helm uninstall rancher-backup -n cattle-resources-system +helm uninstall rancher-backup-crd -n cattle-resources-system +``` + diff --git a/charts/rancher-backup/rancher-backup/2.0.0/app-readme.md b/charts/rancher-backup/rancher-backup/2.0.0/app-readme.md new file mode 100644 index 000000000..15a021cdb --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/app-readme.md @@ -0,0 +1,15 @@ +# Rancher Backup + +This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/). + +This chart installs the following components: + +- [backup-restore-operator](https://github.com/rancher/backup-restore-operator) + - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location. + - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store. + - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects. + - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). +- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals. +- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to. diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/aks.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/aks.yaml new file mode 100644 index 000000000..de8ec1b8a --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/aks.yaml @@ -0,0 +1,25 @@ +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "aks.cattle.io$" +- apiVersion: "aks.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + namespaces: + - "cattle-system" + resourceNames: + - "aks-config-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNames: + - "aks-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNames: + - "aks-operator" +- apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaces: + - "cattle-system" + resourceNames: + - "aks-operator" diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/eks.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/eks.yaml new file mode 100644 index 000000000..59f47ce47 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/eks.yaml @@ -0,0 +1,17 @@ +- apiVersion: "eks.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "eks-config-operator" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "eks.cattle.io$" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNames: + - "eks-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNames: + - "eks-operator" diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/fleet.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/fleet.yaml new file mode 100644 index 000000000..68b0dfadb --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/fleet.yaml @@ -0,0 +1,49 @@ +- apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^fleet-|^cluster-fleet-" +- apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] + - key: "fleet.cattle.io/managed" + operator: "In" + values: ["true"] +- apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-" +- apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^fleet-|^gitjob-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^fleet-" + resourceNames: + - "gitjob" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "fleet.cattle.io$|gitjob.cattle.io$" +- apiVersion: "fleet.cattle.io/v1alpha1" + kindsRegexp: "." +- apiVersion: "gitjob.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-" + resourceNameRegexp: "^fleet-" + resourceNames: + - "gitjob" +- apiVersion: "apps/v1" + kindsRegexp: "^services$" + namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-" + resourceNames: + - "gitjob" diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/gke.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/gke.yaml new file mode 100644 index 000000000..a77019235 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/gke.yaml @@ -0,0 +1,17 @@ +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "gke.cattle.io$" +- apiVersion: "gke.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "gke-config-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNames: + - "gke-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNames: + - "gke-operator" diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/provisioningv2.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/provisioningv2.yaml new file mode 100644 index 000000000..a881eb381 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/provisioningv2.yaml @@ -0,0 +1,18 @@ +- apiVersion: "apiextensions.k8s.io/v1" + kindsRegexp: "." + resourceNameRegexp: "provisioning.cattle.io$|rke-machine-config.cattle.io$|rke-machine.cattle.io$|rke.cattle.io$|cluster.x-k8s.io$" +- apiVersion: "provisioning.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "rke-machine-config.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "rke-machine.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "rke.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "cluster.x-k8s.io/v1alpha4" + kindsRegexp: "." +- apiVersion: "v1" + kindsRegexp: "^secrets$" + resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$" + namespaces: + - "fleet-default" \ No newline at end of file diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher-operator.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher-operator.yaml new file mode 100644 index 000000000..3518fb5b7 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher-operator.yaml @@ -0,0 +1,27 @@ +- apiVersion: "rancher.cattle.io/v1" + kindsRegexp: "." +- apiVersion: "apps/v1" + kindsRegexp: "^deployments$" + resourceNames: + - "rancher-operator" + namespaces: + - "rancher-operator-system" +- apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaces: + - "rancher-operator-system" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNames: + - "rancher-operator" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNames: + - "rancher-operator" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "rancher.cattle.io$" +- apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNames: + - "rancher-operator-system" diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher.yaml new file mode 100644 index 000000000..521ff8473 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher.yaml @@ -0,0 +1,49 @@ +- apiVersion: "v1" + kindsRegexp: "^namespaces$" + resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-" + resourceNames: + - "local" +- apiVersion: "v1" + kindsRegexp: "^secrets$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" + labelSelectors: + matchExpressions: + - key: "owner" + operator: "NotIn" + values: ["helm"] +- apiVersion: "v1" + kindsRegexp: "^serviceaccounts$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" +- apiVersion: "v1" + kindsRegexp: "^configmaps$" + namespaces: + - "cattle-system" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^roles$|^rolebindings$" + namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterrolebindings$" + resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-|^crb-" +- apiVersion: "rbac.authorization.k8s.io/v1" + kindsRegexp: "^clusterroles$" + resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$" +- apiVersion: "apiextensions.k8s.io/v1beta1" + kindsRegexp: "." + resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|resources.cattle.io$" +- apiVersion: "management.cattle.io/v3" + kindsRegexp: "." + excludeKinds: + - "tokens" +- apiVersion: "management.cattle.io/v3" + kindsRegexp: "^tokens$" + labelSelectors: + matchExpressions: + - key: "authn.management.cattle.io/kind" + operator: "NotIn" + values: [ "provisioning" ] +- apiVersion: "project.cattle.io/v3" + kindsRegexp: "." +- apiVersion: "catalog.cattle.io/v1" + kindsRegexp: "^clusterrepos$" +- apiVersion: "resources.cattle.io/v1" + kindsRegexp: "^ResourceSet$" diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/_helpers.tpl b/charts/rancher-backup/rancher-backup/2.0.0/templates/_helpers.tpl new file mode 100644 index 000000000..0f2218ab5 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/_helpers.tpl @@ -0,0 +1,83 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "backupRestore.fullname" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "backupRestore.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "backupRestore.labels" -}} +helm.sh/chart: {{ include "backupRestore.chart" . }} +{{ include "backupRestore.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "backupRestore.selectorLabels" -}} +app.kubernetes.io/name: {{ include "backupRestore.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +resources.cattle.io/operator: backup-restore +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "backupRestore.serviceAccountName" -}} +{{ include "backupRestore.fullname" . }} +{{- end }} + + +{{- define "backupRestore.s3SecretName" -}} +{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create PVC name using release and revision number. +*/}} +{{- define "backupRestore.pvcName" -}} +{{- printf "%s-%d" .Release.Name .Release.Revision }} +{{- end }} + diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/clusterrolebinding.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..cf4abf670 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "backupRestore.fullname" . }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/deployment.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/deployment.yaml new file mode 100644 index 000000000..a9127f6ec --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/deployment.yaml @@ -0,0 +1,62 @@ +{{- if and .Values.s3.enabled .Values.persistence.enabled }} +{{- fail "\n\nCannot configure both s3 and PV for storing backups" }} +{{- end }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "backupRestore.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "backupRestore.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "backupRestore.selectorLabels" . | nindent 8 }} + annotations: + checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }} + checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "backupRestore.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: Always + env: + - name: CHART_NAMESPACE + value: {{ .Release.Namespace }} + {{- if .Values.s3.enabled }} + - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION + value: {{ include "backupRestore.s3SecretName" . }} + {{- end }} + {{- if .Values.persistence.enabled }} + - name: DEFAULT_PERSISTENCE_ENABLED + value: "persistence-enabled" + volumeMounts: + - mountPath: "/var/lib/backups" + name: pv-storage + volumes: + - name: pv-storage + persistentVolumeClaim: + claimName: {{ include "backupRestore.pvcName" . }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux-node-tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/hardened.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/hardened.yaml new file mode 100644 index 000000000..97fca2be0 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/hardened.yaml @@ -0,0 +1,114 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "backupRestore.fullname" . }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: {{ include "backupRestore.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + backoffLimit: 1 + template: + spec: + serviceAccountName: {{ include "backupRestore.fullname" . }}-patch-sa + securityContext: + runAsNonRoot: true + runAsUser: 1000 + restartPolicy: Never + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + containers: + - name: {{ include "backupRestore.fullname" . }}-patch-sa + image: {{ include "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }} + imagePullPolicy: IfNotPresent + command: ["kubectl", "-n", {{ .Release.Namespace | quote }}, "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.fullname" . }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: {{ include "backupRestore.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "backupRestore.fullname" . }}-patch-sa + labels: {{ include "backupRestore.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +rules: + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "patch"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ include "backupRestore.fullname" . }}-patch-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "backupRestore.fullname" . }}-patch-sa + labels: {{ include "backupRestore.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "backupRestore.fullname" . }}-patch-sa +subjects: + - kind: ServiceAccount + name: {{ include "backupRestore.fullname" . }}-patch-sa + namespace: {{ .Release.Namespace }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "backupRestore.fullname" . }}-patch-sa + labels: {{ include "backupRestore.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "backupRestore.fullname" . }}-default-allow-all + namespace: {{ .Release.Namespace }} +spec: + podSelector: {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/psp.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/psp.yaml new file mode 100644 index 000000000..a756eef2d --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/psp.yaml @@ -0,0 +1,29 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "backupRestore.fullname" . }}-psp + labels: {{ include "backupRestore.labels" . | nindent 4 }} +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'persistentVolumeClaim' + - 'secret' diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/pvc.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/pvc.yaml new file mode 100644 index 000000000..ff57e4dab --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "backupRestore.pvcName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + {{- with .Values.persistence }} + requests: + storage: {{ .size | quote }} +{{- if .storageClass }} +{{- if (eq "-" .storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: {{ .storageClass | quote }} +{{- end }} +{{- end }} +{{- if .volumeName }} + volumeName: {{ .volumeName | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/rancher-resourceset.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/rancher-resourceset.yaml new file mode 100644 index 000000000..05add8824 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/rancher-resourceset.yaml @@ -0,0 +1,13 @@ +apiVersion: resources.cattle.io/v1 +kind: ResourceSet +metadata: + name: rancher-resource-set +controllerReferences: + - apiVersion: "apps/v1" + resource: "deployments" + name: "rancher" + namespace: "cattle-system" +resourceSelectors: +{{- range $path, $_ := .Files.Glob "files/default-resourceset-contents/*.yaml" -}} + {{- $.Files.Get $path | nindent 2 -}} +{{- end -}} diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/s3-secret.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/s3-secret.yaml new file mode 100644 index 000000000..726509730 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/s3-secret.yaml @@ -0,0 +1,31 @@ +{{- if .Values.s3.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "backupRestore.s3SecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- with .Values.s3 }} + {{- if .credentialSecretName }} + credentialSecretName: {{ .credentialSecretName }} + credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }} + {{- end }} + {{- if .region }} + region: {{ .region | quote }} + {{- end }} + bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName | quote }} + {{- if .folder }} + folder: {{ .folder | quote }} + {{- end }} + endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint | quote }} + {{- if .endpointCA }} + endpointCA: {{ .endpointCA }} + {{- end }} + {{- if .insecureTLSSkipVerify }} + insecureTLSSkipVerify: {{ .insecureTLSSkipVerify | quote }} + {{- end }} + {{- end }} +{{ end }} diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/serviceaccount.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..754e1fe89 --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "backupRestore.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "backupRestore.labels" . | nindent 4 }} +{{- if .Values.serviceAccount.annotations }} + annotations: + {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/validate-install-crd.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/validate-install-crd.yaml new file mode 100644 index 000000000..f63fd2e2e --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/validate-install-crd.yaml @@ -0,0 +1,16 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "resources.cattle.io/v1/Backup" false -}} +# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}} +# {{- set $found "resources.cattle.io/v1/Restore" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-backup/rancher-backup/2.0.0/values.yaml b/charts/rancher-backup/rancher-backup/2.0.0/values.yaml new file mode 100644 index 000000000..782140e1c --- /dev/null +++ b/charts/rancher-backup/rancher-backup/2.0.0/values.yaml @@ -0,0 +1,57 @@ +image: + repository: rancher/backup-restore-operator + tag: v2.0.0 + +## Default s3 bucket for storing all backup files created by the backup-restore-operator +s3: + enabled: false + ## credentialSecretName if set, should be the name of the Secret containing AWS credentials. + ## To use IAM Role, don't set this field + credentialSecretName: "" + credentialSecretNamespace: "" + region: "" + bucketName: "" + folder: "" + endpoint: "" + endpointCA: "" + insecureTLSSkipVerify: false + +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups +persistence: + enabled: false + + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 + ## + storageClass: "-" + + ## If you want to disable dynamic provisioning by setting storageClass to "-" above, + ## and want to target a particular PV, provide name of the target volume + volumeName: "" + + ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/ + size: 2Gi + + +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +serviceAccount: + annotations: {} + +priorityClassName: "" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/Chart.yaml new file mode 100644 index 000000000..1fbd801ef --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 2.0.0 diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/README.md new file mode 100644 index 000000000..f6d9ef621 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscan.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscan.yaml new file mode 100644 index 000000000..3cbb0ffcd --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscan.yaml @@ -0,0 +1,148 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + scope: Cluster + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - jsonPath: .status.summary.total + name: Total + type: string + - jsonPath: .status.summary.pass + name: Pass + type: string + - jsonPath: .status.summary.fail + name: Fail + type: string + - jsonPath: .status.summary.skip + name: Skip + type: string + - jsonPath: .status.summary.warn + name: Warn + type: string + - jsonPath: .status.summary.notApplicable + name: Not Applicable + type: string + - jsonPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + - jsonPath: .spec.scheduledScanConfig.cronSchedule + name: CronSchedule + type: string + subresources: + status: {} + schema: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + scheduledScanConfig: + nullable: true + properties: + cronSchedule: + nullable: true + type: string + retentionCount: + type: integer + scanAlertRule: + nullable: true + properties: + alertOnComplete: + type: boolean + alertOnFailure: + type: boolean + type: object + type: object + scoreWarning: + enum: + - pass + - fail + nullable: true + type: string + type: object + status: + properties: + NextScanAt: + nullable: true + type: string + ScanAlertingRuleName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + warn: + type: integer + type: object + type: object + type: object diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanbenchmark.yaml new file mode 100644 index 000000000..fd291f8c3 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanbenchmark.yaml @@ -0,0 +1,54 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + scope: Cluster + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.clusterProvider + name: ClusterProvider + type: string + - jsonPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - jsonPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + - jsonPath: .spec.customBenchmarkConfigMapName + name: customBenchmarkConfigMapName + type: string + - jsonPath: .spec.customBenchmarkConfigMapNamespace + name: customBenchmarkConfigMapNamespace + type: string + subresources: + status: {} + schema: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNamespace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanprofile.yaml new file mode 100644 index 000000000..1e75501b7 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanprofile.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + additionalPrinterColumns: + - jsonPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanreport.yaml new file mode 100644 index 000000000..6e8c0b7de --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanreport.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + scope: Cluster + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - jsonPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + subresources: + status: {} + schema: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/Chart.yaml new file mode 100644 index 000000000..45dcb49d5 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/Chart.yaml @@ -0,0 +1,19 @@ +annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: rancher-cis-benchmark +apiVersion: v1 +appVersion: v1.0.5 +description: The cis-operator enables running CIS benchmark security scans on a kubernetes + cluster +icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg +keywords: +- security +name: rancher-cis-benchmark +version: 2.0.0 diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/README.md new file mode 100644 index 000000000..50beab58b --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/README.md @@ -0,0 +1,9 @@ +# Rancher CIS Benchmark Chart + +The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. + +# Installation + +``` +helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system +``` diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/app-readme.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/app-readme.md new file mode 100644 index 000000000..5e495d605 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/app-readme.md @@ -0,0 +1,15 @@ +# Rancher CIS Benchmarks + +This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). + +This chart installs the following components: + +- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. +- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. +- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. +- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. +- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. + - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. + - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/_helpers.tpl b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/_helpers.tpl new file mode 100644 index 000000000..67f4ce116 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "cis.namespace" -}} + {{- .Release.Namespace | default "cis-operator-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux_node_tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/alertingrule.yaml new file mode 100644 index 000000000..1787c88a0 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/alertingrule.yaml @@ -0,0 +1,14 @@ +{{- if .Values.alerts.enabled -}} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: rancher-cis-pod-monitor + namespace: {{ template "cis.namespace" . }} +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + podMetricsEndpoints: + - port: cismetrics +{{- end }} diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.5.yaml new file mode 100644 index 000000000..39e8b834a --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.6.yaml new file mode 100644 index 000000000..93ba064f4 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.6.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.6 +spec: + clusterProvider: "" + minKubernetesVersion: "1.16.0" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-eks-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-eks-1.0.yaml new file mode 100644 index 000000000..bd2e32cd3 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-gke-1.0.yaml new file mode 100644 index 000000000..72122e8c5 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-hardened.yaml new file mode 100644 index 000000000..3ca9b6009 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.6-hardened +spec: + clusterProvider: k3s + minKubernetesVersion: "1.20.5" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-permissive.yaml new file mode 100644 index 000000000..6d4253c6e --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: k3s-cis-1.6-permissive +spec: + clusterProvider: k3s + minKubernetesVersion: "1.20.5" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100644 index 000000000..b5627f966 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100644 index 000000000..95f80c0f0 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-hardened.yaml new file mode 100644 index 000000000..d75de8154 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-permissive.yaml new file mode 100644 index 000000000..52428f4a7 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.6-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.16.0" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-hardened.yaml new file mode 100644 index 000000000..3d83e9bd8 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-permissive.yaml new file mode 100644 index 000000000..f66aa8f6e --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.5-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.18.0" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-hardened.yaml new file mode 100644 index 000000000..3593bf371 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-hardened +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.20.5" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-permissive.yaml new file mode 100644 index 000000000..522f846ae --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke2-cis-1.6-permissive +spec: + clusterProvider: rke2 + minKubernetesVersion: "1.20.5" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/cis-roles.yaml new file mode 100644 index 000000000..23c93dc65 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/cis-roles.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-admin +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["create", "update", "delete", "patch","get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cis-view +rules: + - apiGroups: + - cis.cattle.io + resources: + - clusterscanbenchmarks + - clusterscanprofiles + - clusterscans + - clusterscanreports + verbs: ["get", "watch", "list"] + - apiGroups: + - catalog.cattle.io + resources: ["apps"] + resourceNames: ["rancher-cis-benchmark"] + verbs: ["get", "watch", "list"] + - apiGroups: + - "" + resources: + - configmaps + verbs: ["get", "watch", "list"] diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/configmap.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/configmap.yaml new file mode 100644 index 000000000..6cbc23db4 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/configmap.yaml @@ -0,0 +1,17 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: default-clusterscanprofiles + namespace: {{ template "cis.namespace" . }} +data: + # Default ClusterScanProfiles per cluster provider type + rke: |- + <1.16.0: rke-profile-permissive-1.5 + >=1.16.0: rke-profile-permissive-1.6 + rke2: |- + <1.20.5: rke2-cis-1.5-profile-permissive + >=1.20.5: rke2-cis-1.6-profile-permissive + eks: "eks-profile" + gke: "gke-profile" + k3s: "k3s-cis-1.6-profile-permissive" + default: "cis-1.6-profile" diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/deployment.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/deployment.yaml new file mode 100644 index 000000000..0d3c75e39 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cis-operator + namespace: {{ template "cis.namespace" . }} + labels: + cis.cattle.io/operator: cis-operator +spec: + selector: + matchLabels: + cis.cattle.io/operator: cis-operator + template: + metadata: + labels: + cis.cattle.io/operator: cis-operator + spec: + serviceAccountName: cis-operator-serviceaccount + containers: + - name: cis-operator + image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' + imagePullPolicy: Always + ports: + - name: cismetrics + containerPort: {{ .Values.alerts.metricsPort }} + env: + - name: SECURITY_SCAN_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} + - name: SECURITY_SCAN_IMAGE_TAG + value: {{ .Values.image.securityScan.tag }} + - name: SONOBUOY_IMAGE + value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} + - name: SONOBUOY_IMAGE_TAG + value: {{ .Values.image.sonobuoy.tag }} + - name: CIS_ALERTS_METRICS_PORT + value: '{{ .Values.alerts.metricsPort }}' + - name: CIS_ALERTS_SEVERITY + value: {{ .Values.alerts.severity }} + - name: CIS_ALERTS_ENABLED + value: {{ .Values.alerts.enabled | default "false" | quote }} + - name: CLUSTER_NAME + value: {{ .Values.global.cattle.clusterName }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + tolerations: + {{- include "linux_node_tolerations" . | nindent 8}} + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/network_policy_allow_all.yaml new file mode 100644 index 000000000..6ed5d645e --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/network_policy_allow_all.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ template "cis.namespace" . }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/patch_default_serviceaccount.yaml new file mode 100644 index 000000000..1efa3ed1c --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/patch_default_serviceaccount.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + spec: + serviceAccountName: cis-operator-serviceaccount + restartPolicy: Never + containers: + - name: sa + image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", {{ template "cis.namespace" . }}] + backoffLimit: 1 diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/rbac.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/rbac.yaml new file mode 100644 index 000000000..4ff88ea5f --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/rbac.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-operator-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cis-operator-role +subjects: +- kind: ServiceAccount + name: cis-serviceaccount + namespace: {{ template "cis.namespace" . }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cis-operator-installer +subjects: +- kind: ServiceAccount + name: cis-operator-serviceaccount + namespace: {{ template "cis.namespace" . }} +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.5.yml new file mode 100644 index 000000000..d69ae9dd5 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.6.yaml new file mode 100644 index 000000000..8a8d8bf88 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.6.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.6-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.6 diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-hardened.yml new file mode 100644 index 000000000..095e977ab --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.6-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-permissive.yml new file mode 100644 index 000000000..3b22a80c8 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: k3s-cis-1.6-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: k3s-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-hardened.yml new file mode 100644 index 000000000..4eabe158a --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-permissive.yml new file mode 100644 index 000000000..1f78751d1 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.5 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-hardened.yaml new file mode 100644 index 000000000..d38febd80 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-hardened.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-permissive.yaml new file mode 100644 index 000000000..d31b5b0d2 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-permissive.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive-1.6 + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-hardened.yml new file mode 100644 index 000000000..83eb3131e --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-hardened diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-permissive.yml new file mode 100644 index 000000000..40dc44bdf --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.5-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.5-permissive diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-hardened.yml new file mode 100644 index 000000000..c7ac7f949 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-permissive.yml new file mode 100644 index 000000000..96ca1345a --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke2-cis-1.6-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke2-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofileeks.yml new file mode 100644 index 000000000..49c7e0246 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofileeks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: eks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: eks-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofilegke.yml new file mode 100644 index 000000000..2ddd0686f --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofilegke.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: gke-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..ec48ec622 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + name: cis-operator-serviceaccount +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ template "cis.namespace" . }} + labels: + app.kubernetes.io/name: rancher-cis-benchmark + app.kubernetes.io/instance: release-name + name: cis-serviceaccount diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/validate-install-crd.yaml new file mode 100644 index 000000000..562295791 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/values.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/values.yaml new file mode 100644 index 000000000..ed39c8353 --- /dev/null +++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/values.yaml @@ -0,0 +1,45 @@ +# Default values for rancher-cis-benchmark. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + cisoperator: + repository: rancher/cis-operator + tag: v1.0.5 + securityScan: + repository: rancher/security-scan + tag: v0.2.3 + sonobuoy: + repository: rancher/mirrored-sonobuoy-sonobuoy + tag: v0.16.3 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +global: + cattle: + systemDefaultRegistry: "" + clusterName: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 + +alerts: + enabled: false + severity: warning + metricsPort: 8080 diff --git a/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/Chart.yaml b/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/Chart.yaml new file mode 100644 index 000000000..6cfcc2d33 --- /dev/null +++ b/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-eks-operator-crd +apiVersion: v2 +appVersion: 1.1.1 +description: EKS Operator CustomResourceDefinitions +name: rancher-eks-operator-crd +version: 100.0.0+up1.1.1 diff --git a/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/templates/crds.yaml b/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/templates/crds.yaml new file mode 100644 index 000000000..9a4634d81 --- /dev/null +++ b/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/templates/crds.yaml @@ -0,0 +1,216 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + name: eksclusterconfigs.eks.cattle.io +spec: + group: eks.cattle.io + names: + kind: EKSClusterConfig + plural: eksclusterconfigs + shortNames: + - ekscc + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + amazonCredentialSecret: + nullable: true + type: string + displayName: + nullable: true + type: string + imported: + type: boolean + kmsKey: + nullable: true + type: string + kubernetesVersion: + nullable: true + type: string + loggingTypes: + items: + nullable: true + type: string + nullable: true + type: array + nodeGroups: + items: + properties: + desiredSize: + nullable: true + type: integer + diskSize: + nullable: true + type: integer + ec2SshKey: + nullable: true + type: string + gpu: + nullable: true + type: boolean + imageId: + nullable: true + type: string + instanceType: + nullable: true + type: string + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + launchTemplate: + nullable: true + properties: + id: + nullable: true + type: string + name: + nullable: true + type: string + version: + nullable: true + type: integer + type: object + maxSize: + nullable: true + type: integer + minSize: + nullable: true + type: integer + nodegroupName: + nullable: true + type: string + requestSpotInstances: + nullable: true + type: boolean + resourceTags: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + spotInstanceTypes: + items: + nullable: true + type: string + nullable: true + type: array + subnets: + items: + nullable: true + type: string + nullable: true + type: array + tags: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + userData: + nullable: true + type: string + version: + nullable: true + type: string + required: + - nodegroupName + type: object + nullable: true + type: array + privateAccess: + nullable: true + type: boolean + publicAccess: + nullable: true + type: boolean + publicAccessSources: + items: + nullable: true + type: string + nullable: true + type: array + region: + nullable: true + type: string + secretsEncryption: + nullable: true + type: boolean + securityGroups: + items: + nullable: true + type: string + nullable: true + type: array + serviceRole: + nullable: true + type: string + subnets: + items: + nullable: true + type: string + nullable: true + type: array + tags: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + type: object + status: + properties: + failureMessage: + nullable: true + type: string + managedLaunchTemplateID: + nullable: true + type: string + managedLaunchTemplateVersions: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + networkFieldsSource: + nullable: true + type: string + phase: + nullable: true + type: string + securityGroups: + items: + nullable: true + type: string + nullable: true + type: array + subnets: + items: + nullable: true + type: string + nullable: true + type: array + templateVersionsToDelete: + items: + nullable: true + type: string + nullable: true + type: array + virtualNetwork: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/Chart.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/Chart.yaml new file mode 100644 index 000000000..a26b3f506 --- /dev/null +++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-eks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.6.0-alpha' + catalog.cattle.io/release-name: rancher-eks-operator + catalog.cattle.io/scope: management +apiVersion: v2 +appVersion: 1.1.1 +description: A Helm chart for provisioning EKS clusters +home: https://github.com/rancher/eks-operator +name: rancher-eks-operator +sources: +- https://github.com/rancher/eks-operator +version: 100.0.0+up1.1.1 diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/NOTES.txt b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/NOTES.txt new file mode 100644 index 000000000..23a1b4a8b --- /dev/null +++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/NOTES.txt @@ -0,0 +1,4 @@ +You have deployed the Rancher EKS operator +Version: {{ .Chart.AppVersion }} +Description: This operator provisions EKS clusters +from EKSClusterConfig CRs. diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/_helpers.tpl b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/_helpers.tpl new file mode 100644 index 000000000..be11b4a66 --- /dev/null +++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrole.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrole.yaml new file mode 100644 index 000000000..d0d561b6e --- /dev/null +++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: eks-operator + namespace: cattle-system +rules: + - apiGroups: [''] + resources: ['secrets'] + verbs: ['get', 'list', 'create', 'watch'] + - apiGroups: ['eks.cattle.io'] + resources: ['eksclusterconfigs'] + verbs: ['get', 'list', 'update', 'watch'] + - apiGroups: ['eks.cattle.io'] + resources: ['eksclusterconfigs/status'] + verbs: ['update'] diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..2b1846353 --- /dev/null +++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eks-operator + namespace: cattle-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: eks-operator +subjects: +- kind: ServiceAccount + name: eks-operator + namespace: cattle-system diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/deployment.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/deployment.yaml new file mode 100644 index 000000000..b0717cb79 --- /dev/null +++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: eks-config-operator + namespace: cattle-system +spec: + replicas: 1 + selector: + matchLabels: + ke.cattle.io/operator: eks + template: + metadata: + labels: + ke.cattle.io/operator: eks + spec: + serviceAccountName: eks-operator + securityContext: + fsGroup: 1007 + runAsUser: 1007 + containers: + - name: eks-operator + image: {{ template "system_default_registry" . }}{{ .Values.eksOperator.image.repository }}:{{ .Values.eksOperator.image.tag }} + imagePullPolicy: IfNotPresent + env: + - name: HTTP_PROXY + value: {{ .Values.httpProxy }} + - name: HTTPS_PROXY + value: {{ .Values.httpsProxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} +{{- if .Values.additionalTrustedCAs }} + # eks-operator mounts the additional CAs in two places: + volumeMounts: + # This directory is owned by the eks-operator user so c_rehash works here. + - mountPath: /etc/rancher/ssl/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + # This directory is root-owned so c_rehash doesn't work here, + # but the cert is here in case update-ca-certificates is called in the future or by the OS. + - mountPath: /etc/pki/trust/anchors/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + volumes: + - name: tls-ca-additional-volume + secret: + defaultMode: 0400 + secretName: tls-ca-additional + {{- end }} diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml new file mode 100644 index 000000000..934de07e0 --- /dev/null +++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: cattle-system + name: eks-operator diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/values.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/values.yaml new file mode 100644 index 000000000..a369f1f9f --- /dev/null +++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/values.yaml @@ -0,0 +1,12 @@ +global: + systemDefaultRegistry: "" + +eksOperator: + image: + repository: rancher/eks-operator + tag: v1.1.1 + +httpProxy: "" +httpsProxy: "" +noProxy: "" +additionalTrustedCAs: false diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/.helmignore b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml new file mode 100644 index 000000000..f4bb5e767 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: External IP Webhook + catalog.cattle.io/namespace: cattle-externalip-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-external-ip-webhook + catalog.cattle.io/ui-component: rancher-external-ip-webhook +apiVersion: v1 +appVersion: v1.0.0 +description: | + Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 +home: https://github.com/rancher/externalip-webhook +keywords: +- cve +- externalip +- webhook +- security +maintainers: +- email: raul@rancher.com + name: rawmind0 +name: rancher-external-ip-webhook +sources: +- https://github.com/rancher/externalip-webhook +version: 100.0.0+up1.0.0 diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/README.md b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/README.md new file mode 100644 index 000000000..4890065a7 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/README.md @@ -0,0 +1,69 @@ +# externalip-webhook + +## Chart Details + +This chart will create a deployment of `externalip-webhook` within your Kubernetes Cluster. It's required to mitigate k8s CVE-2020-8554. + +## Installing the Chart + +To install the chart with the release name `rancher-external-ip-webhook`: + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +## Configuration + +The following table lists the configurable parameters of the externalip-webhook chart and their default values. + + +| Parameter | Description | Default | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | +| `allowedExternalIPCidrs` | Set allowed external IP CIDRs separated by a comma | `""` | +| `certificates.caBundle` | If cert-manager integration is disabled, add here self signed ca.crt in base64 format | `""` | +| `certificates.certManager.enabled` | Enable cert manager integration. Cert manager should be already installed at the k8s cluster | `true` | +| `certificates.certManager.version` | Cert manager version to use | `""` | +| `certificates.secretName` | If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt & tls.key) as k8s secretName in the namespace | `"webhook-server-cert"` | +| `global.systemDefaultRegistry` | Pull docker images from systemDefaultRegistry | `""` | +| `image.pullPolicy` | Webhook server docker pull policy | `"IfNotPresent"` | +| `image.pullSecrets` | Webhook server docker pull secret | `""` | +| `image.repository` | Webhook server docker image repository | `"rancher/externalip-webhook"` | +| `image.tag` | Webhook server docker image tag Defaults to | `".Chart.appVersion"` | +| `metrics.enabled` | Enable metrics endpoint | `false` | +| `metrics.port` | Webhook metrics pod port | `8443` | +| `metrics.prometheusExport` | Enable Prometheus export. Follow [exporting-metrics-for-prometheus](https://book.kubebuilder.io/reference/metrics.html#exporting-metrics-for-prometheus) to export the webhook metrics | `false` | +| `metrics.authProxy.enabled` | Enable auth proxy for metrics endpoint | `false` | +| `metrics.authProxy.port` | Webhook auth proxy pod port | `8080` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker pull policy | `"IfNotPresent"` | +| `metrics.authProxy.image.pullSecrets`| Webhook auth proxy docker pull secrets | `""` | +| `metrics.authProxy.image.repository` | Webhook auth proxy docker image repository | `"gcr.io/kubebuilder/kube-rbac-proxy"` | +| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker image tag | `"v0.5.0"` | +| `metrics.authProxy.resources.limits.cpu` | Webhook auth proxy resource cpu limit | `"100m"` | +| `metrics.authProxy.resources.limits.memory` | Webhook auth proxy resource memory limit | `"30Mi"` | +| `metrics.authProxy.resources.requests.cpu` | Webhook auth proxy wesource cpu reservation | `"100m"` | +| `metrics.authProxy.resources.requests.memory` | Webhook auth proxy resource memory reservation | `"20Mi"` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `rbac.apiVersion` | Rbac API version to use | `"v1"` | +| `resources.limits.cpu` | Resource cpu limit | `"100m"` | +| `resources.limits.memory` | Resource memory limit | `"30Mi"` | +| `resources.requests.cpu` | Resource cpu reservation | `"100m"` | +| `resources.requests.memory` | Resource memory reservation | `"20Mi"` | +| `service.metricsPort` | Webhook metrics service port | `8443` | +| `service.webhookPort` | Webhook server service port | `443` | +| `serviceAccountName` | Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false | `"default"` | +| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | +| `webhookPort` | Webhook server pod port | `9443` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm repo add rancher-chart https://charts.rancher.io +$ helm repo update +$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](https://github.com/rancher/externalip-webhook/blob/master/chart/values.yaml) diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/app-README.md b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/app-README.md new file mode 100644 index 000000000..bd8acd382 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/app-README.md @@ -0,0 +1,12 @@ +# externalip-webhook + +This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/) + +External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. +Cluster administrators can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator. + +External IP Webhook certificates are required. They can be generated in 2 ways: +* cert-manager: This is the default chart configuration. Cert manager should be already installed at the k8s cluster +* uploading certs: Disable `Cert Manager integration` and set `Secret name` and `CA Bundle` at `Certificates` section. + +For more information, review the Helm README of this chart. diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/questions.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/questions.yaml new file mode 100644 index 000000000..3ea9edd93 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/questions.yaml @@ -0,0 +1,26 @@ +questions: +# allowedExternalIPCidrs +- variable: allowedExternalIPCidrs + label: Allowed external IP cidrs + description: Set allowed external IP CIDRs separated by a comma + type: string + group: Configuration +- variable: certificates.certManager.enabled + default: true + description: Enable cert manager integration. Cert manager should be already installed + label: Enable Cert Manager integration + type: boolean + group: "Certificates" + show_subquestion_if: false + subquestions: + - variable: certificates.secretName + default: webhook-server-cert + description: Use certificates from secret. Secret should exists in the app namespace, with certs data (ca.crt, tls.crt & tls.key) + label: Secret name + type: string + required: true + - variable: certificates.caBundle + description: Use self signed CA Bundle. It should be provided in base64 format + label: CA Bundle + type: string + required: true diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/NOTES.txt b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/NOTES.txt new file mode 100644 index 000000000..74271bdd5 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that externalip-webhook has started, run: + + kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "externalip-webhook.name" . }},release={{ .Release.Name }}" diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/_helpers.tpl b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/_helpers.tpl new file mode 100644 index 000000000..cc8a9a0d3 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/_helpers.tpl @@ -0,0 +1,50 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "externalip-webhook.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "externalip-webhook.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if ne $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "externalip-webhook.labels" }} +app: {{ template "externalip-webhook.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +{{- end }} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/admissionregistration.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/admissionregistration.yaml new file mode 100644 index 000000000..d8152faa5 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/admissionregistration.yaml @@ -0,0 +1,30 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: +{{- if .Values.certificates.certManager.enabled }} + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "externalip-webhook.fullname" . }}-server-cert +{{- end }} + creationTimestamp: null + name: {{ template "externalip-webhook.fullname" . }}-validating-webhook-configuration +webhooks: +- clientConfig: +{{- if not (.Values.certificates.certManager.enabled) }} + caBundle: {{ .Values.certificates.caBundle }} +{{- end }} + service: + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} + path: /validate-service + failurePolicy: Ignore + name: {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - services \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrole.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrole.yaml new file mode 100644 index 000000000..46e18bf00 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrole.yaml @@ -0,0 +1,33 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) -}} +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRole +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrolebinding.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..2fa40817f --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrolebinding.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-cluster-view +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} +--- +apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} +kind: ClusterRoleBinding +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "externalip-webhook.fullname" . }}-proxy-role +subjects: +- kind: ServiceAccount + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/deployment.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/deployment.yaml new file mode 100644 index 000000000..c82754deb --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/deployment.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} + template: + metadata: + annotations: + seccomp.security.alpha.kubernetes.io/pod: runtime/default + labels: {{ include "externalip-webhook.labels" . | indent 8 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + spec: + containers: + {{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} + - name: {{ template "externalip-webhook.fullname" . }}-auth-proxy + args: + - --secure-listen-address=0.0.0.0:{{ .Values.metrics.port }} + - --upstream=http://127.0.0.1:{{ .Values.metrics.authProxy.port }}/ + - --logtostderr=true + - --v=10 + image: {{ template "system_default_registry" . }}{{ .Values.metrics.authProxy.image.repository}}:{{ .Values.metrics.authProxy.image.tag }} + imagePullPolicy: "{{ .Values.metrics.authProxy.image.pullPolicy }}" + ports: + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + resources: +{{ toYaml .Values.metrics.authProxy.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: webhook-metrics + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + {{- end }} + - name: {{ template "externalip-webhook.fullname" . }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ default .Chart.AppVersion .Values.image.tag }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + command: + - /webhook + args: + - --webhook-port={{ .Values.webhookPort }} + {{- if .Values.allowedExternalIPCidrs }} + - --allowed-external-ip-cidrs={{ .Values.allowedExternalIPCidrs }} + {{- end }} + {{- if .Values.metrics.enabled }} + {{- if .Values.metrics.authProxy.enabled }} + - --metrics-addr=127.0.0.1:{{ .Values.metrics.authProxy.port }} + {{- else }} + - --metrics-addr=0.0.0.0:{{ .Values.metrics.port }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.webhookPort }} + name: webhook-server + protocol: TCP + {{- if and (.Values.metrics.enabled) (not (.Values.metrics.authProxy.enabled)) }} + - containerPort: {{ .Values.metrics.port }} + name: webhook-metrics + protocol: TCP + {{- end }} + volumeMounts: + - name: server-cert + mountPath: /tmp/k8s-webhook-server/serving-certs + readOnly: true + resources: +{{ toYaml .Values.resources | indent 10 }} + readinessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + livenessProbe: + tcpSocket: + port: webhook-server + initialDelaySeconds: 5 + failureThreshold: 10 + periodSeconds: 30 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 6}} + {{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} + serviceAccountName: {{ template "externalip-webhook.fullname" . }} + volumes: + - name: server-cert + secret: + defaultMode: 420 + secretName: {{ .Values.certificates.secretName }} diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/issuer.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/issuer.yaml new file mode 100644 index 000000000..ff1c2de10 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/issuer.yaml @@ -0,0 +1,52 @@ +{{- if .Values.certificates.certManager.enabled -}} + {{- $certmanagerVer := split "." .Values.certificates.certManager.version -}} + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Certificate +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-server-cert + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: {{ template "externalip-webhook.fullname" . }}-issuer + secretName: {{ .Values.certificates.secretName }} +--- + {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} +apiVersion: cert-manager.io/v1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} +apiVersion: cert-manager.io/v1beta1 + {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} +apiVersion: cert-manager.io/v1alpha2 + {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} +apiVersion: certmanager.k8s.io/v1alpha1 + {{- else }} +# Setting latest version as default +apiVersion: cert-manager.io/v1 + {{- end }} +kind: Issuer +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +{{- end -}} + + diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/service.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/service.yaml new file mode 100644 index 000000000..256add3e4 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/service.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-server + port: {{ .Values.service.webhookPort }} + protocol: TCP + targetPort: {{ .Values.webhookPort }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- if .Values.metrics.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-metrics-service + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: webhook-metrics + port: {{ .Values.service.metricsPort }} + protocol: TCP + targetPort: {{ .Values.metrics.port }} + selector: + app: {{ template "externalip-webhook.name" . }} + type: "ClusterIP" +{{- end }} \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/serviceaccount.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..895df4f5b --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/servicemonitor.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/servicemonitor.yaml new file mode 100644 index 000000000..c481ea31d --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/servicemonitor.yaml @@ -0,0 +1,16 @@ +{{- if and (.Values.metrics.enabled) (.Values.metrics.prometheusExport) -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{ include "externalip-webhook.labels" . | indent 4 }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + name: {{ template "externalip-webhook.fullname" . }}-monitor + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + app: {{ template "externalip-webhook.name" . }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/admissionregistration_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/admissionregistration_test.yaml new file mode 100644 index 000000000..0660aa6e8 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/admissionregistration_test.yaml @@ -0,0 +1,32 @@ +suite: Test Admission Registration +templates: +- admissionregistration.yaml +tests: +- it: should render Admission Registration + asserts: + - equal: + path: apiVersion + value: admissionregistration.k8s.io/v1beta1 +- it: should render Admission Registration annotation and not caBundle if certificates.certManager.enabled = true + release: + name: rancher-externalip-webhook + namespace: test + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: metadata.annotations + value: + cert-manager.io/inject-ca-from: test/rancher-externalip-webhook-server-cert + - isNull: + path: webhooks[0].clientConfig.caBundle +- it: should render Admission Registration caBundle and not annotation if certificates.certManager.enabled = false + set: + certificates.caBundle: test + certificates.certManager.enabled: false + asserts: + - equal: + path: webhooks[0].clientConfig.caBundle + value: test + - isNull: + path: metadata.annotations diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrole_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrole_test.yaml new file mode 100644 index 000000000..9e563807b --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrole_test.yaml @@ -0,0 +1,37 @@ +suite: Test Cluster Roles +templates: +- clusterrole.yaml +tests: +- it: should not render Cluster Roles if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 0 + template: clusterrole.yaml +- it: should render Cluster Roles if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrole.yaml +- it: should render Cluster Roles with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Roles with custom rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrolebinding_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrolebinding_test.yaml new file mode 100644 index 000000000..2129573a3 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrolebinding_test.yaml @@ -0,0 +1,42 @@ +suite: Test Cluster Role Bindings +templates: +- clusterrolebinding.yaml +tests: +- it: should render Cluster Role Bindings with default rbac api version + set: + rbac.apiVersion: v1 + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 +- it: should render Cluster Role Bindings with custom rbac api version + set: + rbac.apiVersion: v1beta + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1beta +- it: should not render Cluster Role Binding proxy if metrics.enabled = false or metrics.authProxy.enabled = false + set: + metrics.enabled: false + metrics.authProxy.enabled: false + asserts: + - hasDocuments: + count: 1 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings proxy if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - hasDocuments: + count: 2 + template: clusterrolebinding.yaml +- it: should render Cluster Role Bindings with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: apiVersion + value: rbac.authorization.k8s.io/v1 \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/deployment_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/deployment_test.yaml new file mode 100644 index 000000000..50e3f9ec1 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/deployment_test.yaml @@ -0,0 +1,202 @@ +suite: Test Deployments +templates: +- deployment.yaml +tests: +- it: should render Deployment with allowed-external-ip-cidrs arg if allowedExternalIPCidrs is set + release: + name: rancher-externalip-webhook + set: + allowedExternalIPCidrs: "1,2" + asserts: + - equal: + path: spec.template.spec.containers[0].args[1] + value: --allowed-external-ip-cidrs=1,2 +- it: should render Deployment with default port, nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux +- it: should render Deployment with default port and custom nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + tolerations: + - key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + nodeSelector: + kubernetes.io/test: linux + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.tolerations[0] + value: + key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.tolerations[1] + value: + key: "cattle.io/test" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + - equal: + path: spec.template.spec.nodeSelector + value: + kubernetes.io/os: linux + kubernetes.io/test: linux +- it: should render Deployment with custom port and image if metrics.enabled = false and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + webhookPort: 9000 + image.repository: test + image.tag: dev-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with custom metrics port if metrics.enabled = true and metrics.authProxy.enabled = false + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.port: 8000 + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP + - equal: + path: spec.template.spec.containers[0].ports[1] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP +- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8443 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9443 + name: webhook-server + protocol: TCP +- it: should render Deployment with custom metrics port and image if metrics.enabled = true and metrics.authProxy.enabled = true + release: + name: rancher-externalip-webhook + set: + metrics.enabled: true + metrics.authProxy.enabled: true + metrics.port: 8000 + webhookPort: 9000 + image.repository: test + image.tag: dev-test + metrics.authProxy.image.repository: auth + metrics.authProxy.image.tag: auth-test + asserts: + - equal: + path: spec.template.spec.containers[0].name + value: rancher-externalip-webhook-auth-proxy + - equal: + path: spec.template.spec.containers[0].image + value: auth:auth-test + - equal: + path: spec.template.spec.containers[0].ports[0] + value: + containerPort: 8000 + name: webhook-metrics + protocol: TCP + - equal: + path: spec.template.spec.containers[1].name + value: rancher-externalip-webhook + - equal: + path: spec.template.spec.containers[1].image + value: test:dev-test + - equal: + path: spec.template.spec.containers[1].ports[0] + value: + containerPort: 9000 + name: webhook-server + protocol: TCP \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/issuer_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/issuer_test.yaml new file mode 100644 index 000000000..eeeb660b2 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/issuer_test.yaml @@ -0,0 +1,106 @@ +suite: Test Issuers +templates: +- issuer.yaml +tests: +- it: should not render issuer if certificates.certManager.enabled = false + set: + certificates.certManager.enabled: false + asserts: + - hasDocuments: + count: 0 + template: issuer.yaml +- it: should render issuer if certificates.certManager.enabled = true + set: + certificates.certManager.enabled: true + asserts: + - hasDocuments: + count: 2 + template: issuer.yaml +- it: should set issuer apiVersion with default cert-manager + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1beta1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using capabilities + capabilities: + apiversions: + - cert-manager.io/v1alpha2 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager < 0.11.0 using capabilities + capabilities: + apiversions: + - certmanager.k8s.io/v1alpha1 + set: + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 1.0.0 using parameter + set: + certificates.certManager.version: 1.0.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.16.0 using parameter + set: + certificates.certManager.version: 0.16.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1beta1 + template: issuer.yaml +- it: should set issuer apiVersion with cert-manager >= 0.11.0 using parameter + set: + certificates.certManager.version: 0.11.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: cert-manager.io/v1alpha2 + template: issuer.yaml +- it: should set letsEncrypt apiVersion with cert-manager < 0.11.0 using parameter + set: + certificates.certManager.version: 0.9.0 + certificates.certManager.enabled: true + asserts: + - equal: + path: apiVersion + value: certmanager.k8s.io/v1alpha1 + template: issuer.yaml diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/service_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/service_test.yaml new file mode 100644 index 000000000..a0ba4d352 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/service_test.yaml @@ -0,0 +1,69 @@ +suite: Test Services +templates: +- service.yaml +tests: +- it: should render webhook-server service with default webhookPort if metrics.enabled = false + set: + metrics.enabled: false + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 +- it: should render webhook-server service with custom webhookPort if metrics.enabled = false + set: + metrics.enabled: false + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 +- it: should render webhook-server and webhook-metrics services with default webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9443 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8443 + documentIndex: 1 +- it: should render webhook-server and webhook-metrics services with custom webhookPort and metrics.port, if metrics.enabled = true + set: + metrics.enabled: true + metrics.port: 8000 + webhookPort: 9000 + asserts: + - equal: + path: spec.ports[0] + value: + name: webhook-server + port: 443 + protocol: TCP + targetPort: 9000 + documentIndex: 0 + - equal: + path: spec.ports[0] + value: + name: webhook-metrics + port: 8443 + protocol: TCP + targetPort: 8000 + documentIndex: 1 \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/serviceaccount_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/serviceaccount_test.yaml new file mode 100644 index 000000000..5aebbc74b --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/serviceaccount_test.yaml @@ -0,0 +1,9 @@ +suite: Test Service Accounts +templates: +- serviceaccount.yaml +tests: +- it: should render Service Account + asserts: + - hasDocuments: + count: 1 + template: serviceaccount.yaml diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/servicemonitor_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/servicemonitor_test.yaml new file mode 100644 index 000000000..21989265e --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/servicemonitor_test.yaml @@ -0,0 +1,20 @@ +suite: Test Service Monitors +templates: +- servicemonitor.yaml +tests: +- it: should not render Service Monitor if metrics.enabled = false or metrics.prometheusExport = false + set: + metrics.enabled: false + metrics.prometheusExport: false + asserts: + - hasDocuments: + count: 0 + template: servicemonitor.yaml +- it: should render Service Account if metrics.enabled = true and metrics.authProxy.enabled = true + set: + metrics.enabled: true + metrics.prometheusExport: true + asserts: + - hasDocuments: + count: 1 + template: servicemonitor.yaml diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/values.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/values.yaml new file mode 100644 index 000000000..7a55b5809 --- /dev/null +++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/values.yaml @@ -0,0 +1,67 @@ +## Allowed external IP cidrs +allowedExternalIPCidrs: "" +## Certificates generation for webhook +certificates: + certManager: + # Enable cert manager integration. Cert manager should be already installed at the k8s cluster + enabled: true + version: "" + # If cert-manager integration is disabled, add self signed ca.crt in base64 format + caBundle: "" + # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace + secretName: webhook-server-cert +## Details about the image to be pulled. +image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/externalip-webhook + tag: v1.0.0 +## Enabling metrics endpoint +# Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation +metrics: + enabled: false + port: 8443 + # Enable webhook metrics export to Prometheus + prometheusExport: false + # Webhook metrics auth proxy. This option is just available for amd64 arch + authProxy: + enabled: false + port: 8080 + image: + pullPolicy: IfNotPresent + pullSecrets: [] + repository: rancher/mirrored-kube-rbac-proxy + tag: v0.5.0 + resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## RBAC +rbac: + apiVersion: v1 +## CPU and Memory limit and request for externalip-webhook +resources: + limits: + memory: 30Mi + cpu: 100m + requests: + memory: 20Mi + cpu: 100m +service: + metricsPort: 8443 + webhookPort: 443 +## Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false +serviceAccountName: default +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] +## Webhook server pod port +webhookPort: 9443 +global: + systemDefaultRegistry: "" diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/Chart.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/Chart.yaml new file mode 100644 index 000000000..8ac23d612 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/release-name: rancher-gatekeeper-crd +apiVersion: v1 +description: Installs the CRDs for rancher-gatekeeper. +name: rancher-gatekeeper-crd +type: application +version: 100.0.0+up3.5.1 diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/README.md b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/README.md new file mode 100644 index 000000000..26079c833 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/README.md @@ -0,0 +1,2 @@ +# rancher-gatekeeper-crd +A Rancher chart that installs the CRDs used by rancher-gatekeeper. diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assign-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assign-customresourcedefinition.yaml new file mode 100644 index 000000000..bf50fd1fb --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assign-customresourcedefinition.yaml @@ -0,0 +1,208 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + gatekeeper.sh/system: "yes" + name: assign.mutations.gatekeeper.sh +spec: + group: mutations.gatekeeper.sh + names: + kind: Assign + listKind: AssignList + plural: assign + singular: assign + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Assign is the Schema for the assign API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AssignSpec defines the desired state of Assign + properties: + applyTo: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file' + items: + description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed. + properties: + groups: + items: + type: string + type: array + kinds: + items: + type: string + type: array + versions: + items: + type: string + type: array + type: object + type: array + location: + type: string + match: + description: Match selects objects to apply mutations to. + properties: + excludedNamespaces: + items: + type: string + type: array + kinds: + items: + description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + properties: + apiGroups: + description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + items: + type: string + type: array + kinds: + items: + type: string + type: array + type: object + type: array + labelSelector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + items: + type: string + type: array + scope: + description: ResourceScope is an enum defining the different scopes available to a custom resource + type: string + type: object + parameters: + properties: + assign: + description: Assign.value holds the value to be assigned + type: object + x-kubernetes-preserve-unknown-fields: true + assignIf: + description: once https://github.com/kubernetes-sigs/controller-tools/pull/528 is merged, we can use an actual object + type: object + pathTests: + items: + description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate" + properties: + condition: + description: Condition describes whether the path either MustExist or MustNotExist in the original object + enum: + - MustExist + - MustNotExist + type: string + subPath: + type: string + type: object + type: array + type: object + type: object + status: + description: AssignStatus defines the observed state of Assign + properties: + byPod: + items: + description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus + properties: + enforced: + type: boolean + errors: + items: + description: MutatorError represents a single error caught while adding a mutator to a system + properties: + message: + type: string + required: + - message + type: object + type: array + id: + type: string + mutatorUID: + description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assignmetadata-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assignmetadata-customresourcedefinition.yaml new file mode 100644 index 000000000..84ea3cc8a --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assignmetadata-customresourcedefinition.yaml @@ -0,0 +1,173 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + gatekeeper.sh/system: "yes" + name: assignmetadata.mutations.gatekeeper.sh +spec: + group: mutations.gatekeeper.sh + names: + kind: AssignMetadata + listKind: AssignMetadataList + plural: assignmetadata + singular: assignmetadata + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AssignMetadata is the Schema for the assignmetadata API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AssignMetadataSpec defines the desired state of AssignMetadata + properties: + location: + type: string + match: + description: Match selects objects to apply mutations to. + properties: + excludedNamespaces: + items: + type: string + type: array + kinds: + items: + description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope. + properties: + apiGroups: + description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. + items: + type: string + type: array + kinds: + items: + type: string + type: array + type: object + type: array + labelSelector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + items: + type: string + type: array + scope: + description: ResourceScope is an enum defining the different scopes available to a custom resource + type: string + type: object + parameters: + properties: + assign: + description: Assign.value holds the value to be assigned + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + status: + description: AssignMetadataStatus defines the observed state of AssignMetadata + properties: + byPod: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + items: + description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus + properties: + enforced: + type: boolean + errors: + items: + description: MutatorError represents a single error caught while adding a mutator to a system + properties: + message: + type: string + required: + - message + type: object + type: array + id: + type: string + mutatorUID: + description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/config-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/config-customresourcedefinition.yaml new file mode 100644 index 000000000..a6be27dc6 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/config-customresourcedefinition.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + gatekeeper.sh/system: "yes" + name: configs.config.gatekeeper.sh +spec: + group: config.gatekeeper.sh + names: + kind: Config + listKind: ConfigList + plural: configs + singular: config + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Config is the Schema for the configs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec defines the desired state of Config + properties: + match: + description: Configuration for namespace exclusion + items: + properties: + excludedNamespaces: + items: + type: string + type: array + processes: + items: + type: string + type: array + type: object + type: array + readiness: + description: Configuration for readiness tracker + properties: + statsEnabled: + type: boolean + type: object + sync: + description: Configuration for syncing k8s objects + properties: + syncOnly: + description: If non-empty, only entries on this list will be replicated into OPA + items: + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + type: array + type: object + validation: + description: Configuration for validation + properties: + traces: + description: List of requests to trace. Both "user" and "kinds" must be specified + items: + properties: + dump: + description: Also dump the state of OPA with the trace. Set to `All` to dump everything. + type: string + kind: + description: Only trace requests of the following GroupVersionKind + properties: + group: + type: string + kind: + type: string + version: + type: string + type: object + user: + description: Only trace requests from the specified user + type: string + type: object + type: array + type: object + type: object + status: + description: ConfigStatus defines the observed state of Config + type: object + type: object + served: true + storage: true diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..4d538f9ee --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml @@ -0,0 +1,66 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + gatekeeper.sh/system: "yes" + name: constraintpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintPodStatus + listKind: ConstraintPodStatusList + plural: constraintpodstatuses + singular: constraintpodstatus + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: ConstraintPodStatus is the Schema for the constraintpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus + properties: + constraintUID: + description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + enforced: + type: boolean + errors: + items: + description: Error represents a single error caught while adding a constraint to OPA + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + served: true + storage: true diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml new file mode 100644 index 000000000..a553521bf --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml @@ -0,0 +1,197 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplates.templates.gatekeeper.sh +spec: + group: templates.gatekeeper.sh + names: + kind: ConstraintTemplate + listKind: ConstraintTemplateList + plural: constrainttemplates + singular: constrainttemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ConstraintTemplate is the Schema for the constrainttemplates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + properties: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate + properties: + byPod: + items: + description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + created: + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: ConstraintTemplate is the Schema for the constrainttemplates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate + properties: + crd: + properties: + spec: + properties: + names: + properties: + kind: + type: string + shortNames: + items: + type: string + type: array + type: object + validation: + properties: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: object + targets: + items: + properties: + libs: + items: + type: string + type: array + rego: + type: string + target: + type: string + type: object + type: array + type: object + status: + description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate + properties: + byPod: + items: + description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: a unique identifier for the pod that wrote the status + type: string + observedGeneration: + format: int64 + type: integer + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + created: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..ca06e5837 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml @@ -0,0 +1,65 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + gatekeeper.sh/system: "yes" + name: constrainttemplatepodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: ConstraintTemplatePodStatus + listKind: ConstraintTemplatePodStatusList + plural: constrainttemplatepodstatuses + singular: constrainttemplatepodstatus + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus + properties: + errors: + items: + description: CreateCRDError represents a single error caught during parsing, compiling, etc. + properties: + code: + type: string + location: + type: string + message: + type: string + required: + - code + - message + type: object + type: array + id: + description: 'Important: Run "make" to regenerate code after modifying this file' + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + templateUID: + description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. + type: string + type: object + type: object + served: true + storage: true diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml new file mode 100644 index 000000000..91add7f39 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml @@ -0,0 +1,61 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + labels: + gatekeeper.sh/system: "yes" + name: mutatorpodstatuses.status.gatekeeper.sh +spec: + group: status.gatekeeper.sh + names: + kind: MutatorPodStatus + listKind: MutatorPodStatusList + plural: mutatorpodstatuses + singular: mutatorpodstatus + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: MutatorPodStatus is the Schema for the mutationpodstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus + properties: + enforced: + type: boolean + errors: + items: + description: MutatorError represents a single error caught while adding a mutator to a system + properties: + message: + type: string + required: + - message + type: object + type: array + id: + type: string + mutatorUID: + description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch + type: string + observedGeneration: + format: int64 + type: integer + operations: + items: + type: string + type: array + type: object + type: object + served: true + storage: true diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/_helpers.tpl b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/_helpers.tpl new file mode 100644 index 000000000..39b26c195 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/_helpers.tpl @@ -0,0 +1,7 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/jobs.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/jobs.yaml new file mode 100644 index 000000000..709005fd9 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/jobs.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: true + runAsUser: 1000 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - apply + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/kubectl + - delete + - -f + - /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/manifest.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/manifest.yaml new file mode 100644 index 000000000..31016b6ef --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/rbac.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/rbac.yaml new file mode 100644 index 000000000..bdda1ddad --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/values.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/values.yaml new file mode 100644 index 000000000..657ccacf8 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-gatekeeper-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/kubectl + tag: v1.20.2 diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/.helmignore b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/CHANGELOG.md b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/CHANGELOG.md new file mode 100644 index 000000000..c68d23c24 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog +All notable changes from the upstream OPA Gatekeeper chart will be added to this file + +## [Package Version 00] - 2020-09-10 +### Added +- Enabled the CRD chart generator in `package.yaml` + +### Modified +- Updated namespace to `cattle-gatekeeper-system` +- Updated for Helm 3 compatibility + - Moved crds to `crds` directory + - Removed `crd-install` hooks and templates from crds + +### Removed +- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/Chart.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/Chart.yaml new file mode 100644 index 000000000..b23715011 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: OPA Gatekeeper + catalog.cattle.io/namespace: cattle-gatekeeper-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1 + catalog.cattle.io/release-name: rancher-gatekeeper + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: gatekeeper +apiVersion: v2 +appVersion: v3.5.1 +description: Modifies Open Policy Agent's upstream gatekeeper chart that provides + policy-based control for cloud native environments +home: https://github.com/open-policy-agent/gatekeeper +icon: https://charts.rancher.io/assets/logos/gatekeeper.svg +keywords: +- open policy agent +- security +name: rancher-gatekeeper +sources: +- https://github.com/open-policy-agent/gatekeeper.git +version: 100.0.0+up3.5.1 diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/README.md b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/README.md new file mode 100644 index 000000000..f641232bc --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/README.md @@ -0,0 +1,113 @@ +# Gatekeeper Helm Chart + +## Get Repo Info + +```console +helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm install with gatekeeper-system namespace already created +$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper + +# Helm install and create namespace +$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace + +``` + +_See [parameters](#parameters) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Upgrade Chart + +**Upgrading from < v3.4.0** +Chart 3.4.0 deprecates support for Helm 2 and also removes the creation of the `gatekeeper-system` Namespace from within the chart. This follows Helm 3 Best Practices. + +Option 1: +A simple way to upgrade is to uninstall first and re-install with 3.4.0 or greater. + +```console +$ helm uninstall gatekeeper +$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace + +``` + +Option 2: +Run the `helm_migrate.sh` script before installing the 3.4.0 or greater chart. This will remove the Helm secret for the original release, while keeping all of the resources. It then updates the annotations of the resources so that the new chart can import and manage them. + +```console +$ helm_migrate.sh +$ helm install -n gatekeeper-system gatekeeper gatekeeper/gatekeeper +``` + +**Upgrading from >= v3.4.0** +```console +$ helm upgrade -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper +``` + +_See [helm 2 to 3](https://helm.sh/docs/topics/v2_v3_migration/) for Helm 2 migration documentation._ + + +## Exempting Namespace + +The Helm chart automatically sets the Gatekeeper flag `--exempt-namespace={{ .Release.Namespace }}` in order to exempt the namespace where the chart is installed, and adds the `admission.gatekeeper.sh/ignore` label to the namespace during a post-install hook. + +_See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/website/docs/exempt-namespaces) for more information._ + +## Parameters + +| Parameter | Description | Default | +| :--------------------------------------------| :--------------------------------------------------------------------------------------| :-------------------------------------------------------------------------| +| postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` | +| postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `line/kubectl-kustomize` | +| postInstall.labelNamespace.image.tag | Image tag | `1.20.4-4.0.5` | +| postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` | +| postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` | +| auditInterval | The frequency with which audit is run | `300` | +| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` | +| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` | +| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` | +| auditMatchKindOnly | Only check resources of the kinds specified in all constraints defined in the cluster. | `false` | +| disableValidatingWebhook | Disable the validating webhook | `false` | +| validatingWebhookTimeoutSeconds | The timeout for the validating webhook in seconds | `3` | +| enableDeleteOperations | Enable validating webhook for delete operations | `false` | +| experimentalEnableMutation | Enable mutation (alpha feature) | `false` | +| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` | +| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` | +| logDenies | Log detailed info on each deny | `false` | +| logLevel | Minimum log level | `INFO` | +| image.pullPolicy | The image pull policy | `IfNotPresent` | +| image.repository | Image repository | `openpolicyagent/gatekeeper` | +| image.release | The image release tag to use | Current release version: `v3.5.1` | +| image.pullSecrets | Specify an array of imagePullSecrets | `[]` | +| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi | +| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` | +| affinity | The node affinity to use for pod scheduling | `{}` | +| tolerations | The tolerations to use for pod scheduling | `[]` | +| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` | +| controllerManager.hostNetwork | Enables controllerManager to be deployed on hostNetwork | `false` | +| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` | +| audit.hostNetwork | Enables audit to be deployed on hostNetwork | `false` | +| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` | +| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` | +| podLabels | The labels to add to the Gatekeeper pods | `{}` | +| podCountLimit | The maximum number of Gatekeeper pods to run | `100` | +| secretAnnotations | The annotations to add to the Gatekeeper secrets | `{}` | +| pdb.controllerManager.minAvailable | The number of controller manager pods that must still be available after an eviction | `1` | +| service.type | Service type | `ClusterIP` | +| service.loadBalancerIP | The IP address of LoadBalancer service | `` | + +## Contributing Changes + +This Helm chart is autogenerated from the Gatekeeper static manifest. The +generator code lives under `cmd/build/helmify`. To make modifications to this +template, please edit `kustomization.yaml`, `kustomize-for-helm.yaml` and +`replacements.go` under that directory and then run `make manifests`. Your +changes will show up in the `manifest_staging` directory and will be promoted +to the root `charts` directory the next time a Gatekeeper release is cut. diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/app-readme.md b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/app-readme.md new file mode 100644 index 000000000..d44cf7b2b --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/app-readme.md @@ -0,0 +1,14 @@ +# Rancher OPA Gatekeeper + +This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/). + +The chart installs the following components: + +- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster. +- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations. +- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources. +- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to). + +For more information on how to configure the Helm chart, refer to the Helm README. diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/_helpers.tpl b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/_helpers.tpl new file mode 100644 index 000000000..2d2402686 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/_helpers.tpl @@ -0,0 +1,49 @@ + +{{/* +Expand the name of the chart. +*/}} +{{- define "gatekeeper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gatekeeper.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gatekeeper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Adds additional pod labels to the common ones +*/}} +{{- define "gatekeeper.podLabels" -}} +{{- if .Values.podLabels }} +{{- toYaml .Values.podLabels | nindent 8 }} +{{- end }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/allowedrepos.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/allowedrepos.yaml new file mode 100644 index 000000000..9abb84ecb --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/allowedrepos.yaml @@ -0,0 +1,35 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8sallowedrepos +spec: + crd: + spec: + names: + kind: K8sAllowedRepos + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + repos: + type: array + items: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8sallowedrepos + + violation[{"msg": msg}] { + container := input.review.object.spec.containers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } + + violation[{"msg": msg}] { + container := input.review.object.spec.initContainers[_] + satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)] + not any(satisfied) + msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos]) + } diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-podsecuritypolicy.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-podsecuritypolicy.yaml new file mode 100644 index 000000000..78f36ecfb --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-podsecuritypolicy.yaml @@ -0,0 +1,35 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin +spec: + allowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - projected + - secret + - downwardAPI diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-serviceaccount.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-serviceaccount.yaml new file mode 100644 index 000000000..4b68998cb --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-audit-deployment.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-audit-deployment.yaml new file mode 100644 index 000000000..1bc5d8d90 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-audit-deployment.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-audit + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: + {{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: +{{- include "gatekeeper.podLabels" . }} + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + gatekeeper.sh/operation: audit + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + {{- toYaml .Values.audit.affinity | nindent 8 }} + automountServiceAccountToken: true + containers: + - args: + - --audit-interval={{ .Values.auditInterval }} + - --log-level={{ .Values.logLevel }} + - --constraint-violations-limit={{ .Values.constraintViolationsLimit }} + - --audit-from-cache={{ .Values.auditFromCache }} + - --audit-chunk-size={{ .Values.auditChunkSize }} + - --audit-match-kind-only={{ .Values.auditMatchKindOnly }} + - --emit-audit-events={{ .Values.emitAuditEvents }} + - --operation=audit + - --operation=status + - --logtostderr + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: + {{- toYaml .Values.audit.resources | nindent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + hostNetwork: {{ .Values.audit.hostNetwork }} + imagePullSecrets: + {{- toYaml .Values.image.pullSecrets | nindent 8 }} + nodeSelector: + {{- toYaml .Values.audit.nodeSelector | nindent 8 }} + priorityClassName: {{ .Values.audit.priorityClassName }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + tolerations: + {{- toYaml .Values.audit.tolerations | nindent 8 }} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-deployment.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-deployment.yaml new file mode 100644 index 000000000..96d4a75e3 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-deployment.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + template: + metadata: + annotations: + {{- toYaml .Values.podAnnotations | trim | nindent 8 }} + labels: +{{- include "gatekeeper.podLabels" . }} + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + spec: + affinity: + {{- toYaml .Values.controllerManager.affinity | nindent 8 }} + automountServiceAccountToken: true + containers: + - args: + - --port=8443 + - --logtostderr + - --log-denies={{ .Values.logDenies }} + - --emit-admission-events={{ .Values.emitAdmissionEvents }} + - --log-level={{ .Values.logLevel }} + - --exempt-namespace={{ .Release.Namespace }} + - --operation=webhook + - --enable-mutation={{ .Values.experimentalEnableMutation}} + + {{- range .Values.disabledBuiltins}} + - --disable-opa-builtin={{ . }} + {{- end }} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + imagePullPolicy: '{{ .Values.image.pullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9090 + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9090 + resources: + {{- toYaml .Values.controllerManager.resources | nindent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + runAsGroup: 999 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + hostNetwork: {{ .Values.controllerManager.hostNetwork }} + imagePullSecrets: + {{- toYaml .Values.image.pullSecrets | nindent 8 }} + nodeSelector: + {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }} + priorityClassName: {{ .Values.controllerManager.priorityClassName }} + serviceAccountName: gatekeeper-admin + terminationGracePeriodSeconds: 60 + tolerations: + {{- toYaml .Values.controllerManager.tolerations | nindent 8 }} + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: gatekeeper-webhook-server-cert diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml new file mode 100644 index 000000000..258a42f34 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml @@ -0,0 +1,22 @@ +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-controller-manager + namespace: '{{ .Release.Namespace }}' +spec: + minAvailable: {{ .Values.pdb.controllerManager.minAvailable }} + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-critical-pods-resourcequota.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-critical-pods-resourcequota.yaml new file mode 100644 index 000000000..201191f26 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-critical-pods-resourcequota.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-critical-pods + namespace: '{{ .Release.Namespace }}' +spec: + hard: + pods: {{ .Values.podCountLimit }} + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - {{ .Values.controllerManager.priorityClassName }} + - {{ .Values.audit.priorityClassName }} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-clusterrole.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-clusterrole.yaml new file mode 100644 index 000000000..027f134ed --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-clusterrole.yaml @@ -0,0 +1,153 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.gatekeeper.sh + resources: + - configs/status + verbs: + - get + - patch + - update +- apiGroups: + - constraints.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mutations.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - policy + resourceNames: + - gatekeeper-admin + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - status.gatekeeper.sh + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - templates.gatekeeper.sh + resources: + - constrainttemplates/status + verbs: + - get + - patch + - update +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-validating-webhook-configuration + resources: + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - gatekeeper-mutating-webhook-configuration + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-role.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-role.yaml new file mode 100644 index 000000000..73e2c5cf7 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-role.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-role + namespace: '{{ .Release.Namespace }}' +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml new file mode 100644 index 000000000..22194d2ad --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml new file mode 100644 index 000000000..4bf6087dc --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-manager-rolebinding + namespace: '{{ .Release.Namespace }}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-manager-role +subjects: +- kind: ServiceAccount + name: gatekeeper-admin + namespace: '{{ .Release.Namespace }}' diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml new file mode 100644 index 000000000..8a860a488 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml @@ -0,0 +1,40 @@ +{{- if .Values.experimentalEnableMutation }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + creationTimestamp: null + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/mutate + failurePolicy: Ignore + matchPolicy: Exact + name: mutation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - '*' + sideEffects: None + timeoutSeconds: 3 +{{- end }} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..eb5f44fd2 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -0,0 +1,66 @@ +{{- if not .Values.disableValidatingWebhook }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admit + failurePolicy: Ignore + matchPolicy: Exact + name: validation.gatekeeper.sh + namespaceSelector: + matchExpressions: + - key: admission.gatekeeper.sh/ignore + operator: DoesNotExist + rules: + - apiGroups: + - '*' + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + {{- if .Values.enableDeleteOperations }} + - DELETE + {{- end}} + resources: + - '*' + sideEffects: None + timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' + path: /v1/admitlabel + failurePolicy: Fail + matchPolicy: Exact + name: check-ignore-label.gatekeeper.sh + rules: + - apiGroups: + - "" + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - namespaces + sideEffects: None + timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }} +{{- end }} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-server-cert-secret.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-server-cert-secret.yaml new file mode 100644 index 000000000..d6e906a99 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-server-cert-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: {{- toYaml .Values.secretAnnotations | trim | nindent 4 }} + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-server-cert + namespace: '{{ .Release.Namespace }}' diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-service-service.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-service-service.yaml new file mode 100644 index 000000000..de7300e92 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-service-service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + name: gatekeeper-webhook-service + namespace: '{{ .Release.Namespace }}' +spec: + {{- if .Values.service }} + type: {{ .Values.service.type | default "ClusterIP" }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- end }} + ports: + - port: 443 + targetPort: 8443 + selector: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + gatekeeper.sh/operation: webhook + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/namespace-post-install.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/namespace-post-install.yaml new file mode 100644 index 000000000..ca54d15a7 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/namespace-post-install.yaml @@ -0,0 +1,98 @@ +{{- if .Values.postInstall.labelNamespace.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: gatekeeper-update-namespace-label + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +spec: + template: + metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + release: '{{ .Release.Name }}' + spec: + restartPolicy: OnFailure + {{- if .Values.postInstall.labelNamespace.image.pullSecrets }} + imagePullSecrets: + {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }} + {{- end }} + serviceAccount: gatekeeper-update-namespace-label + nodeSelector: + kubernetes.io/os: linux + containers: + - name: kubectl-label + image: '{{ template "system_default_registry" . }}{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}' + imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }} + command: + - kubectl + - label + - ns + - {{ .Release.Namespace }} + - admission.gatekeeper.sh/ignore=no-self-managing + - --overwrite +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gatekeeper-update-namespace-label + labels: + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gatekeeper-update-namespace-label + labels: + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - update + - patch + resourceNames: + - {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gatekeeper-update-namespace-label + labels: + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gatekeeper-update-namespace-label +subjects: + - kind: ServiceAccount + name: gatekeeper-update-namespace-label + namespace: {{ .Release.Namespace | quote }} + +{{- end }} diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/requiredlabels.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/requiredlabels.yaml new file mode 100644 index 000000000..e93e6a0a7 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/requiredlabels.yaml @@ -0,0 +1,57 @@ +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: k8srequiredlabels +spec: + crd: + spec: + names: + kind: K8sRequiredLabels + validation: + # Schema for the `parameters` field + openAPIV3Schema: + properties: + message: + type: string + labels: + type: array + items: + type: object + properties: + key: + type: string + allowedRegex: + type: string + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package k8srequiredlabels + + get_message(parameters, _default) = msg { + not parameters.message + msg := _default + } + + get_message(parameters, _default) = msg { + msg := parameters.message + } + + violation[{"msg": msg, "details": {"missing_labels": missing}}] { + provided := {label | input.review.object.metadata.labels[label]} + required := {label | label := input.parameters.labels[_].key} + missing := required - provided + count(missing) > 0 + def_msg := sprintf("you must provide labels: %v", [missing]) + msg := get_message(input.parameters, def_msg) + } + + violation[{"msg": msg}] { + value := input.review.object.metadata.labels[key] + expected := input.parameters.labels[_] + expected.key == key + # do not match if allowedRegex is not defined, or is an empty string + expected.allowedRegex != "" + not re_match(expected.allowedRegex, value) + def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) + msg := get_message(input.parameters, def_msg) + } diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/validate-install-crd.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/validate-install-crd.yaml new file mode 100644 index 000000000..98facd373 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/validate-install-crd.yaml @@ -0,0 +1,20 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "mutations.gatekeeper.sh/v1alpha1/Assign" false -}} +# {{- set $found "mutations.gatekeeper.sh/v1alpha1/AssignMetadata" false -}} +# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}} +# {{- set $found "templates.gatekeeper.sh/v1alpha1/ConstraintTemplate" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}} +# {{- set $found "status.gatekeeper.sh/v1beta1/MutatorPodStatus" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/values.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/values.yaml new file mode 100644 index 000000000..c57008ad0 --- /dev/null +++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/values.yaml @@ -0,0 +1,80 @@ +replicas: 3 +auditInterval: 300 +auditMatchKindOnly: false +constraintViolationsLimit: 20 +auditFromCache: false +disableValidatingWebhook: false +validatingWebhookTimeoutSeconds: 3 +enableDeleteOperations: false +experimentalEnableMutation: false +auditChunkSize: 0 +logLevel: INFO +logDenies: false +emitAdmissionEvents: false +emitAuditEvents: false +postInstall: + labelNamespace: + enabled: true + image: + repository: rancher/kubectl + tag: v1.20.2 + pullPolicy: IfNotPresent + pullSecrets: [] +image: + repository: rancher/mirrored-openpolicyagent-gatekeeper + tag: v3.5.1 + pullPolicy: IfNotPresent + pullSecrets: [] +podAnnotations: + { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default } +podLabels: {} +podCountLimit: 100 +secretAnnotations: {} +controllerManager: + hostNetwork: false + priorityClassName: system-cluster-critical + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: gatekeeper.sh/operation + operator: In + values: + - webhook + topologyKey: kubernetes.io/hostname + weight: 100 + tolerations: [] + nodeSelector: { kubernetes.io/os: linux } + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +audit: + hostNetwork: false + priorityClassName: system-cluster-critical + affinity: {} + tolerations: [] + nodeSelector: { kubernetes.io/os: linux } + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi +pdb: + controllerManager: + minAvailable: 1 +global: + cattle: + systemDefaultRegistry: "" + kubectl: + repository: rancher/kubectl + tag: v1.20.2 +service: {} +disabledBuiltins: diff --git a/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/Chart.yaml b/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/Chart.yaml new file mode 100644 index 000000000..86c169a3d --- /dev/null +++ b/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-gke-operator-crd +apiVersion: v2 +appVersion: 1.1.1 +description: GKE Operator CustomResourceDefinitions +name: rancher-gke-operator-crd +version: 100.0.0+up1.1.1 diff --git a/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/templates/crds.yaml b/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/templates/crds.yaml new file mode 100644 index 000000000..592d30c6a --- /dev/null +++ b/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/templates/crds.yaml @@ -0,0 +1,249 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + name: gkeclusterconfigs.gke.cattle.io +spec: + group: gke.cattle.io + names: + kind: GKEClusterConfig + plural: gkeclusterconfigs + shortNames: + - gkecc + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + clusterAddons: + nullable: true + properties: + horizontalPodAutoscaling: + type: boolean + httpLoadBalancing: + type: boolean + networkPolicyConfig: + type: boolean + type: object + clusterIpv4Cidr: + nullable: true + type: string + clusterName: + nullable: true + type: string + description: + nullable: true + type: string + enableKubernetesAlpha: + nullable: true + type: boolean + googleCredentialSecret: + nullable: true + type: string + imported: + type: boolean + ipAllocationPolicy: + nullable: true + properties: + clusterIpv4CidrBlock: + nullable: true + type: string + clusterSecondaryRangeName: + nullable: true + type: string + createSubnetwork: + type: boolean + nodeIpv4CidrBlock: + nullable: true + type: string + servicesIpv4CidrBlock: + nullable: true + type: string + servicesSecondaryRangeName: + nullable: true + type: string + subnetworkName: + nullable: true + type: string + useIpAliases: + type: boolean + type: object + kubernetesVersion: + nullable: true + type: string + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + locations: + items: + nullable: true + type: string + nullable: true + type: array + loggingService: + nullable: true + type: string + maintenanceWindow: + nullable: true + type: string + masterAuthorizedNetworks: + nullable: true + properties: + cidrBlocks: + items: + properties: + cidrBlock: + nullable: true + type: string + displayName: + nullable: true + type: string + type: object + nullable: true + type: array + enabled: + type: boolean + type: object + monitoringService: + nullable: true + type: string + network: + nullable: true + type: string + networkPolicyEnabled: + nullable: true + type: boolean + nodePools: + items: + properties: + autoscaling: + nullable: true + properties: + enabled: + type: boolean + maxNodeCount: + type: integer + minNodeCount: + type: integer + type: object + config: + nullable: true + properties: + diskSizeGb: + type: integer + diskType: + nullable: true + type: string + imageType: + nullable: true + type: string + labels: + additionalProperties: + nullable: true + type: string + nullable: true + type: object + localSsdCount: + type: integer + machineType: + nullable: true + type: string + oauthScopes: + items: + nullable: true + type: string + nullable: true + type: array + preemptible: + type: boolean + tags: + items: + nullable: true + type: string + nullable: true + type: array + taints: + items: + properties: + effect: + nullable: true + type: string + key: + nullable: true + type: string + value: + nullable: true + type: string + type: object + nullable: true + type: array + type: object + initialNodeCount: + nullable: true + type: integer + management: + nullable: true + properties: + autoRepair: + type: boolean + autoUpgrade: + type: boolean + type: object + maxPodsConstraint: + nullable: true + type: integer + name: + nullable: true + type: string + version: + nullable: true + type: string + type: object + nullable: true + type: array + privateClusterConfig: + nullable: true + properties: + enablePrivateEndpoint: + type: boolean + enablePrivateNodes: + type: boolean + masterIpv4CidrBlock: + nullable: true + type: string + type: object + projectID: + nullable: true + type: string + region: + nullable: true + type: string + subnetwork: + nullable: true + type: string + zone: + nullable: true + type: string + type: object + status: + properties: + failureMessage: + nullable: true + type: string + phase: + nullable: true + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/Chart.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/Chart.yaml new file mode 100644 index 000000000..8ed7a8502 --- /dev/null +++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/auto-install: rancher-gke-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: gkeclusterconfigs.gke.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.6.0-alpha' + catalog.cattle.io/release-name: rancher-gke-operator + catalog.cattle.io/scope: management +apiVersion: v2 +appVersion: 1.1.1 +description: A Helm chart for provisioning GKE clusters +home: https://github.com/rancher/gke-operator +name: rancher-gke-operator +sources: +- https://github.com/rancher/gke-operator +version: 100.0.0+up1.1.1 diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/NOTES.txt b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/NOTES.txt new file mode 100644 index 000000000..238173d1b --- /dev/null +++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/NOTES.txt @@ -0,0 +1,4 @@ +You have deployed the Rancher GKE operator +Version: {{ .Chart.AppVersion }} +Description: This operator provisions GKE clusters +from GKEClusterConfig CRs. diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/_helpers.tpl b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/_helpers.tpl new file mode 100644 index 000000000..be11b4a66 --- /dev/null +++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrole.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrole.yaml new file mode 100644 index 000000000..7c352696e --- /dev/null +++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: gke-operator + namespace: cattle-system +rules: + - apiGroups: [''] + resources: ['secrets'] + verbs: ['get', 'list', 'create', 'watch'] + - apiGroups: ['gke.cattle.io'] + resources: ['gkeclusterconfigs'] + verbs: ['get', 'list', 'update', 'watch'] + - apiGroups: ['gke.cattle.io'] + resources: ['gkeclusterconfigs/status'] + verbs: ['update'] diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..e2af390c7 --- /dev/null +++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gke-operator + namespace: cattle-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gke-operator +subjects: +- kind: ServiceAccount + name: gke-operator + namespace: cattle-system diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/deployment.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/deployment.yaml new file mode 100644 index 000000000..acc3930ee --- /dev/null +++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gke-config-operator + namespace: cattle-system +spec: + replicas: 1 + selector: + matchLabels: + ke.cattle.io/operator: gke + template: + metadata: + labels: + ke.cattle.io/operator: gke + spec: + serviceAccountName: gke-operator + securityContext: + fsGroup: 1007 + runAsUser: 1007 + containers: + - name: rancher-gke-operator + image: {{ template "system_default_registry" . }}{{ .Values.gkeOperator.image.repository }}:{{ .Values.gkeOperator.image.tag }} + imagePullPolicy: IfNotPresent + env: + - name: HTTP_PROXY + value: {{ .Values.httpProxy }} + - name: HTTPS_PROXY + value: {{ .Values.httpsProxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} +{{- if .Values.additionalTrustedCAs }} + # gke-operator mounts the additional CAs in two places: + volumeMounts: + # This directory is owned by the gke-operator user so c_rehash works here. + - mountPath: /etc/rancher/ssl/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + # This directory is root-owned so c_rehash doesn't work here, + # but the cert is here in case update-ca-certificates is called in the future or by the OS. + - mountPath: /etc/pki/trust/anchors/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + volumes: + - name: tls-ca-additional-volume + secret: + defaultMode: 0400 + secretName: tls-ca-additional + {{- end }} diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml new file mode 100644 index 000000000..ba52af628 --- /dev/null +++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: cattle-system + name: gke-operator diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/values.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/values.yaml new file mode 100644 index 000000000..ce6d5af13 --- /dev/null +++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/values.yaml @@ -0,0 +1,12 @@ +global: + systemDefaultRegistry: "" + +gkeOperator: + image: + repository: rancher/gke-operator + tag: v1.1.1 + +httpProxy: "" +httpsProxy: "" +noProxy: "" +additionalTrustedCAs: false diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/.helmignore b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/.helmignore new file mode 100644 index 000000000..8cade1318 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.vscode +.project +.idea/ +*.tmproj +OWNERS diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml new file mode 100644 index 000000000..1b5c93f0f --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-grafana +apiVersion: v2 +appVersion: 7.5.8 +description: The leading tool for querying and visualizing time series and metrics. +home: https://grafana.net +icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +kubeVersion: ^1.8.0-0 +maintainers: +- email: zanhsieh@gmail.com + name: zanhsieh +- email: rluckie@cisco.com + name: rtluckie +- email: maor.friedman@redhat.com + name: maorfr +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: mail@torstenwalter.de + name: torstenwalter +name: rancher-grafana +sources: +- https://github.com/grafana/grafana +type: application +version: 100.0.0+up6.11.0 diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md new file mode 100644 index 000000000..3d1d73e48 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md @@ -0,0 +1,526 @@ +# Grafana Helm Chart + +* Installs the web dashboarding system [Grafana](http://grafana.org/) + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release grafana/grafana +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### To 4.0.0 (And 3.12.1) + +This version requires Helm >= 2.12.0. + +### To 5.0.0 + +You have to add --force to your helm upgrade command as the labels of the chart have changed. + +### To 6.0.0 + +This version requires Helm >= 3.1.0. + +## Configuration + +| Parameter | Description | Default | +|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| +| `replicas` | Number of nodes | `1` | +| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | +| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | +| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | +| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | +| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| +| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | +| `priorityClassName` | Name of Priority Class to assign pods | `nil` | +| `image.repository` | Image repository | `grafana/grafana` | +| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.4.5` | +| `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `{}` | +| `service.enabled` | Enable grafana service | `true` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Kubernetes port where service is exposed | `80` | +| `service.portName` | Name of the port on the service | `service` | +| `service.targetPort` | Internal service is port | `3000` | +| `service.nodePort` | Kubernetes service nodePort | `nil` | +| `service.annotations` | Service annotations | `{}` | +| `service.labels` | Custom labels | `{}` | +| `service.clusterIP` | internal cluster service IP | `nil` | +| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | +| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | +| `service.externalIPs` | service external IP addresses | `[]` | +| `extraExposePorts` | Additional service ports for sidecar containers| `[]` | +| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations (values are templated) | `{}` | +| `ingress.labels` | Custom labels | `{}` | +| `ingress.path` | Ingress accepted path | `/` | +| `ingress.pathType` | Ingress type of path | `Prefix` | +| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | +| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` | +| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | +| `extraLabels` | Custom labels for all manifests | `{}` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | +| `persistence.size` | Size of persistent volume claim | `10Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClassName` | Type of persistent volume claim | `nil` | +| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | +| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | +| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | +| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` | +| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | +| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | +| `initChownData.enabled` | If false, don't reset data ownership at startup | true | +| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | +| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | +| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` | +| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` | +| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `env` | Extra environment variables passed to pods | `{}` | +| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. | `{}` | +| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | +| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | +| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | +| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | +| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | +| `plugins` | Plugins to be loaded along with Grafana | `[]` | +| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | +| `notifiers` | Configure grafana notifiers | `{}` | +| `dashboardProviders` | Configure grafana dashboard providers | `{}` | +| `dashboards` | Dashboards to import | `{}` | +| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | +| `grafana.ini` | Grafana's primary configuration | `{}` | +| `ldap.enabled` | Enable LDAP authentication | `false` | +| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | +| `ldap.config` | Grafana's LDAP configuration | `""` | +| `annotations` | Deployment annotations | `{}` | +| `labels` | Deployment labels | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Pod labels | `{}` | +| `podPortName` | Name of the grafana port on the pod | `grafana` | +| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | +| `sidecar.image.tag` | Sidecar image tag | `1.10.7` | +| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | +| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | +| `sidecar.resources` | Sidecar resources | `{}` | +| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable | `false` | +| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | +| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | +| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | +| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | +| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | +| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | +| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | +| `sidecar.dashboards.provider.type` | Provider type | `file` | +| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` | +| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | +| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | +| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | +| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` | +| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | +| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | +| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | +| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | +| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | +| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | +| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | +| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | +| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | +| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | +| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | +| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` | +| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | +| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | +| `serviceAccount.annotations` | ServiceAccount annotations | | +| `serviceAccount.create` | Create service account | `true` | +| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | +| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | +| `rbac.create` | Create and use RBAC resources | `true` | +| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | +| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | +| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | +| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | +| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | +| `command` | Define command to be executed by grafana container at startup | `nil` | +| `testFramework.enabled` | Whether to create test-related resources | `true` | +| `testFramework.image` | `test-framework` image repository. | `bats/bats` | +| `testFramework.tag` | `test-framework` image tag. | `v1.1.0` | +| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | +| `testFramework.securityContext` | `test-framework` securityContext | `{}` | +| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | +| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | +| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` | +| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` | +| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` | +| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | +| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | +| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | +| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | +| `serviceMonitor.path` | Path to scrape | `/metrics` | +| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` | +| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | +| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | +| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | +| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | +| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | +| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | +| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | +| `imageRenderer.image.tag` | image-renderer Image tag | `latest` | +| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | +| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | +| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | +| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | +| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | +| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | +| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | +| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` | +| `imageRenderer.service.portName` | image-renderer service port name | `'http'` | +| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` | +| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | +| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | +| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | +| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | +| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | +| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | + +### Example ingress with path + +With grafana 6.3 and above +```yaml +grafana.ini: + server: + domain: monitoring.example.com + root_url: "%(protocol)s://%(domain)s/grafana" + serve_from_sub_path: true +ingress: + enabled: true + hosts: + - "monitoring.example.com" + path: "/grafana" +``` + +### Example of extraVolumeMounts + +Volume can be type persistentVolumeClaim or hostPath but not both at same time. +If none existingClaim or hostPath argument is givent then type is emptyDir. + +```yaml +- extraVolumeMounts: + - name: plugins + mountPath: /var/lib/grafana/plugins + subPath: configs/grafana/plugins + existingClaim: existing-grafana-claim + readOnly: false + - name: dashboards + mountPath: /var/lib/grafana/dashboards + hostPath: /usr/shared/grafana/dashboards + readOnly: false +``` + +## Import dashboards + +There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +dashboards: + default: + some-dashboard: + json: | + { + "annotations": + + ... + # Complete json file here + ... + + "title": "Some Dashboard", + "uid": "abcd1234", + "version": 1 + } + custom-dashboard: + # This is a path to a file inside the dashboards directory inside the chart directory + file: dashboards/custom-dashboard.json + prometheus-stats: + # Ref: https://grafana.com/dashboards/2 + gnetId: 2 + revision: 2 + datasource: Prometheus + local-dashboard: + url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json +``` + +## BASE64 dashboards + +Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) +A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. +If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. + +### Gerrit use case + +Gerrit API for download files has the following schema: where {project-name} and +{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard +the url value is + +## Sidecar for dashboards + +If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana +pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with +a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written +to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported +dashboards are deleted/updated. + +A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside +one configmap is currently not properly mirrored in grafana. + +Example dashboard config: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-dashboard + labels: + grafana_dashboard: "1" +data: + k8s-dashboard.json: |- + [...] +``` + +## Sidecar for datasources + +If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the data sources in grafana can be imported. + +Secrets are recommended over configmaps for this usecase because datasources usually contain private +data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): + +```yaml +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + # name of the datasource. Required + - name: Graphite + # datasource type. Required + type: graphite + # access mode. proxy or direct (Server or Browser in the UI). Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://localhost:8080 + # database password, if used + password: + # database user, if used + user: + # database name, if used + database: + # enable/disable basic auth + basicAuth: + # basic auth username + basicAuthUser: + # basic auth password + basicAuthPassword: + # enable/disable with credentials headers + withCredentials: + # mark as default datasource. Max one per org + isDefault: + # fields that will be converted to json and stored in json_data + jsonData: + graphiteVersion: "1.1" + tlsAuth: true + tlsAuthWithCACert: true + # json object of data that will be encrypted. + secureJsonData: + tlsCACert: "..." + tlsClientCert: "..." + tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: false +``` + +## Sidecar for notifiers + +If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the notification channels in grafana can be imported. The secrets must be created before +`helm install` so that the notifiers init container can list the secrets. + +Secrets are recommended over configmaps for this usecase because alert notification channels usually contain +private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): + +```yaml +notifiers: + - name: notification-channel-1 + type: slack + uid: notifier1 + # either + org_id: 2 + # or + org_name: Main Org. + is_default: true + send_reminder: true + frequency: 1h + disable_resolve_message: false + # See `Supported Settings` section for settings supporter for each + # alert notification type. + settings: + recipient: 'XXX' + token: 'xoxb' + uploadImage: true + url: https://slack.com + +delete_notifiers: + - name: notification-channel-1 + uid: notifier1 + org_id: 2 + - name: notification-channel-2 + # default org_id: 1 +``` + +## How to serve Grafana with a path prefix (/grafana) + +In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. + +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/use-regex: "true" + + path: /grafana/?(.*) + hosts: + - k8s.example.dev + +grafana.ini: + server: + root_url: http://localhost:3000/grafana # this host can be localhost +``` + +## How to securely reference secrets in grafana.ini + +This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. + +In grafana.ini: + +```yaml +grafana.ini: + [auth.generic_oauth] + enabled = true + client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} + client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} +``` + +Existing secret, or created along with helm: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: auth-generic-oauth-secret +type: Opaque +stringData: + client_id: + client_secret: +``` + +Include in the `extraSecretMounts` configuration flag: + +```yaml +- extraSecretMounts: + - name: auth-generic-oauth-secret-mount + secretName: auth-generic-oauth-secret + defaultMode: 0440 + mountPath: /etc/secrets/auth_generic_oauth + readOnly: true +``` + +### extraSecretMounts using a Container Storage Interface (CSI) provider + +This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) + +```yaml +- extraSecretMounts: + - name: secrets-store-inline + mountPath: /run/secrets + readOnly: true + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "my-provider" + nodePublishSecretRef: + name: akv-creds +``` + +## Image Renderer Plug-In + +This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/docs/remote_rendering_using_docker.md) + +```yaml +imageRenderer: + enabled: true +``` + +### Image Renderer NetworkPolicy + +By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/dashboards/custom-dashboard.json b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/dashboards/custom-dashboard.json new file mode 100644 index 000000000..9e26dfeeb --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/dashboards/custom-dashboard.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/NOTES.txt b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/NOTES.txt new file mode 100644 index 000000000..1fc8436d9 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/NOTES.txt @@ -0,0 +1,54 @@ +1. Get your '{{ .Values.adminUser }}' user password by running: + + kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo + +2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: + + {{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local +{{ if .Values.ingress.enabled }} + If you bind grafana to 80, please update values in values.yaml and reinstall: + ``` + securityContext: + runAsUser: 0 + runAsGroup: 0 + fsGroup: 0 + + command: + - "setcap" + - "'cap_net_bind_service=+ep'" + - "/usr/sbin/grafana-server &&" + - "sh" + - "/run.sh" + ``` + Details refer to https://grafana.com/docs/installation/configuration/#http-port. + Or grafana would always crash. + + From outside the cluster, the server URL(s) are: +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{ else }} + Get the Grafana URL to visit by running these commands in the same shell: +{{ if contains "NodePort" .Values.service.type -}} + export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{ else if contains "LoadBalancer" .Values.service.type -}} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + http://$SERVICE_IP:{{ .Values.service.port -}} +{{ else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000 +{{- end }} +{{- end }} + +3. Login with the password from step 1 and the username: {{ .Values.adminUser }} + +{{- if not .Values.persistence.enabled }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Grafana pod is terminated. ##### +################################################################################# +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_helpers.tpl b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_helpers.tpl new file mode 100644 index 000000000..03da0ff33 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_helpers.tpl @@ -0,0 +1,158 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "grafana.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "grafana.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{- define "grafana.serviceAccountNameTest" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} +{{- else -}} + {{ default "default" .Values.serviceAccount.nameTest }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "grafana.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.extraLabels }} +{{ toYaml .Values.extraLabels }} +{{- end }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "grafana.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.imageRenderer.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.imageRenderer.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels ImageRenderer +*/}} +{{- define "grafana.imageRenderer.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for rbac. +*/}} +{{- define "rbac.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Looks if there's an existing secret and reuse its password. If not it generates +new password and use it. +*/}} +{{- define "grafana.password" -}} +{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}} + {{- if $secret -}} + {{- index $secret "data" "admin-password" -}} + {{- else -}} + {{- (randAlphaNum 40) | b64enc | quote -}} + {{- end -}} +{{- end -}} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_pod.tpl b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_pod.tpl new file mode 100644 index 000000000..9d19b4a32 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/_pod.tpl @@ -0,0 +1,511 @@ +{{- define "grafana.pod" -}} +{{- if .Values.schedulerName }} +schedulerName: "{{ .Values.schedulerName }}" +{{- end }} +serviceAccountName: {{ template "grafana.serviceAccountName" . }} +{{- if .Values.securityContext }} +securityContext: +{{ toYaml .Values.securityContext | indent 2 }} +{{- end }} +{{- if .Values.hostAliases }} +hostAliases: +{{ toYaml .Values.hostAliases | indent 2 }} +{{- end }} +{{- if .Values.priorityClassName }} +priorityClassName: {{ .Values.priorityClassName }} +{{- end }} +{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.datasources.enabled .Values.sidecar.notifiers.enabled .Values.extraInitContainers) }} +initContainers: +{{- end }} +{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} + - name: init-chown-data + {{- if .Values.initChownData.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"] + resources: +{{ toYaml .Values.initChownData.resources | indent 6 }} + volumeMounts: + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- end }} +{{- if .Values.dashboards }} + - name: download-dashboards + {{- if .Values.downloadDashboardsImage.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ] + resources: +{{ toYaml .Values.downloadDashboards.resources | indent 6 }} + env: +{{- range $key, $value := .Values.downloadDashboards.env }} + - name: "{{ $key }}" + value: "{{ $value }}" +{{- end }} +{{- if .Values.downloadDashboards.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.downloadDashboards.envFromSecret . }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/download_dashboards.sh" + subPath: download_dashboards.sh + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: {{ template "grafana.name" . }}-sc-datasources + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + {{- if .Values.sidecar.datasources.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.sidecar.datasources.envFromSecret . }} + {{- end }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + {{- if .Values.sidecar.datasources.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.datasources.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: {{ quote .Values.sidecar.datasources.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: {{ template "grafana.name" . }}-sc-notifiers + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.notifiers.label }}" + - name: FOLDER + value: "/etc/grafana/provisioning/notifiers" + - name: RESOURCE + value: {{ quote .Values.sidecar.notifiers.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.notifiers.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.notifiers.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} +{{- if .Values.extraInitContainers }} +{{ toYaml .Values.extraInitContainers | indent 2 }} +{{- end }} +{{- if .Values.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end}} +{{- end }} +containers: +{{- if .Values.sidecar.dashboards.enabled }} + - name: {{ template "grafana.name" . }}-sc-dashboard + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.dashboards.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.dashboards.label }}" + {{- if .Values.sidecar.dashboards.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.dashboards.labelValue }} + {{- end }} + - name: FOLDER + value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" + - name: RESOURCE + value: {{ quote .Values.sidecar.dashboards.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.dashboards.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.dashboards.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if .Values.sidecar.dashboards.folderAnnotation }} + - name: FOLDER_ANNOTATION + value: "{{ .Values.sidecar.dashboards.folderAnnotation }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{- end}} + - name: {{ .Chart.Name }} + {{- if .Values.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.command }} + command: + {{- range .Values.command }} + - {{ . }} + {{- end }} + {{- end}} +{{- if .Values.containerSecurityContext }} + securityContext: +{{- toYaml .Values.containerSecurityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/grafana.ini" + subPath: grafana.ini + {{- if .Values.ldap.enabled }} + - name: ldap + mountPath: "/etc/grafana/ldap.toml" + subPath: ldap.toml + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- if .Values.dashboards }} +{{- range $provider, $dashboards := .Values.dashboards }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} + - name: dashboards-{{ $provider }} + mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + subPath: "{{ $key }}.json" +{{- end }} +{{- end }} +{{- end }} +{{- end -}} +{{- if .Values.dashboardsConfigMaps }} +{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }} + - name: dashboards-{{ . }} + mountPath: "/var/lib/grafana/dashboards/{{ . }}" +{{- end }} +{{- end }} +{{- if .Values.datasources }} + - name: config + mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" + subPath: datasources.yaml +{{- end }} +{{- if .Values.notifiers }} + - name: config + mountPath: "/etc/grafana/provisioning/notifiers/notifiers.yaml" + subPath: notifiers.yaml +{{- end }} +{{- if .Values.dashboardProviders }} + - name: config + mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" + subPath: dashboardproviders.yaml +{{- end }} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{ if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" + subPath: provider.yaml +{{- end}} +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + subPath: {{ .subPath | default "" }} + {{- end }} + {{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- end }} + ports: + - name: {{ .Values.service.portName }} + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + - name: {{ .Values.podPortName }} + containerPort: 3000 + protocol: TCP + env: + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if .Values.plugins }} + - name: GF_INSTALL_PLUGINS + valueFrom: + configMapKeyRef: + name: {{ template "grafana.fullname" . }} + key: plugins + {{- end }} + {{- if .Values.smtp.existingSecret }} + - name: GF_SMTP_USER + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.userKey | default "user" }} + - name: GF_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.passwordKey | default "password" }} + {{- end }} + {{ if .Values.imageRenderer.enabled }} + - name: GF_RENDERING_SERVER_URL + value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render + - name: GF_RENDERING_CALLBACK_URL + value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} + {{ end }} + - name: GF_PATHS_DATA + value: {{ (get .Values "grafana.ini").paths.data }} + - name: GF_PATHS_LOGS + value: {{ (get .Values "grafana.ini").paths.logs }} + - name: GF_PATHS_PLUGINS + value: {{ (get .Values "grafana.ini").paths.plugins }} + - name: GF_PATHS_PROVISIONING + value: {{ (get .Values "grafana.ini").paths.provisioning }} + {{- range $key, $value := .Values.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: +{{ toYaml $value | indent 10 }} + {{- end }} +{{- range $key, $value := .Values.env }} + - name: "{{ tpl $key $ }}" + value: "{{ tpl (print $value) $ }}" +{{- end }} + {{- if .Values.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.envFromSecret . }} + {{- end }} + {{- if .Values.envRenderSecret }} + envFrom: + - secretRef: + name: {{ template "grafana.fullname" . }}-env + {{- end }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} + resources: +{{ toYaml .Values.resources | indent 6 }} +{{- with .Values.extraContainers }} +{{ tpl . $ | indent 2 }} +{{- end }} +nodeSelector: {{ include "linux-node-selector" . | nindent 2 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: +{{ toYaml . | indent 2 }} +{{- end }} +tolerations: {{ include "linux-node-tolerations" . | nindent 2 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 2 }} +{{- end }} +volumes: + - name: config + configMap: + name: {{ template "grafana.fullname" . }} +{{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} +{{- end }} + {{- if .Values.dashboards }} + {{- range (keys .Values.dashboards | sortAlpha) }} + - name: dashboards-{{ . }} + configMap: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} + {{- end }} + {{- end }} + {{- if .Values.dashboardsConfigMaps }} + {{ $root := . }} + {{- range $provider, $name := .Values.dashboardsConfigMaps }} + - name: dashboards-{{ $provider }} + configMap: + name: {{ tpl $name $root }} + {{- end }} + {{- end }} + {{- if .Values.ldap.enabled }} + - name: ldap + secret: + {{- if .Values.ldap.existingSecret }} + secretName: {{ .Values.ldap.existingSecret }} + {{- else }} + secretName: {{ template "grafana.fullname" . }} + {{- end }} + items: + - key: ldap-toml + path: ldap.toml + {{- end }} +{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }} + - name: storage + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} +{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }} +# nothing +{{- else }} + - name: storage +{{- if .Values.persistence.inMemory.enabled }} + emptyDir: + medium: Memory +{{- if .Values.persistence.inMemory.sizeLimit }} + sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }} +{{- end -}} +{{- else }} + emptyDir: {} +{{- end -}} +{{- end -}} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + emptyDir: {} +{{- if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + configMap: + name: {{ template "grafana.fullname" . }}-config-dashboards +{{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + emptyDir: {} +{{- end -}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + emptyDir: {} +{{- end -}} +{{- range .Values.extraSecretMounts }} +{{- if .secretName }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + defaultMode: {{ .defaultMode }} +{{- else if .projected }} + - name: {{ .name }} + projected: {{- toYaml .projected | nindent 6 }} +{{- else if .csi }} + - name: {{ .name }} + csi: {{- toYaml .csi | nindent 6 }} +{{- end }} +{{- end }} +{{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + {{- if .existingClaim }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} + {{- else if .hostPath }} + hostPath: + path: {{ .hostPath }} + {{- else }} + emptyDir: {} + {{- end }} +{{- end }} +{{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + emptyDir: {} +{{- end -}} +{{- if .Values.extraContainerVolumes }} +{{ toYaml .Values.extraContainerVolumes | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrole.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrole.yaml new file mode 100644 index 000000000..f09e06563 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrole.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }} +rules: +{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end}} +{{- with .Values.rbac.extraClusterRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end}} +{{- end}} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrolebinding.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..4accbfac0 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "grafana.fullname" . }}-clusterrolebinding + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +roleRef: + kind: ClusterRole +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap-dashboard-provider.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap-dashboard-provider.yaml new file mode 100644 index 000000000..65d73858e --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap-dashboard-provider.yaml @@ -0,0 +1,29 @@ +{{- if .Values.sidecar.dashboards.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-config-dashboards + namespace: {{ template "grafana.namespace" . }} +data: + provider.yaml: |- + apiVersion: 1 + providers: + - name: '{{ .Values.sidecar.dashboards.provider.name }}' + orgId: {{ .Values.sidecar.dashboards.provider.orgid }} + {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + folder: '{{ .Values.sidecar.dashboards.provider.folder }}' + {{- end}} + type: {{ .Values.sidecar.dashboards.provider.type }} + disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} + allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} + updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} + options: + foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} +{{- end}} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap.yaml new file mode 100644 index 000000000..c72219fb8 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/configmap.yaml @@ -0,0 +1,82 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +data: +{{- if .Values.plugins }} + plugins: {{ join "," .Values.plugins }} +{{- end }} + grafana.ini: | +{{- range $key, $value := index .Values "grafana.ini" }} + [{{ $key }}] + {{- range $elem, $elemVal := $value }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else if kindIs "string" $elemVal }} + {{ $elem }} = {{ tpl $elemVal $ }} + {{- else }} + {{ $elem }} = {{ $elemVal }} + {{- end }} + {{- end }} +{{- end }} + +{{- if .Values.datasources }} +{{ $root := . }} + {{- range $key, $value := .Values.datasources }} + {{ $key }}: | +{{ tpl (toYaml $value | indent 4) $root }} + {{- end -}} +{{- end -}} + +{{- if .Values.notifiers }} + {{- range $key, $value := .Values.notifiers }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboards }} + download_dashboards.sh: | + #!/usr/bin/env sh + set -euf + {{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{- range $value.providers }} + mkdir -p {{ .options.path }} + {{- end }} + {{- end }} + {{- end }} + + {{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} + curl -skf \ + --connect-timeout 60 \ + --max-time 60 \ + {{- if not $value.b64content }} + -H "Accept: application/json" \ + {{- if $value.token }} + -H "Authorization: token {{ $value.token }}" \ + {{- end }} + -H "Content-Type: application/json;charset=UTF-8" \ + {{ end }} + {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ + > "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + {{- end -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/dashboards-json-configmap.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/dashboards-json-configmap.yaml new file mode 100644 index 000000000..59e0be641 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/dashboards-json-configmap.yaml @@ -0,0 +1,35 @@ +{{- if .Values.dashboards }} +{{ $files := .Files }} +{{- range $provider, $dashboards := .Values.dashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} + namespace: {{ template "grafana.namespace" $ }} + labels: + {{- include "grafana.labels" $ | nindent 4 }} + dashboard-provider: {{ $provider }} +{{- if $dashboards }} +data: +{{- $dashboardFound := false }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} +{{- $dashboardFound = true }} +{{ print $key | indent 2 }}.json: +{{- if hasKey $value "json" }} + |- +{{ $value.json | indent 6 }} +{{- end }} +{{- if hasKey $value "file" }} +{{ toYaml ( $files.Get $value.file ) | indent 4}} +{{- end }} +{{- end }} +{{- end }} +{{- if not $dashboardFound }} + {} +{{- end }} +{{- end }} +--- +{{- end }} + +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/deployment.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/deployment.yaml new file mode 100644 index 000000000..1c9ae8638 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/deployment.yaml @@ -0,0 +1,50 @@ +{{ if (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- with .Values.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} +{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- if .Values.envRenderSecret }} + checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/headless-service.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/headless-service.yaml new file mode 100644 index 000000000..2fa816e04 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/headless-service.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-headless + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + clusterIP: None + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + type: ClusterIP +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/hpa.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/hpa.yaml new file mode 100644 index 000000000..9c186d74a --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/hpa.yaml @@ -0,0 +1,20 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "grafana.name" . }} + helm.sh/chart: {{ template "grafana.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "grafana.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: +{{ toYaml .Values.autoscaling.metrics | indent 4 }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-deployment.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-deployment.yaml new file mode 100644 index 000000000..d17b9dfed --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-deployment.yaml @@ -0,0 +1,117 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.labels }} +{{ toYaml .Values.imageRenderer.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.imageRenderer.replicas }} + revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} +{{- with .Values.imageRenderer.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }} +{{- with .Values.imageRenderer.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- with .Values.imageRenderer.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + + {{- if .Values.imageRenderer.schedulerName }} + schedulerName: "{{ .Values.imageRenderer.schedulerName }}" + {{- end }} + {{- if .Values.imageRenderer.serviceAccountName }} + serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}" + {{- else }} + serviceAccountName: {{ template "grafana.serviceAccountName" . }} + {{- end }} + {{- if .Values.imageRenderer.securityContext }} + securityContext: + {{ toYaml .Values.imageRenderer.securityContext | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.hostAliases }} + hostAliases: + {{ toYaml .Values.imageRenderer.hostAliases | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.priorityClassName }} + priorityClassName: {{ .Values.imageRenderer.priorityClassName }} + {{- end }} + {{- if .Values.imageRenderer.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.imageRenderer.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: {{ .Chart.Name }}-image-renderer + {{- if .Values.imageRenderer.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} + {{- if .Values.imageRenderer.command }} + command: + {{- range .Values.imageRenderer.command }} + - {{ . }} + {{- end }} + {{- end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + containerPort: {{ .Values.imageRenderer.service.port }} + protocol: TCP + env: + - name: HTTP_PORT + value: {{ .Values.imageRenderer.service.port | quote }} + {{- range $key, $value := .Values.imageRenderer.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + securityContext: + capabilities: + drop: ['all'] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: image-renderer-tmpfs + {{- with .Values.imageRenderer.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.imageRenderer.nodeSelector }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.imageRenderer.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.imageRenderer.tolerations }} +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: image-renderer-tmpfs + emptyDir: {} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-network-policy.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-network-policy.yaml new file mode 100644 index 000000000..f8ca73aab --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-network-policy.yaml @@ -0,0 +1,76 @@ +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-ingress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer ingress traffic from grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Ingress + ingress: + - ports: + - port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + from: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} + +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-egress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer egress traffic to grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Egress + egress: + # allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # talk only to grafana + - ports: + - port: {{ .Values.service.port }} + protocol: TCP + to: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-service.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-service.yaml new file mode 100644 index 000000000..f29586c3a --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/image-renderer-service.yaml @@ -0,0 +1,30 @@ +{{ if .Values.imageRenderer.enabled }} +{{ if .Values.imageRenderer.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.service.labels }} +{{ toYaml .Values.imageRenderer.service.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: ClusterIP + {{- if .Values.imageRenderer.service.clusterIP }} + clusterIP: {{ .Values.imageRenderer.service.clusterIP }} + {{end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + targetPort: {{ .Values.imageRenderer.service.targetPort }} + selector: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} +{{ end }} +{{ end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/ingress.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/ingress.yaml new file mode 100644 index 000000000..44ebfc950 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/ingress.yaml @@ -0,0 +1,80 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "grafana.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $ingressPathType := .Values.ingress.pathType -}} +{{- $extraPaths := .Values.ingress.extraPaths -}} +{{- $newAPI := .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- if $newAPI -}} +apiVersion: networking.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} + {{- if .Values.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end -}} +{{- if .Values.ingress.tls }} + tls: +{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }} +{{- end }} + rules: + {{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ tpl . $}} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: {{ $ingressPath }} + {{- if $newAPI }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end }} + {{- else }} + - http: + paths: + - backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + pathType: {{ $ingressPathType }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if $ingressPath }} + path: {{ $ingressPath }} + {{- end }} + {{- end -}} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/nginx-config.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/nginx-config.yaml new file mode 100644 index 000000000..78da96fff --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/nginx-config.yaml @@ -0,0 +1,78 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-nginx-proxy-config + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + nginx.conf: |- + worker_processes auto; + error_log /dev/stdout warn; + pid /var/cache/nginx/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; + + proxy_connect_timeout 10; + proxy_read_timeout 180; + proxy_send_timeout 5; + proxy_buffering off; + proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; + + server { + listen 8080; + access_log off; + + gzip on; + gzip_min_length 1k; + gzip_comp_level 2; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + proxy_set_header Host $host; + + location /api/dashboards { + proxy_pass http://localhost:3000; + } + + location /api/search { + proxy_pass http://localhost:3000; + + sub_filter_types application/json; + sub_filter_once off; + sub_filter '"url":"/d' '"url":"d'; + } + + location / { + proxy_cache my_zone; + proxy_cache_valid 200 302 1d; + proxy_cache_valid 301 30d; + proxy_cache_valid any 5m; + proxy_cache_bypass $http_cache_control; + add_header X-Proxy-Cache $upstream_cache_status; + add_header Cache-Control "public"; + + proxy_pass http://localhost:3000/; + + sub_filter_types text/html; + sub_filter_once off; + sub_filter '"appSubUrl":""' '"appSubUrl":"."'; + sub_filter '"url":"/' '"url":"./'; + sub_filter ':"/avatar/' ':"avatar/'; + + if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { + expires 90d; + } + + rewrite ^/k8s/clusters/.*/proxy(.*) /$1 break; + + } + } + } diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/poddisruptionbudget.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..61813a436 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/poddisruptionbudget.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/podsecuritypolicy.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..f7c5941ab --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/podsecuritypolicy.yaml @@ -0,0 +1,46 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.rbac.pspAnnotations }} + annotations: {{ toYaml .Values.rbac.pspAnnotations | nindent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + # Default set from Docker, with DAC_OVERRIDE and CHOWN + - ALL + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'csi' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/pvc.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/pvc.yaml new file mode 100644 index 000000000..8a3ee1222 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/pvc.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: +{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }} +{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }} + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: {{ .Values.persistence.storageClassName }} + {{- end -}} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 6 }} + {{- end }} +{{- end -}} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/role.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/role.yaml new file mode 100644 index 000000000..54c3fb0b2 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/role.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }} +rules: +{{- if .Values.rbac.pspEnabled }} +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}] +{{- end }} +{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end }} +{{- with .Values.rbac.extraRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/rolebinding.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/rolebinding.yaml new file mode 100644 index 000000000..34f1ad6f8 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/rolebinding.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }} +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end -}} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret-env.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret-env.yaml new file mode 100644 index 000000000..5c09313e6 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret-env.yaml @@ -0,0 +1,14 @@ +{{- if .Values.envRenderSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }}-env + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: +{{- range $key, $val := .Values.envRenderSecret }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end -}} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret.yaml new file mode 100644 index 000000000..6d06cf584 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/secret.yaml @@ -0,0 +1,26 @@ +{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +type: Opaque +data: + {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} + admin-user: {{ .Values.adminUser | b64enc | quote }} + {{- if .Values.adminPassword }} + admin-password: {{ .Values.adminPassword | b64enc | quote }} + {{- else }} + admin-password: {{ template "grafana.password" . }} + {{- end }} + {{- end }} + {{- if not .Values.ldap.existingSecret }} + ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/service.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/service.yaml new file mode 100644 index 000000000..ba84ef970 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/service.yaml @@ -0,0 +1,51 @@ +{{ if .Values.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + type: ClusterIP + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} + ports: + - name: {{ .Values.service.portName }} + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.service.targetPort }} +{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{.Values.service.nodePort}} +{{ end }} + {{- if .Values.extraExposePorts }} + {{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }} + {{- end }} + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} +{{ end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/serviceaccount.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..7576eeef0 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/servicemonitor.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/servicemonitor.yaml new file mode 100644 index 000000000..23288523f --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "grafana.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} +spec: + endpoints: + - interval: {{ .Values.serviceMonitor.interval }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + port: {{ .Values.service.portName }} + path: {{ .Values.serviceMonitor.path }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- end }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 8 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/statefulset.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/statefulset.yaml new file mode 100644 index 000000000..802768645 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/statefulset.yaml @@ -0,0 +1,54 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} + serviceName: {{ template "grafana.fullname" . }}-headless + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} + {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} + volumeClaimTemplates: + - metadata: + name: storage + spec: +{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }} +{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }} + accessModes: {{ .Values.persistence.accessModes }} + storageClassName: {{ .Values.persistence.storageClassName }} + resources: + requests: + storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size }} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 10 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-configmap.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-configmap.yaml new file mode 100644 index 000000000..ff53aaf1b --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-configmap.yaml @@ -0,0 +1,17 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + run.sh: |- + @test "Test Health" { + url="http://{{ template "grafana.fullname" . }}/api/health" + + code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') + [ "$code" == "200" ] + } +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-podsecuritypolicy.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-podsecuritypolicy.yaml new file mode 100644 index 000000000..1acd65128 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-podsecuritypolicy.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +spec: + allowPrivilegeEscalation: true + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + fsGroup: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - projected + - csi + - secret +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-role.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-role.yaml new file mode 100644 index 000000000..6b10677ae --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-role.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}-test] +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-rolebinding.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-rolebinding.yaml new file mode 100644 index 000000000..58fa5e78b --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "grafana.fullname" . }}-test +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-serviceaccount.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-serviceaccount.yaml new file mode 100644 index 000000000..5c3350733 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test-serviceaccount.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test.yaml new file mode 100644 index 000000000..cdc86e5f2 --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/templates/tests/test.yaml @@ -0,0 +1,48 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "grafana.fullname" . }}-test + labels: + {{- include "grafana.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success + namespace: {{ template "grafana.namespace" . }} +spec: + serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} + {{- if .Values.testFramework.securityContext }} + securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 4 }} + {{- end }} + containers: + - name: {{ .Release.Name }}-test + image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" + imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}" + command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + volumes: + - name: tests + configMap: + name: {{ template "grafana.fullname" . }}-test + restartPolicy: Never +{{- end }} diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/values.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/values.yaml new file mode 100644 index 000000000..52466a9fc --- /dev/null +++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/values.yaml @@ -0,0 +1,757 @@ +global: + cattle: + systemDefaultRegistry: "" + +autoscaling: + enabled: false +rbac: + create: true + ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) + # useExistingRole: name-of-some-(cluster)role + pspEnabled: true + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + namespaced: false + extraRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] + extraClusterRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] +serviceAccount: + create: true + name: + nameTest: +# annotations: +# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + +replicas: 1 + +## Create HorizontalPodAutoscaler object for deployment type +# +autoscaling: + enabled: false +# minReplicas: 1 +# maxReplicas: 10 +# metrics: +# - type: Resource +# resource: +# name: cpu +# targetAverageUtilization: 60 +# - type: Resource +# resource: +# name: memory +# targetAverageUtilization: 60 + +## See `kubectl explain poddisruptionbudget.spec` for more +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} +# minAvailable: 1 +# maxUnavailable: 1 + +## See `kubectl explain deployment.spec.strategy` for more +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +deploymentStrategy: + type: RollingUpdate + +readinessProbe: + httpGet: + path: /api/health + port: 3000 + +livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: "default-scheduler" + +image: + repository: rancher/mirrored-grafana-grafana + tag: 7.5.8 + sha: "" + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +testFramework: + enabled: true + image: "rancher/mirrored-bats-bats" + tag: "v1.1.0" + imagePullPolicy: IfNotPresent + securityContext: + runAsNonRoot: true + runAsUser: 1000 + +securityContext: + runAsNonRoot: true + runAsUser: 472 + runAsGroup: 472 + fsGroup: 472 + +containerSecurityContext: + {} + +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # subPath: certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + + +extraEmptyDirMounts: [] + # - name: provisioning-notifiers + # mountPath: /etc/grafana/provisioning/notifiers + + +# Apply extra labels to common labels. +extraLabels: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: + +downloadDashboardsImage: + repository: rancher/mirrored-curlimages-curl + tag: 7.77.0 + sha: "" + pullPolicy: IfNotPresent + +downloadDashboards: + env: {} + envFromSecret: "" + resources: {} + +## Pod Annotations +# podAnnotations: {} + +## Pod Labels +# podLabels: {} + +podPortName: grafana + +## Deployment annotations +# annotations: {} + +## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + enabled: true + type: ClusterIP + port: 80 + targetPort: 3000 + # targetPort: 4181 To be used with a proxy extraContainer + annotations: {} + labels: {} + portName: service + +serviceMonitor: + ## If true, a ServiceMonitor CRD is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 1m + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + relabelings: [] + +extraExposePorts: [] + # - name: keycloak + # port: 8080 + # targetPort: 8080 + # type: ClusterIP + +# overrides pod.spec.hostAliases in the grafana deployment's pods +hostAliases: [] + # - ip: "1.2.3.4" + # hostnames: + # - "my.host.com" + +ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - chart-example.local + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +extraInitContainers: [] + +## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## Volumes that can be used in init containers that will not be mounted to deployment pods +extraContainerVolumes: [] +# - name: volume-from-secret +# secret: +# secretName: secret-to-mount +# - name: empty-dir-volume +# emptyDir: {} + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + type: pvc + enabled: false + # storageClassName: default + accessModes: + - ReadWriteOnce + size: 10Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + # selectorLabels: {} + # subPath: "" + # existingClaim: + + ## If persistence is not enabled, this allows to mount the + ## local storage in-memory to improve performance + ## + inMemory: + enabled: false + ## The maximum usage on memory medium EmptyDir would be + ## the minimum value between the SizeLimit specified + ## here and the sum of memory limits of all containers in a pod + ## + # sizeLimit: 300Mi + +initChownData: + ## If false, data ownership will not be reset at startup + ## This allows the prometheus-server to be run with an arbitrary user + ## + enabled: true + + ## initChownData container image + ## + image: + repository: rancher/mirrored-library-busybox + tag: "1.31.1" + sha: "" + pullPolicy: IfNotPresent + + ## initChownData resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + +# Administrator credentials when not using an existing secret (see below) +adminUser: admin +# adminPassword: strongpassword + +# Use an existing secret for the admin user. +admin: + existingSecret: "" + userKey: admin-user + passwordKey: admin-password + +## Define command to be executed at startup by grafana container +## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) +## Default is "run.sh" as defined in grafana's Dockerfile +# command: +# - "sh" +# - "/run.sh" + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Extra environment variables that will be pass onto deployment pods +## +## to provide grafana with access to CloudWatch on AWS EKS: +## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) +## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the +## same oidc eks provider as noted before (same as the existing line) +## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name +## +## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", +## +## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess +## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) +## +## env: +## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here +## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token +## AWS_REGION: us-east-1 +## +## 5. uncomment the EKS section in extraSecretMounts: below +## 6. uncomment the annotation section in the serviceAccount: above +## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn + +env: {} + +## "valueFrom" environment variable references that will be added to deployment pods +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core +## Renders in container spec as: +## env: +## ... +## - name: +## valueFrom: +## +envValueFrom: {} + +## The name of a secret in the same kubernetes namespace which contain values to be added to the environment +## This can be useful for auth tokens, etc. Value is templated. +envFromSecret: "" + +## Sensible environment variables that will be rendered as new secret object +## This can be useful for auth tokens, etc +envRenderSecret: {} + +## Additional grafana server secret mounts +# Defines additional mounts with secrets. Secrets must be manually created in the namespace. +extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # secretName: grafana-secret-files + # readOnly: true + # subPath: "" + # + # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) + # - name: aws-iam-token + # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount + # readOnly: true + # projected: + # defaultMode: 420 + # sources: + # - serviceAccountToken: + # audience: sts.amazonaws.com + # expirationSeconds: 86400 + # path: token + # + # for CSI e.g. Azure Key Vault use the following + # - name: secrets-store-inline + # mountPath: /run/secrets + # readOnly: true + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "akv-grafana-spc" + # nodePublishSecretRef: # Only required when using service principal mode + # name: grafana-akv-creds # Only required when using service principal mode + +## Additional grafana server volume mounts +# Defines additional volume mounts. +extraVolumeMounts: [] + # - name: extra-volume-0 + # mountPath: /mnt/volume0 + # readOnly: true + # existingClaim: volume-claim + # - name: extra-volume-1 + # mountPath: /mnt/volume1 + # readOnly: true + # hostPath: /usr/shared/ + +## Pass the plugins you want installed as a list. +## +plugins: [] + # - digrich-bubblechart-panel + # - grafana-clock-panel + +## Configure grafana datasources +## ref: http://docs.grafana.org/administration/provisioning/#datasources +## +datasources: {} +# datasources.yaml: +# apiVersion: 1 +# datasources: +# - name: Prometheus +# type: prometheus +# url: http://prometheus-prometheus-server +# access: proxy +# isDefault: true +# - name: CloudWatch +# type: cloudwatch +# access: proxy +# uid: cloudwatch +# editable: false +# jsonData: +# authType: credentials +# defaultRegion: us-east-1 + +## Configure notifiers +## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels +## +notifiers: {} +# notifiers.yaml: +# notifiers: +# - name: email-notifier +# type: email +# uid: email1 +# # either: +# org_id: 1 +# # or +# org_name: Main Org. +# is_default: true +# settings: +# addresses: an_email_address@example.com +# delete_notifiers: + +## Configure grafana dashboard providers +## ref: http://docs.grafana.org/administration/provisioning/#dashboards +## +## `path` must be /var/lib/grafana/dashboards/ +## +dashboardProviders: {} +# dashboardproviders.yaml: +# apiVersion: 1 +# providers: +# - name: 'default' +# orgId: 1 +# folder: '' +# type: file +# disableDeletion: false +# editable: true +# options: +# path: /var/lib/grafana/dashboards/default + +## Configure grafana dashboard to import +## NOTE: To use dashboards you must also enable/configure dashboardProviders +## ref: https://grafana.com/dashboards +## +## dashboards per provider, use provider name as key. +## +dashboards: {} + # default: + # some-dashboard: + # json: | + # $RAW_JSON + # custom-dashboard: + # file: dashboards/custom-dashboard.json + # prometheus-stats: + # gnetId: 2 + # revision: 2 + # datasource: Prometheus + # local-dashboard: + # url: https://example.com/repository/test.json + # token: '' + # local-dashboard-base64: + # url: https://example.com/repository/test-b64.json + # token: '' + # b64content: true + +## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. +## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. +## ConfigMap data example: +## +## data: +## example-dashboard.json: | +## RAW_JSON +## +dashboardsConfigMaps: {} +# default: "" + +## Grafana's primary configuration +## NOTE: values in map will be converted to ini format +## ref: http://docs.grafana.org/installation/configuration/ +## +grafana.ini: + paths: + data: /var/lib/grafana/ + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net +## grafana Authentication can be enabled with the following values on grafana.ini + # server: + # The full public facing url you use in browser, used for redirects and emails + # root_url: + # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana + # auth.github: + # enabled: false + # allow_sign_up: false + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # api_url: https://api.github.com/user + # team_ids: + # allowed_organizations: + # client_id: + # client_secret: +## LDAP Authentication can be enabled with the following values on grafana.ini +## NOTE: Grafana will fail to start if the value for ldap.toml is invalid + # auth.ldap: + # enabled: true + # allow_sign_up: true + # config_file: /etc/grafana/ldap.toml + +## Grafana's LDAP configuration +## Templated by the template in _helpers.tpl +## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled +## ref: http://docs.grafana.org/installation/configuration/#auth-ldap +## ref: http://docs.grafana.org/installation/ldap/#configuration +ldap: + enabled: false + # `existingSecret` is a reference to an existing secret containing the ldap configuration + # for Grafana in a key `ldap-toml`. + existingSecret: "" + # `config` is the content of `ldap.toml` that will be stored in the created secret + config: "" + # config: |- + # verbose_logging = true + + # [[servers]] + # host = "my-ldap-server" + # port = 636 + # use_ssl = true + # start_tls = false + # ssl_skip_verify = false + # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" + +## Grafana's SMTP configuration +## NOTE: To enable, grafana.ini must be configured with smtp.enabled +## ref: http://docs.grafana.org/installation/configuration/#smtp +smtp: + # `existingSecret` is a reference to an existing secret containing the smtp configuration + # for Grafana. + existingSecret: "" + userKey: "user" + passwordKey: "password" + +## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders +## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards +sidecar: + image: + repository: rancher/mirrored-kiwigrid-k8s-sidecar + tag: 1.12.2 + sha: "" + imagePullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + # skipTlsVerify Set to true to skip tls verification for kube api calls + # skipTlsVerify: true + enableUniqueFilenames: false + dashboards: + enabled: false + SCProvider: true + # label that the configmaps with dashboards are marked with + label: grafana_dashboard + # value of label that the configmaps with dashboards are set to + labelValue: null + # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) + folder: /tmp/dashboards + # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead + defaultFolderName: null + # If specified, the sidecar will search for dashboard config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # search in configmap, secret or both + resource: both + # If specified, the sidecar will look for annotation with this name to create folder and put graph here. + # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. + folderAnnotation: null + # provider configuration that lets grafana manage the dashboards + provider: + # name of the provider, should be unique + name: sidecarProvider + # orgid as configured in grafana + orgid: 1 + # folder in which the dashboards should be imported in grafana + folder: '' + # type of the provider + type: file + # disableDelete to activate a import-only behaviour + disableDelete: false + # allow updating provisioned dashboards from the UI + allowUiUpdates: false + # allow Grafana to replicate dashboard structure from filesystem + foldersFromFilesStructure: false + datasources: + enabled: false + # label that the configmaps with datasources are marked with + label: grafana_datasource + # value of label that the configmaps with datasources are set to + labelValue: null + # If specified, the sidecar will search for datasource config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # search in configmap, secret or both + resource: both + notifiers: + enabled: false + # label that the configmaps with notifiers are marked with + label: grafana_notifier + # If specified, the sidecar will search for notifier config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # search in configmap, secret or both + resource: both + +## Override the deployment namespace +## +namespaceOverride: "" + +## Number of old ReplicaSets to retain +## +revisionHistoryLimit: 10 + +## Add a seperate remote image renderer deployment/service +imageRenderer: + # Enable the image-renderer deployment & service + enabled: false + replicas: 1 + image: + # image-renderer Image repository + repository: rancher/mirrored-grafana-grafana-image-renderer + # image-renderer Image tag + tag: 3.0.1 + # image-renderer Image sha (optional) + sha: "" + # image-renderer ImagePullPolicy + pullPolicy: Always + # extra environment variables + env: + HTTP_HOST: "0.0.0.0" + # RENDERING_ARGS: --disable-gpu,--window-size=1280x758 + # RENDERING_MODE: clustered + # image-renderer deployment serviceAccount + serviceAccountName: "" + # image-renderer deployment securityContext + securityContext: {} + # image-renderer deployment Host Aliases + hostAliases: [] + # image-renderer deployment priority class + priorityClassName: '' + service: + # Enable the image-renderer service + enabled: true + # image-renderer service port name + portName: 'http' + # image-renderer service port used by both service and deployment + port: 8081 + targetPort: 8081 + # In case a sub_path is used this needs to be added to the image renderer callback + grafanaSubPath: "" + # name of the image-renderer port on the pod + podPortName: http + # number of image-renderer replica sets to keep + revisionHistoryLimit: 10 + networkPolicy: + # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods + limitIngress: true + # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods + limitEgress: false + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/Chart.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/Chart.yaml new file mode 100644 index 000000000..234494b66 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=100.0.0+up1.35.0 + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Istio + catalog.cattle.io/namespace: istio-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: networking.istio.io.virtualservice/v1beta1 + catalog.cattle.io/release-name: rancher-istio + catalog.cattle.io/requests-cpu: 710m + catalog.cattle.io/requests-memory: 2314Mi + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: istio +apiVersion: v1 +appVersion: 1.10.4 +description: A basic Istio setup that installs with the istioctl. Refer to https://istio.io/latest/ + for details. +icon: https://charts.rancher.io/assets/logos/istio.svg +keywords: +- networking +- infrastructure +name: rancher-istio +version: 100.0.0+up1.10.4 diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/README.md b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/README.md new file mode 100644 index 000000000..199e45312 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/README.md @@ -0,0 +1,69 @@ +# Rancher Istio Installers + +A Rancher created chart that packages the istioctl binary to install via a helm chart. + +# Installation Requirements + +## Chart Dependencies +- rancher-kiali-server-crd chart + +# Uninstallation Requirements +To ensure rancher-istio uninstalls correctly, you must uninstall rancher-istio prior to uninstalling chart dependencies (see installation requirements for chart dependencies). This is because all definitions need to be available in order to properly build the rancher-istio objects for removal. + +If you remove dependent CRD charts prior to removing rancher-istio, you may encounter the following error:: + +`Error: uninstallation completed with 1 error(s): unable to build kubernetes objects for delete: unable to recognize "": no matches for kind "MonitoringDashboard" in version "monitoring.kiali.io/v1alpha1"` + +# Addons + +## Kiali + +Kiali allows you to view and manage your istio-based service mesh through an easy to use dashboard. + +#### Dependencies +- rancher-monitoring chart or other Prometheus installation + +This dependecy installs the required CRDs for installing Kiali. Since Kiali is bundled in with Istio in this chart, if you do not have these dependencies installed, your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` when installing Istio for a succesful installation. + +> **Note:** The following configuration options assume you have installed the dependecies for Kiali. Please ensure you have Promtheus in your cluster before proceeding. + +The Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +#### External Services + +##### Prometheus +The `kiali.external_services.prometheus` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Grafana +The `kiali.external_services.grafana` url is set in the values.yaml: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +The url depends on the default values for `nameOverride`, `namespaceOverride`, and `grafana.service.port` being set in your rancher-monitoring or other monitoring instance. + +##### Tracing +The `kiali.external_services.tracing` url and `.Values.tracing.contextPath` is set in the rancher-istio values.yaml: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` +The url depends on the default values for `namespaceOverride`, and `.Values.service.externalPort` being set in your rancher-tracing or other tracing instance. + +## Jaeger + +Jaeger allows you to trace and monitor distributed microservices. + +> **Note:** This addon is using the all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io/docs/1.21/getting-started/) documentation to determine which installation you will need for your production needs. + +# Installation +``` +helm install rancher-istio . --create-namespace -n istio-system +``` \ No newline at end of file diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/app-readme.md b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/app-readme.md new file mode 100644 index 000000000..3e42df443 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/app-readme.md @@ -0,0 +1,50 @@ +# Rancher Istio + +Our [Istio](https://istio.io/) installer wraps the istioctl binary commands in a handy helm chart, including an overlay file option to allow complex customization. It also includes: +* **[Kiali](https://kiali.io/)**: Used for graphing traffic flow throughout the mesh +* **[Jaeger](https://www.jaegertracing.io/)**: A quick start, all-in-one installation used for tracing distributed systemm. This is not production qualified, please refer to jaeger documentation to determine which installation you may need instead. + +### Known Issues + +**Airgapped Environments** +If you are using this chart in an airgapped environment, you will not be able to upgrade. This is because the `istioctl` upgrade command reaches out to an external repo and it is not configurable. We are tracking the fix for this issue [here](https://github.com/rancher/rancher/issues/33402) + +### Dependencies + +**Rancher Monitoring or other Prometheus installation** + +The Prometheus CRDs are required for installing Kiali which is enabled by default. If you do not have Prometheus installed your Istio installation will fail. If you do not plan on using Kiali, set `kiali.enabled=false` to bypass this requirement. + +### Customization + +**Rancher Monitoring** + +The Rancher Monitoring app sets `prometheus.prometheusSpec.ignoreNamespaceSelectors=false` which means all namespaces will be scraped by Prometheus by default. This ensures you can view traffic, metrics and graphs for resources deployed in other namespaces. + +To limit scraping to specific namespaces, set `prometheus.prometheusSpec.ignoreNamespaceSelectors=true` and add one of the following configurations to ensure you can continue to view traffic, metrics and graphs for your deployed resources. + +1. Add a Service Monitor or Pod Monitor in the namespace with the targets you want to scrape. +1. Add an additionalScrapeConfig to your rancher-monitoring instance to scrape all targets in all namespaces. + +**Custom Prometheus Installation with Kiali** + +To use a custom Monitoring installation, set the `kiali.external_services.prometheus` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `prometheus.service.port` in your rancher-monitoring or other monitoring instance: +``` +http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc:{{ prometheus.service.port }} +``` +**Custom Grafana Installation with Kiali** + +To use a custom Grafana installation, set the `kiali.external_services.grafana` url in the values.yaml. This url depends on the values for `nameOverride`, `namespaceOverride`, and `granfa.service.port` in your rancher-monitoring or other grafana instance: +``` +http://{{ .Values.nameOverride }}-grafana.{{ .Values.namespaceOverride }}.svc:{{ grafana.service.port }} +``` +**Custom Tracing Installation with Kiali** + +To use a custom Tracing installation, set the `kiali.external_services.tracing` url and update the `.Values.tracing.contextPath` in the rancher-istio values.yaml. + +This url depends on the values for `namespaceOverride`, and `.Values.service.externalPort` in your rancher-tracing or other tracing instance.: +``` +http://tracing.{{ .Values.namespaceOverride }}.svc:{{ .Values.service.externalPort }}/{{ .Values.tracing.contextPath }} +``` + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/). diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/Chart.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/Chart.yaml new file mode 100644 index 000000000..2393605a8 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.35.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: kiali +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 1.35.0 diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/NOTES.txt b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/_helpers.tpl b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/_helpers.tpl new file mode 100644 index 000000000..5480bdbb8 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/_helpers.tpl @@ -0,0 +1,193 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified instance name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +To simulate the way the operator works, use deployment.instance_name rather than the old fullnameOverride. +For backwards compatibility, if fullnameOverride is not kiali but deployment.instance_name is kiali, +use fullnameOverride, otherwise use deployment.instance_name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if (and (eq .Values.deployment.instance_name "kiali") (ne .Values.fullnameOverride "kiali")) }} + {{- .Values.fullnameOverride | trunc 63 }} +{{- else }} + {{- .Values.deployment.instance_name | trunc 63 }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: kiali +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +{{- $releaseName := .Release.Name -}} +{{- $fullName := include "kiali-server.fullname" . -}} +{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}} +app.kubernetes.io/name: kiali +{{- if (and .Release.IsUpgrade $deployment)}} +app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }} +{{- else }} +app.kubernetes.io/instance: {{ $fullName }} +{{- end }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/cabundle.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/configmap.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/configmap.yaml new file mode 100644 index 000000000..f4bfa09a1 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/configmap.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.deployment "instance_name" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..e642a3385 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/go.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/go.yaml new file mode 100644 index 000000000..fdead4c60 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..5ecac7ff8 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..50fce7056 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..84810095c --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..a28c4026c --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..00e2415da --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..585175330 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..7676a7c3c --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..a4f303751 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..3aa7d66e3 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..22ea15533 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..7020ddccb --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..0e94c50ef --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..29467e9f6 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..9409adf63 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..384e7b107 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..8439ce6e4 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..8334d47a8 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..b88b270a8 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/deployment.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/deployment.yaml new file mode 100644 index 000000000..b5737ccc6 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/deployment.yaml @@ -0,0 +1,179 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.affinity.pod) (.Values.deployment.affinity.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/hpa.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/hpa.yaml new file mode 100644 index 000000000..934c4c1e9 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/ingress.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/ingress.yaml new file mode 100644 index 000000000..1268101d6 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/ingress.yaml @@ -0,0 +1,43 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- if not (empty .Values.server.web_fqdn) }} + host: {{ .Values.server.web_fqdn }} + {{- end }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/oauth.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/psp.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/psp.yaml new file mode 100644 index 000000000..f891892cc --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role-controlplane.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role-controlplane.yaml new file mode 100644 index 000000000..a22c76756 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role-viewer.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role-viewer.yaml new file mode 100644 index 000000000..c1a766750 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role-viewer.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - pods/log + - pods/proxy + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - namespaces + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role.yaml new file mode 100644 index 000000000..b764570c8 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/role.yaml @@ -0,0 +1,106 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - pods/log + - pods/proxy + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - namespaces + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch + - patch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - patch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - patch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + - patch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml new file mode 100644 index 000000000..5a0015836 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/rolebinding.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/route.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/service.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/service.yaml new file mode 100644 index 000000000..e7618d68f --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/service.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/serviceaccount.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/validate-install-crd.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/validate-install-crd.yaml new file mode 100644 index 000000000..b42eeb266 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/web-root-configmap.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/web-root-configmap.yaml new file mode 100644 index 000000000..970d4e4f5 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/values.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/values.yaml new file mode 100644 index 000000000..8db88b0d9 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/kiali/values.yaml @@ -0,0 +1,98 @@ +# 'fullnameOverride' is deprecated. Use 'deployment.instance_name' instead. +# This is only supported for backward compatibility and will be removed in a future version. +# If 'fullnameOverride' is not "kiali" and 'deployment.instance_name' is "kiali", +# then 'deployment.instance_name' will take the value of 'fullnameOverride' value. +# Otherwise, 'fullnameOverride' is ignored and 'deployment.instance_name' is used. +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.35.0 + ingress_enabled: true + instance_name: "kiali" + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.35.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/.helmignore b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/Chart.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/Chart.yaml new file mode 100644 index 000000000..6e368616d --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/Chart.yaml @@ -0,0 +1,12 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: istio-system + catalog.rancher.io/release-name: rancher-tracing +apiVersion: v1 +appVersion: 1.20.0 +description: A quick start Jaeger Tracing installation using the all-in-one demo. + This is not production qualified. Refer to https://www.jaegertracing.io/ for details. +name: tracing +version: 1.20.1 diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/README.md b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/README.md new file mode 100644 index 000000000..25534c628 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/README.md @@ -0,0 +1,5 @@ +# Jaeger + +A Rancher chart based on the Jaeger all-in-one quick installation option. This chart will allow you to trace and monitor distributed microservices. + +> **Note:** The basic all-in-one Jaeger installation which is not qualified for production. Use the [Jaeger Tracing](https://www.jaegertracing.io) documentation to determine which installation you will need for your production needs. diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/_affinity.tpl b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/_affinity.tpl new file mode 100644 index 000000000..bf6a9aee5 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/_affinity.tpl @@ -0,0 +1,92 @@ +{{/* affinity - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ */}} +{{- define "nodeAffinity" }} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityRequiredDuringScheduling" . }} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "nodeAffinityPreferredDuringScheduling" . }} +{{- end }} + +{{- define "nodeAffinityRequiredDuringScheduling" }} + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - {{ $key | quote }} + {{- end }} + {{- end }} + {{- $nodeSelector := default .Values.global.defaultNodeSelector .Values.nodeSelector -}} + {{- range $key, $val := $nodeSelector }} + - key: {{ $key }} + operator: In + values: + - {{ $val | quote }} + {{- end }} +{{- end }} + +{{- define "nodeAffinityPreferredDuringScheduling" }} + {{- range $key, $val := .Values.global.arch }} + {{- if gt ($val | int) 0 }} + - weight: {{ $val | int }} + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - {{ $key | quote }} + {{- end }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinity" }} +{{- if or .Values.podAntiAffinityLabelSelector .Values.podAntiAffinityTermLabelSelector}} + podAntiAffinity: + {{- if .Values.podAntiAffinityLabelSelector }} + requiredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityRequiredDuringScheduling" . }} + {{- end }} + {{- if or .Values.podAntiAffinityTermLabelSelector}} + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "podAntiAffinityPreferredDuringScheduling" . }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "podAntiAffinityRequiredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityLabelSelector }} + - labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + {{- end }} +{{- end }} + +{{- define "podAntiAffinityPreferredDuringScheduling" }} + {{- range $index, $item := .Values.podAntiAffinityTermLabelSelector }} + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: {{ $item.key }} + operator: {{ $item.operator }} + {{- if $item.values }} + values: + {{- $vals := split "," $item.values }} + {{- range $i, $v := $vals }} + - {{ $v | quote }} + {{- end }} + {{- end }} + topologyKey: {{ $item.topologyKey }} + weight: 100 + {{- end }} +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/_helpers.tpl b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/_helpers.tpl new file mode 100644 index 000000000..56cfa7335 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "tracing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tracing.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/deployment.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/deployment.yaml new file mode 100644 index 000000000..25bb67fd3 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/deployment.yaml @@ -0,0 +1,86 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Values.provider }} + template: + metadata: + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + annotations: + sidecar.istio.io/inject: "false" + prometheus.io/scrape: "true" + prometheus.io/port: "14269" +{{- if .Values.jaeger.podAnnotations }} +{{ toYaml .Values.jaeger.podAnnotations | indent 8 }} +{{- end }} + spec: + containers: + - name: jaeger + image: "{{ template "system_default_registry" . }}{{ .Values.jaeger.repository }}:{{ .Values.jaeger.tag }}" + imagePullPolicy: {{ .Values.global.imagePullPolicy }} + env: + {{- if eq .Values.jaeger.spanStorageType "badger" }} + - name: BADGER_EPHEMERAL + value: "false" + - name: SPAN_STORAGE_TYPE + value: "badger" + - name: BADGER_DIRECTORY_VALUE + value: "/badger/data" + - name: BADGER_DIRECTORY_KEY + value: "/badger/key" + {{- end }} + - name: COLLECTOR_ZIPKIN_HTTP_PORT + value: "9411" + - name: MEMORY_MAX_TRACES + value: "{{ .Values.jaeger.memory.max_traces }}" + - name: QUERY_BASE_PATH + value: {{ if .Values.contextPath }} {{ .Values.contextPath }} {{ else }} /{{ .Values.provider }} {{ end }} + livenessProbe: + httpGet: + path: / + port: 14269 + readinessProbe: + httpGet: + path: / + port: 14269 +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumeMounts: + - name: data + mountPath: /badger +{{- end }} + resources: +{{- if .Values.jaeger.resources }} +{{ toYaml .Values.jaeger.resources | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | indent 12 }} +{{- end }} + affinity: + {{- include "nodeAffinity" . | indent 6 }} + {{- include "podAntiAffinity" . | indent 6 }} + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: {{ include "tracing.fullname" . }} + {{- end }} +{{- if eq .Values.jaeger.spanStorageType "badger" }} + volumes: + - name: data +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} + persistentVolumeClaim: + claimName: istio-jaeger-pvc +{{- else }} + emptyDir: {} +{{- end }} +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/psp.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/psp.yaml new file mode 100644 index 000000000..44b230492 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/psp.yaml @@ -0,0 +1,86 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "tracing.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "tracing.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "tracing.fullname" . }} + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "tracing.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - emptyDir + - secret + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/pvc.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/pvc.yaml new file mode 100644 index 000000000..9b4c55e4f --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/pvc.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jaeger.persistentVolumeClaim.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: istio-jaeger-pvc + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} +spec: + storageClassName: {{ .Values.jaeger.storageClassName }} + accessModes: + - {{ .Values.jaeger.accessMode }} + resources: + requests: + storage: {{.Values.jaeger.persistentVolumeClaim.storage }} +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/service.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/service.yaml new file mode 100644 index 000000000..4210a9b5f --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/templates/service.yaml @@ -0,0 +1,63 @@ +apiVersion: v1 +kind: Service +metadata: + name: tracing + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $val := .Values.service.annotations }} + {{ $key }}: {{ $val | quote }} + {{- end }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.service.externalPort }} + protocol: TCP + targetPort: 16686 + selector: + app: {{ .Values.provider }} +--- +# Jaeger implements the Zipkin API. To support swapping out the tracing backend, we use a Service named Zipkin. +apiVersion: v1 +kind: Service +metadata: + name: zipkin + namespace: {{ .Release.Namespace }} + labels: + name: zipkin + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + ports: + - name: {{ .Values.service.name }} + port: {{ .Values.zipkin.queryPort }} + targetPort: {{ .Values.zipkin.queryPort }} + selector: + app: {{ .Values.provider }} +--- +apiVersion: v1 +kind: Service +metadata: + name: jaeger-collector + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.provider }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - name: jaeger-collector-http + port: 14268 + targetPort: 14268 + protocol: TCP + - name: jaeger-collector-grpc + port: 14250 + targetPort: 14250 + protocol: TCP + selector: + app: {{ .Values.provider }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/values.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/values.yaml new file mode 100644 index 000000000..18ff81c3c --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/charts/tracing/values.yaml @@ -0,0 +1,44 @@ +provider: jaeger +contextPath: "" +nodeSelector: {} +podAntiAffinityLabelSelector: [] +podAntiAffinityTermLabelSelector: [] +nameOverride: "" +fullnameOverride: "" + +global: + cattle: + systemDefaultRegistry: "" + defaultResources: {} + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + arch: + amd64: 2 + s390x: 2 + ppc64le: 2 + defaultNodeSelector: {} + rbac: + pspEnabled: false + +jaeger: + repository: rancher/mirrored-jaegertracing-all-in-one + tag: 1.20.0 + # spanStorageType value can be "memory" and "badger" for all-in-one image + spanStorageType: badger + resources: + requests: + cpu: 10m + persistentVolumeClaim: + enabled: false + storage: 5Gi + storageClassName: "" + accessMode: ReadWriteMany + memory: + max_traces: 50000 +zipkin: + queryPort: 9411 +service: + annotations: {} + name: http-query + type: ClusterIP + externalPort: 16686 diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/configs/istio-base.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/configs/istio-base.yaml new file mode 100644 index 000000000..c5fa6f5f0 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/configs/istio-base.yaml @@ -0,0 +1,82 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + base: + enabled: {{ .Values.base.enabled }} + cni: + enabled: {{ .Values.cni.enabled }} + egressGateways: + - enabled: {{ .Values.egressGateways.enabled }} + name: istio-egressgateway + ingressGateways: + - enabled: {{ .Values.ingressGateways.enabled }} + name: istio-ingressgateway + k8s: + service: + ports: + - name: status-port + port: 15021 + targetPort: 15021 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31380 + - name: https + port: 443 + targetPort: 8443 + nodePort: 31390 + - name: tcp + port: 31400 + targetPort: 31400 + nodePort: 31400 + - name: tls + port: 15443 + targetPort: 15443 + istiodRemote: + enabled: {{ .Values.istiodRemote.enabled }} + pilot: + enabled: {{ .Values.pilot.enabled }} + hub: {{ .Values.systemDefaultRegistry | default "docker.io" }} + profile: default + tag: {{ .Values.tag }} + revision: {{ .Values.revision }} + meshConfig: + defaultConfig: + proxyMetadata: + {{- if .Values.dns.enabled }} + ISTIO_META_DNS_CAPTURE: "true" + {{- end }} + values: + gateways: + istio-egressgateway: + name: istio-egressgateway + type: {{ .Values.egressGateways.type }} + istio-ingressgateway: + name: istio-ingressgateway + type: {{ .Values.ingressGateways.type }} + global: + istioNamespace: {{ template "istio.namespace" . }} + proxy: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy.repository }}:{{ .Values.global.proxy.tag }} + proxy_init: + image: {{ template "system_default_registry" . }}{{ .Values.global.proxy_init.repository }}:{{ .Values.global.proxy_init.tag }} + {{- if .Values.global.defaultPodDisruptionBudget.enabled }} + defaultPodDisruptionBudget: + enabled: {{ .Values.global.defaultPodDisruptionBudget.enabled }} + {{- end }} + {{- if .Values.pilot.enabled }} + pilot: + image: {{ template "system_default_registry" . }}{{ .Values.pilot.repository }}:{{ .Values.pilot.tag }} + {{- end }} + telemetry: + enabled: {{ .Values.telemetry.enabled }} + v2: + enabled: {{ .Values.telemetry.v2.enabled }} + {{- if .Values.cni.enabled }} + cni: + image: {{ template "system_default_registry" . }}{{ .Values.cni.repository }}:{{ .Values.cni.tag }} + excludeNamespaces: + {{- toYaml .Values.cni.excludeNamespaces | nindent 8 }} + logLevel: {{ .Values.cni.logLevel }} + {{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/requirements.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/requirements.yaml new file mode 100644 index 000000000..943a08326 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/requirements.yaml @@ -0,0 +1,7 @@ +dependencies: +- condition: kiali.enabled + name: kiali + repository: file://./charts/kiali +- condition: tracing.enabled + name: tracing + repository: file://./charts/tracing diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/samples/overlay-example.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/samples/overlay-example.yaml new file mode 100644 index 000000000..5cf3cf3b0 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/samples/overlay-example.yaml @@ -0,0 +1,37 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +spec: + components: + ingressGateways: + - enabled: true + name: ilb-gateway + namespace: user-ingressgateway-ns + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal + - enabled: true + name: other-gateway + namespace: cattle-istio-system + k8s: + resources: + requests: + cpu: 200m + service: + ports: + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns + port: 5353 + serviceAnnotations: + cloud.google.com/load-balancer-type: internal diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/_helpers.tpl b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/_helpers.tpl new file mode 100644 index 000000000..3f7af953a --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/_helpers.tpl @@ -0,0 +1,12 @@ +{{/* Ensure namespace is set the same everywhere */}} +{{- define "istio.namespace" -}} + {{- .Release.Namespace | default "istio-system" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/admin-role.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/admin-role.yaml new file mode 100644 index 000000000..ad1313c4f --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/admin-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: istio-admin + namespace: {{ template "istio.namespace" . }} +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/base-config-map.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/base-config-map.yaml new file mode 100644 index 000000000..5323917bc --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/base-config-map.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-base + namespace: {{ template "istio.namespace" . }} +data: +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/clusterrole.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/clusterrole.yaml new file mode 100644 index 000000000..8eeb78758 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/clusterrole.yaml @@ -0,0 +1,126 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-installer +rules: +# istio groups +- apiGroups: + - authentication.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - config.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - install.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - rbac.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - telemetry.istio.io + resources: + - '*' + verbs: + - '*' +# k8s groups +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions.apiextensions.k8s.io + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - daemonsets + - deployments + - deployments/finalizers + - ingresses + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - pods + - pods/exec + - persistentvolumeclaims + - secrets + - services + - serviceaccounts + verbs: + - '*' +- apiGroups: + - policy + resourceNames: + - istio-installer + resources: + - podsecuritypolicies + verbs: + - use diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/clusterrolebinding.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..9d74a0434 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: istio-installer +subjects: +- kind: ServiceAccount + name: istio-installer + namespace: {{ template "istio.namespace" . }} +roleRef: + kind: ClusterRole + name: istio-installer + apiGroup: rbac.authorization.k8s.io diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/edit-role.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/edit-role.yaml new file mode 100644 index 000000000..d1059d58d --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/edit-role.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-edit +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: + - '*' + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: + - '*' diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-cni-psp.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-cni-psp.yaml new file mode 100644 index 000000000..5b94c8503 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-cni-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostNetwork: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - configMap + - emptyDir + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: psp-istio-cni +subjects: + - kind: ServiceAccount + name: istio-cni +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: psp-istio-cni + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - psp-istio-cni + resources: + - podsecuritypolicies + verbs: + - use +{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-install-job.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-install-job.yaml new file mode 100644 index 000000000..9a13f5698 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-install-job.yaml @@ -0,0 +1,50 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-installer + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: istioctl-installer + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + - name: FORCE_INSTALL + value: {{ .Values.forceInstall | default "false" | quote }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/run.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{- end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{- end }} + serviceAccountName: istio-installer + {{- if .Values.global.rbac.pspEnabled }} + securityContext: + runAsUser: 101 + runAsGroup: 101 + {{- end }} + restartPolicy: Never diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-install-psp.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-install-psp.yaml new file mode 100644 index 000000000..f0b5ee565 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-install-psp.yaml @@ -0,0 +1,30 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' +{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-psp.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-psp.yaml new file mode 100644 index 000000000..b3758b74f --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-psp.yaml @@ -0,0 +1,81 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-psp +subjects: + - kind: ServiceAccount + name: istio-egressgateway-service-account + - kind: ServiceAccount + name: istio-ingressgateway-service-account + - kind: ServiceAccount + name: istio-mixer-service-account + - kind: ServiceAccount + name: istio-operator-authproxy + - kind: ServiceAccount + name: istiod-service-account + - kind: ServiceAccount + name: istio-sidecar-injector-service-account + - kind: ServiceAccount + name: istiocoredns-service-account + - kind: ServiceAccount + name: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +rules: +- apiGroups: + - policy + resourceNames: + - istio-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: istio-psp + namespace: {{ template "istio.namespace" . }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-uninstall-job.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-uninstall-job.yaml new file mode 100644 index 000000000..a7f156325 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/istio-uninstall-job.yaml @@ -0,0 +1,45 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: istioctl-uninstaller + namespace: {{ template "istio.namespace" . }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + spec: + containers: + - name: istioctl-uninstaller + image: {{ template "system_default_registry" . }}{{ .Values.installer.repository }}:{{ .Values.installer.tag }} + env: + - name: RELEASE_NAME + value: {{ .Release.Name }} + - name: ISTIO_NAMESPACE + value: {{ template "istio.namespace" . }} + command: ["/bin/sh","-c"] + args: ["/usr/local/app/scripts/uninstall_istio_system.sh"] + volumeMounts: + - name: config-volume + mountPath: /app/istio-base.yaml + subPath: istio-base.yaml + {{- if .Values.overlayFile }} + - name: overlay-volume + mountPath: /app/overlay-config.yaml + subPath: overlay-config.yaml + {{ end }} + volumes: + - name: config-volume + configMap: + name: istio-installer-base + {{- if .Values.overlayFile }} + - name: overlay-volume + configMap: + name: istio-installer-overlay + {{ end }} + serviceAccountName: istio-installer + securityContext: + runAsUser: 101 + runAsGroup: 101 + restartPolicy: OnFailure diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/overlay-config-map.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/overlay-config-map.yaml new file mode 100644 index 000000000..287d26b2c --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/overlay-config-map.yaml @@ -0,0 +1,9 @@ +{{- if .Values.overlayFile }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-installer-overlay + namespace: {{ template "istio.namespace" . }} +data: + overlay-config.yaml: {{ toYaml .Values.overlayFile | indent 2 }} +{{- end }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/service-monitors.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/service-monitors.yaml new file mode 100644 index 000000000..c3d60c4fc --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/service-monitors.yaml @@ -0,0 +1,51 @@ +{{- if .Values.kiali.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: envoy-stats-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-proxies +spec: + selector: + matchExpressions: + - {key: istio-prometheus-ignore, operator: DoesNotExist} + namespaceSelector: + any: true + jobLabel: envoy-stats + endpoints: + - path: /stats/prometheus + targetPort: 15090 + interval: 15s + relabelings: + - sourceLabels: [__meta_kubernetes_pod_container_port_name] + action: keep + regex: '.*-envoy-prom' + - action: labeldrop + regex: "__meta_kubernetes_pod_label_(.+)" + - sourceLabels: [__meta_kubernetes_namespace] + action: replace + targetLabel: namespace + - sourceLabels: [__meta_kubernetes_pod_name] + action: replace + targetLabel: pod_name +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: istio-component-monitor + namespace: {{ template "istio.namespace" . }} + labels: + monitoring: istio-components +spec: + jobLabel: istio + targetLabels: [app] + selector: + matchExpressions: + - {key: istio, operator: In, values: [pilot]} + namespaceSelector: + any: true + endpoints: + - port: http-monitoring + interval: 15s +{{- end -}} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/serviceaccount.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/serviceaccount.yaml new file mode 100644 index 000000000..82b6cbb7e --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-installer + namespace: {{ template "istio.namespace" . }} diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/view-role.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/view-role.yaml new file mode 100644 index 000000000..5947d3eba --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/templates/view-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + namespace: {{ template "istio.namespace" . }} + name: istio-view +rules: + - apiGroups: + - config.istio.io + resources: + - adapters + - attributemanifests + - handlers + - httpapispecbindings + - httpapispecs + - instances + - quotaspecbindings + - quotaspecs + - rules + - templates + verbs: ["get", "watch", "list"] + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - envoyfilters + - gateways + - serviceentries + - sidecars + - virtualservices + - workloadentries + verbs: ["get", "watch", "list"] + - apiGroups: + - security.istio.io + resources: + - authorizationpolicies + - peerauthentications + - requestauthentications + verbs: ["get", "watch", "list"] diff --git a/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/values.yaml b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/values.yaml new file mode 100644 index 000000000..0db701795 --- /dev/null +++ b/charts/rancher-istio/rancher-istio/100.0.0+up1.10.4/values.yaml @@ -0,0 +1,80 @@ +overlayFile: "" +tag: 1.10.4 +##Setting forceInstall: true will remove the check for istio version < 1.6.x and will not analyze your install cluster prior to install +forceInstall: false + +installer: + repository: rancher/istio-installer + tag: 1.10.4-rancher1 + +##Native support for dns added in 1.8 +dns: + enabled: false + +base: + enabled: true + +cni: + enabled: false + repository: rancher/mirrored-istio-install-cni + tag: 1.10.4 + logLevel: info + excludeNamespaces: + - istio-system + - kube-system + +egressGateways: + enabled: false + type: NodePort + +ingressGateways: + enabled: true + type: NodePort + +istiodRemote: + enabled: false + +pilot: + enabled: true + repository: rancher/mirrored-istio-pilot + tag: 1.10.4 + +telemetry: + enabled: true + v2: + enabled: true + +global: + cattle: + systemDefaultRegistry: "" + proxy: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.10.4 + proxy_init: + repository: rancher/mirrored-istio-proxyv2 + tag: 1.10.4 + defaultPodDisruptionBudget: + enabled: true + rbac: + pspEnabled: false + +# Kiali subchart from rancher-kiali-server +kiali: + enabled: true + auth: + strategy: anonymous + deployment: + ingress_enabled: false + external_services: + prometheus: + custom_metrics_url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + url: "http://rancher-monitoring-prometheus.cattle-monitoring-system.svc:9090" + tracing: + in_cluster_url: "http://tracing.istio-system.svc:16686/jaeger" + grafana: + in_cluster_url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + url: "http://rancher-monitoring-grafana.cattle-monitoring-system.svc:80" + +tracing: + enabled: false + contextPath: "/jaeger" diff --git a/charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/Chart.yaml b/charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/Chart.yaml new file mode 100644 index 000000000..1456a1252 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/Chart.yaml @@ -0,0 +1,7 @@ +annotations: + catalog.cattle.io/hidden: "true" +apiVersion: v2 +description: Installs the CRDs for rancher-kiali-server. +name: rancher-kiali-server-crd +type: application +version: 100.0.0+up1.35.0 diff --git a/charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/README.md b/charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/README.md new file mode 100644 index 000000000..3847c18a1 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/README.md @@ -0,0 +1,2 @@ +# rancher-kiali-server-crd +A Rancher chart that installs the CRDs used by rancher-kiali-server. diff --git a/charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/templates/crds.yaml b/charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/templates/crds.yaml new file mode 100644 index 000000000..ae7c49349 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server-crd/100.0.0+up1.35.0/templates/crds.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: monitoringdashboards.monitoring.kiali.io +spec: + group: monitoring.kiali.io + names: + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + singular: monitoringdashboard + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true +... diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/Chart.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/Chart.yaml new file mode 100644 index 000000000..e09b726ce --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/auto-install: rancher-kiali-server-crd=match + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: monitoringdashboards.monitoring.kiali.io/v1alpha1 + catalog.cattle.io/requires-gvr: monitoring.coreos.com.prometheus/v1 + catalog.rancher.io/namespace: cattle-istio-system + catalog.rancher.io/release-name: rancher-kiali-server +apiVersion: v2 +appVersion: v1.35.0 +description: Kiali is an open source project for service mesh observability, refer + to https://www.kiali.io for details. This is installed as sub-chart with customized + values in Rancher's Istio. +home: https://github.com/kiali/kiali +icon: https://raw.githubusercontent.com/kiali/kiali.io/master/themes/kiali/static/img/kiali_logo_masthead.png +keywords: +- istio +- kiali +- networking +- infrastructure +maintainers: +- email: kiali-users@googlegroups.com + name: Kiali + url: https://kiali.io +name: rancher-kiali-server +sources: +- https://github.com/kiali/kiali +- https://github.com/kiali/kiali-ui +- https://github.com/kiali/kiali-operator +- https://github.com/kiali/helm-charts +version: 100.0.0+up1.35.0 diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/NOTES.txt b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/NOTES.txt new file mode 100644 index 000000000..751019401 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/NOTES.txt @@ -0,0 +1,5 @@ +Welcome to Kiali! For more details on Kiali, see: https://kiali.io + +The Kiali Server [{{ .Chart.AppVersion }}] has been installed in namespace [{{ .Release.Namespace }}]. It will be ready soon. + +(Helm: Chart=[{{ .Chart.Name }}], Release=[{{ .Release.Name }}], Version=[{{ .Chart.Version }}]) diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/_helpers.tpl b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/_helpers.tpl new file mode 100644 index 000000000..5480bdbb8 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/_helpers.tpl @@ -0,0 +1,193 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified instance name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +To simulate the way the operator works, use deployment.instance_name rather than the old fullnameOverride. +For backwards compatibility, if fullnameOverride is not kiali but deployment.instance_name is kiali, +use fullnameOverride, otherwise use deployment.instance_name. +*/}} +{{- define "kiali-server.fullname" -}} +{{- if (and (eq .Values.deployment.instance_name "kiali") (ne .Values.fullnameOverride "kiali")) }} + {{- .Values.fullnameOverride | trunc 63 }} +{{- else }} + {{- .Values.deployment.instance_name | trunc 63 }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kiali-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Identifies the log_level with the old verbose_mode and the new log_level considered. +*/}} +{{- define "kiali-server.logLevel" -}} +{{- if .Values.deployment.verbose_mode -}} +{{- .Values.deployment.verbose_mode -}} +{{- else -}} +{{- .Values.deployment.logger.log_level -}} +{{- end -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kiali-server.labels" -}} +helm.sh/chart: {{ include "kiali-server.chart" . }} +app: kiali +{{ include "kiali-server.selectorLabels" . }} +version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Values.deployment.version_label | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: "kiali" +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kiali-server.selectorLabels" -}} +{{- $releaseName := .Release.Name -}} +{{- $fullName := include "kiali-server.fullname" . -}} +{{- $deployment := (lookup "apps/v1" "Deployment" .Release.Namespace $fullName) -}} +app.kubernetes.io/name: kiali +{{- if (and .Release.IsUpgrade $deployment)}} +app.kubernetes.io/instance: {{ (get (($deployment).metadata.labels) "app.kubernetes.io/instance") | default $fullName }} +{{- else }} +app.kubernetes.io/instance: {{ $fullName }} +{{- end }} +{{- end }} + +{{/* +Used to determine if a custom dashboard (defined in .Template.Name) should be deployed. +*/}} +{{- define "kiali-server.isDashboardEnabled" -}} +{{- if .Values.external_services.custom_dashboards.enabled }} + {{- $includere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.includes }} + {{- if $s }} + {{- if $includere }} + {{- $includere = printf "%s|^%s$" $includere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $includere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- $excludere := "" }} + {{- range $_, $s := .Values.deployment.custom_dashboards.excludes }} + {{- if $s }} + {{- if $excludere }} + {{- $excludere = printf "%s|^%s$" $excludere ($s | replace "*" ".*" | replace "?" ".") }} + {{- else }} + {{- $excludere = printf "^%s$" ($s | replace "*" ".*" | replace "?" ".") }} + {{- end }} + {{- end }} + {{- end }} + {{- if (and (mustRegexMatch (default "no-matches" $includere) (base .Template.Name)) (not (mustRegexMatch (default "no-matches" $excludere) (base .Template.Name)))) }} + {{- print "enabled" }} + {{- else }} + {{- print "" }} + {{- end }} +{{- else }} + {{- print "" }} +{{- end }} +{{- end }} + +{{/* +Determine the default login token signing key. +*/}} +{{- define "kiali-server.login_token.signing_key" -}} +{{- if .Values.login_token.signing_key }} + {{- .Values.login_token.signing_key }} +{{- else }} + {{- randAlphaNum 16 }} +{{- end }} +{{- end }} + +{{/* +Determine the default web root. +*/}} +{{- define "kiali-server.server.web_root" -}} +{{- if .Values.server.web_root }} + {{- .Values.server.web_root | trimSuffix "/" }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/" }} + {{- else }} + {{- "/kiali" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity cert file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.cert_file" -}} +{{- if hasKey .Values.identity "cert_file" }} + {{- .Values.identity.cert_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.crt" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the default identity private key file. There is no default if on k8s; only on OpenShift. +*/}} +{{- define "kiali-server.identity.private_key_file" -}} +{{- if hasKey .Values.identity "private_key_file" }} + {{- .Values.identity.private_key_file }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- "/kiali-cert/tls.key" }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Determine the istio namespace - default is where Kiali is installed. +*/}} +{{- define "kiali-server.istio_namespace" -}} +{{- if .Values.istio_namespace }} + {{- .Values.istio_namespace }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Determine the auth strategy to use - default is "token" on Kubernetes and "openshift" on OpenShift. +*/}} +{{- define "kiali-server.auth.strategy" -}} +{{- if .Values.auth.strategy }} + {{- if (and (eq .Values.auth.strategy "openshift") (not .Values.kiali_route_url)) }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or use a different auth strategy via the --set auth.strategy=... option." }} + {{- end }} + {{- .Values.auth.strategy }} +{{- else }} + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + {{- if not .Values.kiali_route_url }} + {{- fail "You did not define what the Kiali Route URL will be (--set kiali_route_url=...). Without this set, the openshift auth strategy will not work. Either set that or explicitly indicate another auth strategy you want via the --set auth.strategy=... option." }} + {{- end }} + {{- "openshift" }} + {{- else }} + {{- "token" }} + {{- end }} +{{- end }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/cabundle.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/cabundle.yaml new file mode 100644 index 000000000..7462b95a7 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/cabundle.yaml @@ -0,0 +1,13 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }}-cabundle + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + service.beta.openshift.io/inject-cabundle: "true" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/configmap.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/configmap.yaml new file mode 100644 index 000000000..f4bfa09a1 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/configmap.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + config.yaml: | + {{- /* Most of .Values is simply the ConfigMap - strip out the keys that are not part of the ConfigMap */}} + {{- $cm := omit .Values "nameOverride" "fullnameOverride" "kiali_route_url" }} + {{- /* The helm chart defines namespace for us, but pass it to the ConfigMap in case the server needs it */}} + {{- $_ := set $cm.deployment "namespace" .Release.Namespace }} + {{- /* Some values of the ConfigMap are generated, but might not be identical, from .Values */}} + {{- $_ := set $cm "istio_namespace" (include "kiali-server.istio_namespace" .) }} + {{- $_ := set $cm.auth "strategy" (include "kiali-server.auth.strategy" .) }} + {{- $_ := set $cm.auth.openshift "client_id_prefix" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.deployment "instance_name" (include "kiali-server.fullname" .) }} + {{- $_ := set $cm.identity "cert_file" (include "kiali-server.identity.cert_file" .) }} + {{- $_ := set $cm.identity "private_key_file" (include "kiali-server.identity.private_key_file" .) }} + {{- $_ := set $cm.login_token "signing_key" (include "kiali-server.login_token.signing_key" .) }} + {{- $_ := set $cm.server "web_root" (include "kiali-server.server.web_root" .) }} + {{- toYaml $cm | nindent 4 }} +... diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/envoy.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/envoy.yaml new file mode 100644 index 000000000..e642a3385 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/envoy.yaml @@ -0,0 +1,56 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: envoy + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Envoy Metrics + discoverOn: "envoy_server_uptime" + items: + - chart: + name: "Pods uptime" + spans: 4 + metricName: "envoy_server_uptime" + dataType: "raw" + - chart: + name: "Allocated memory" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_allocated" + dataType: "raw" + min: 0 + - chart: + name: "Heap size" + unit: "bytes" + spans: 4 + metricName: "envoy_server_memory_heap_size" + dataType: "raw" + min: 0 + - chart: + name: "Upstream active connections" + spans: 6 + metricName: "envoy_cluster_upstream_cx_active" + dataType: "raw" + - chart: + name: "Upstream total requests" + spans: 6 + metricName: "envoy_cluster_upstream_rq_total" + unit: "rps" + dataType: "rate" + - chart: + name: "Downstream active connections" + spans: 6 + metricName: "envoy_listener_downstream_cx_active" + dataType: "raw" + - chart: + name: "Downstream HTTP requests" + spans: 6 + metricName: "envoy_listener_http_downstream_rq" + unit: "rps" + dataType: "rate" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/go.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/go.yaml new file mode 100644 index 000000000..fdead4c60 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/go.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: go + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Go Metrics + runtime: Go + discoverOn: "go_info" + items: + - chart: + name: "CPU ratio" + spans: 6 + metricName: "process_cpu_seconds_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "RSS Memory" + unit: "bytes" + spans: 6 + metricName: "process_resident_memory_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Goroutines" + spans: 6 + metricName: "go_goroutines" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Heap allocation rate" + unit: "bytes/s" + spans: 6 + metricName: "go_memstats_alloc_bytes_total" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "GC rate" + spans: 6 + metricName: "go_gc_duration_seconds_count" + dataType: "rate" + aggregations: + - label: "pod_name" + displayName: "Pod" + - chart: + name: "Next GC" + unit: "bytes" + spans: 6 + metricName: "go_memstats_next_gc_bytes" + dataType: "raw" + aggregations: + - label: "pod_name" + displayName: "Pod" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/kiali.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/kiali.yaml new file mode 100644 index 000000000..5ecac7ff8 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/kiali.yaml @@ -0,0 +1,44 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: kiali + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Kiali Internal Metrics + items: + - chart: + name: "API processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_api_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "route" + displayName: "Route" + - chart: + name: "Functions processing duration" + unit: "seconds" + spans: 6 + metricName: "kiali_go_function_processing_duration_seconds" + dataType: "histogram" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" + - chart: + name: "Failures" + spans: 12 + metricName: "kiali_go_function_failures_total" + dataType: "raw" + aggregations: + - label: "function" + displayName: "Function" + - label: "package" + displayName: "Package" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml new file mode 100644 index 000000000..50fce7056 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.0.6-jvm-pool.yaml @@ -0,0 +1,43 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Pool Metrics + discoverOn: "jvm_buffer_total_capacity_bytes" + items: + - chart: + name: "Pool buffer memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer capacity" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_total_capacity_bytes" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" + - chart: + name: "Pool buffer count" + unit: "bytes" + spans: 4 + metricName: "jvm_buffer_count" + dataType: "raw" + aggregations: + - label: "id" + displayName: "Pool" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.0.6-jvm.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.0.6-jvm.yaml new file mode 100644 index 000000000..84810095c --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.0.6-jvm.yaml @@ -0,0 +1,65 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: micrometer-1.0.6-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live" + items: + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon" + dataType: "raw" + - chart: + name: "Loaded classes" + spans: 4 + metricName: "jvm_classes_loaded" + dataType: "raw" + + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.1-jvm.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.1-jvm.yaml new file mode 100644 index 000000000..a28c4026c --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/micrometer-1.1-jvm.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: micrometer-1.1-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: JVM + title: JVM Metrics + discoverOn: "jvm_threads_live_threads" + items: + - chart: + name: "Memory used" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_used_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory commited" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_committed_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + - chart: + name: "Memory max" + unit: "bytes" + spans: 4 + metricName: "jvm_memory_max_bytes" + dataType: "raw" + aggregations: + - label: "area" + displayName: "Area" + - label: "id" + displayName: "Space" + + - chart: + name: "Total live threads" + spans: 4 + metricName: "jvm_threads_live_threads" + dataType: "raw" + - chart: + name: "Daemon threads" + spans: 4 + metricName: "jvm_threads_daemon_threads" + dataType: "raw" + - chart: + name: "Threads states" + spans: 4 + metricName: "jvm_threads_states_threads" + dataType: "raw" + aggregations: + - label: "state" + displayName: "State" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/microprofile-1.1.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/microprofile-1.1.yaml new file mode 100644 index 000000000..00e2415da --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/microprofile-1.1.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: microprofile-1.1 + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:thread_count" + items: + - chart: + name: "Current loaded classes" + spans: 6 + metricName: "base:classloader_current_loaded_class_count" + dataType: "raw" + - chart: + name: "Unloaded classes" + spans: 6 + metricName: "base:classloader_total_unloaded_class_count" + dataType: "raw" + - chart: + name: "Thread count" + spans: 4 + metricName: "base:thread_count" + dataType: "raw" + - chart: + name: "Thread max count" + spans: 4 + metricName: "base:thread_max_count" + dataType: "raw" + - chart: + name: "Thread daemon count" + spans: 4 + metricName: "base:thread_daemon_count" + dataType: "raw" + - chart: + name: "Committed heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_committed_heap_bytes" + dataType: "raw" + - chart: + name: "Max heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_max_heap_bytes" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "base:memory_used_heap_bytes" + dataType: "raw" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/microprofile-x.y.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/microprofile-x.y.yaml new file mode 100644 index 000000000..585175330 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/microprofile-x.y.yaml @@ -0,0 +1,38 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: microprofile-x.y + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: MicroProfile Metrics + runtime: MicroProfile + discoverOn: "base:gc_complete_scavenger_count" + items: + - chart: + name: "Young GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_young_generation_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Young GC count" + spans: 3 + metricName: "base:gc_young_generation_scavenger_count" + dataType: "raw" + - chart: + name: "Total GC time" + unit: "seconds" + spans: 3 + metricName: "base:gc_complete_scavenger_time_seconds" + dataType: "raw" + - chart: + name: "Total GC count" + spans: 3 + metricName: "base:gc_complete_scavenger_count" + dataType: "raw" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/nodejs.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/nodejs.yaml new file mode 100644 index 000000000..7676a7c3c --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/nodejs.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: nodejs + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Node.js + title: Node.js Metrics + discoverOn: "nodejs_active_handles_total" + items: + - chart: + name: "Active handles" + spans: 4 + metricName: "nodejs_active_handles_total" + dataType: "raw" + - chart: + name: "Active requests" + spans: 4 + metricName: "nodejs_active_requests_total" + dataType: "raw" + - chart: + name: "Event loop lag" + unit: "seconds" + spans: 4 + metricName: "nodejs_eventloop_lag_seconds" + dataType: "raw" + - chart: + name: "Total heap size" + unit: "bytes" + spans: 12 + metricName: "nodejs_heap_space_size_total_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Used heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_used_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" + - chart: + name: "Available heap size" + unit: "bytes" + spans: 6 + metricName: "nodejs_heap_space_size_available_bytes" + dataType: "raw" + aggregations: + - label: "space" + displayName: "Space" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/quarkus.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/quarkus.yaml new file mode 100644 index 000000000..a4f303751 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/quarkus.yaml @@ -0,0 +1,33 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: quarkus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + title: Quarkus Metrics + runtime: Quarkus + items: + - chart: + name: "Thread count" + spans: 4 + metricName: "vendor:thread_count" + dataType: "raw" + - chart: + name: "Used heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_heap_usage_bytes" + dataType: "raw" + - chart: + name: "Used non-heap" + unit: "bytes" + spans: 4 + metricName: "vendor:memory_non_heap_usage_bytes" + dataType: "raw" + - include: "microprofile-x.y" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-jvm-pool.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-jvm-pool.yaml new file mode 100644 index 000000000..3aa7d66e3 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-jvm-pool.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: springboot-jvm-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Pool Metrics + items: + - include: "micrometer-1.0.6-jvm-pool" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-jvm.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-jvm.yaml new file mode 100644 index 000000000..22ea15533 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: springboot-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: JVM Metrics + items: + - include: "micrometer-1.0.6-jvm" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-tomcat.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-tomcat.yaml new file mode 100644 index 000000000..7020ddccb --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/springboot-tomcat.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: springboot-tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Spring Boot + title: Tomcat Metrics + items: + - include: "tomcat" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/thorntail.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/thorntail.yaml new file mode 100644 index 000000000..0e94c50ef --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/thorntail.yaml @@ -0,0 +1,22 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: thorntail + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Thorntail + title: Thorntail Metrics + discoverOn: "vendor:loaded_modules" + items: + - include: "microprofile-1.1" + - chart: + name: "Loaded modules" + spans: 6 + metricName: "vendor:loaded_modules" + dataType: "raw" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/tomcat.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/tomcat.yaml new file mode 100644 index 000000000..29467e9f6 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/tomcat.yaml @@ -0,0 +1,67 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: tomcat + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Tomcat + title: Tomcat Metrics + discoverOn: "tomcat_sessions_created_total" + items: + - chart: + name: "Sessions created" + spans: 4 + metricName: "tomcat_sessions_created_total" + dataType: "raw" + - chart: + name: "Active sessions" + spans: 4 + metricName: "tomcat_sessions_active_current" + dataType: "raw" + - chart: + name: "Sessions rejected" + spans: 4 + metricName: "tomcat_sessions_rejected_total" + dataType: "raw" + + - chart: + name: "Bytes sent" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_sent_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Bytes received" + unit: "bitrate" + spans: 6 + metricName: "tomcat_global_received_bytes_total" + dataType: "rate" + aggregations: + - label: "name" + displayName: "Name" + + - chart: + name: "Global errors" + spans: 6 + metricName: "tomcat_global_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" + - chart: + name: "Servlet errors" + spans: 6 + metricName: "tomcat_servlet_error_total" + dataType: "raw" + aggregations: + - label: "name" + displayName: "Name" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-client.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-client.yaml new file mode 100644 index 000000000..9409adf63 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-client.yaml @@ -0,0 +1,60 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: vertx-client + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Client Metrics + discoverOn: "vertx_http_client_connections" + items: + - chart: + name: "Client response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_client_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_client_requestCount_total" + dataType: "rate" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Client active connections" + spans: 6 + metricName: "vertx_http_client_connections" + dataType: "raw" + - chart: + name: "Client active websockets" + spans: 6 + metricName: "vertx_http_client_wsConnections" + dataType: "raw" + - chart: + name: "Client bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesSent" + dataType: "histogram" + - chart: + name: "Client bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_client_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-eventbus.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-eventbus.yaml new file mode 100644 index 000000000..384e7b107 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-eventbus.yaml @@ -0,0 +1,59 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: vertx-eventbus + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Eventbus Metrics + discoverOn: "vertx_eventbus_handlers" + items: + - chart: + name: "Event bus handlers" + spans: 6 + metricName: "vertx_eventbus_handlers" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus pending messages" + spans: 6 + metricName: "vertx_eventbus_pending" + dataType: "raw" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus processing time" + unit: "seconds" + spans: 6 + metricName: "vertx_eventbus_processingTime_seconds" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes read" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesRead" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" + - chart: + name: "Event bus bytes written" + unit: "bytes" + spans: 6 + metricName: "vertx_eventbus_bytesWritten" + dataType: "histogram" + aggregations: + - label: "address" + displayName: "Eventbus address" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-jvm.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-jvm.yaml new file mode 100644 index 000000000..8439ce6e4 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-jvm.yaml @@ -0,0 +1,16 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: vertx-jvm + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: JVM Metrics + items: + - include: "micrometer-1.1-jvm" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-pool.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-pool.yaml new file mode 100644 index 000000000..8334d47a8 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-pool.yaml @@ -0,0 +1,68 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: vertx-pool + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Pools Metrics + discoverOn: "vertx_pool_ratio" + items: + - chart: + name: "Usage duration" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_usage_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Usage ratio" + spans: 6 + metricName: "vertx_pool_ratio" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Queue size" + spans: 6 + metricName: "vertx_pool_queue_size" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Time in queue" + unit: "seconds" + spans: 6 + metricName: "vertx_pool_queue_delay_seconds" + dataType: "histogram" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" + - chart: + name: "Resources used" + spans: 6 + metricName: "vertx_pool_inUse" + dataType: "raw" + aggregations: + - label: "pool_name" + displayName: "Name" + - label: "pool_type" + displayName: "Type" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-server.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-server.yaml new file mode 100644 index 000000000..b88b270a8 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/dashboards/vertx-server.yaml @@ -0,0 +1,62 @@ +{{- if (include "kiali-server.isDashboardEnabled" .) }} +--- +apiVersion: monitoring.kiali.io/v1alpha1 +kind: MonitoringDashboard +metadata: + name: vertx-server + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + runtime: Vert.x + title: Vert.x Server Metrics + discoverOn: "vertx_http_server_connections" + items: + - chart: + name: "Server response time" + unit: "seconds" + spans: 6 + metricName: "vertx_http_server_responseTime_seconds" + dataType: "histogram" + aggregations: + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server request count rate" + unit: "ops" + spans: 6 + metricName: "vertx_http_server_requestCount_total" + dataType: "rate" + aggregations: + - label: "code" + displayName: "Error code" + - label: "path" + displayName: "Path" + - label: "method" + displayName: "Method" + - chart: + name: "Server active connections" + spans: 6 + metricName: "vertx_http_server_connections" + dataType: "raw" + - chart: + name: "Server active websockets" + spans: 6 + metricName: "vertx_http_server_wsConnections" + dataType: "raw" + - chart: + name: "Server bytes sent" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesSent" + dataType: "histogram" + - chart: + name: "Server bytes received" + unit: "bytes" + spans: 6 + metricName: "vertx_http_server_bytesReceived" + dataType: "histogram" +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/deployment.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/deployment.yaml new file mode 100644 index 000000000..b5737ccc6 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/deployment.yaml @@ -0,0 +1,179 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + {{- include "kiali-server.selectorLabels" . | nindent 6 }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 8 }} + {{- if .Values.deployment.pod_labels }} + {{- toYaml .Values.deployment.pod_labels | nindent 8 }} + {{- end }} + annotations: + {{- if .Values.server.metrics_enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.server.metrics_port | quote }} + {{- else }} + prometheus.io/scrape: "false" + prometheus.io/port: "" + {{- end }} + kiali.io/runtimes: go,kiali + {{- if .Values.deployment.pod_annotations }} + {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "kiali-server.fullname" . }} + {{- if .Values.deployment.priority_class_name }} + priorityClassName: {{ .Values.deployment.priority_class_name | quote }} + {{- end }} + {{- if .Values.deployment.image_pull_secrets }} + imagePullSecrets: + {{- range .Values.deployment.image_pull_secrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.deployment.repository }}:{{ .Values.deployment.tag }}" + imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} + name: {{ include "kiali-server.fullname" . }} + command: + - "/opt/kiali/kiali" + - "-config" + - "/kiali-configuration/config.yaml" + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + ports: + - name: api-port + containerPort: {{ .Values.server.port | default 20001 }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + containerPort: {{ .Values.server.metrics_port | default 9090 }} + {{- end }} + readinessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + httpGet: + path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz + port: api-port + {{- if (include "kiali-server.identity.cert_file" .) }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 30 + env: + - name: ACTIVE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: "{{ include "kiali-server.logLevel" . }}" + - name: LOG_FORMAT + value: "{{ .Values.deployment.logger.log_format }}" + - name: LOG_TIME_FIELD_FORMAT + value: "{{ .Values.deployment.logger.time_field_format }}" + - name: LOG_SAMPLER_RATE + value: "{{ .Values.deployment.logger.sampler_rate }}" + volumeMounts: + {{- if .Values.web_root_override }} + - name: kiali-console + subPath: env.js + mountPath: /opt/kiali/console/env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + mountPath: "/kiali-configuration" + - name: {{ include "kiali-server.fullname" . }}-cert + mountPath: "/kiali-cert" + - name: {{ include "kiali-server.fullname" . }}-secret + mountPath: "/kiali-secret" + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + mountPath: "/kiali-cabundle" + {{- end }} + {{- if .Values.deployment.resources }} + resources: + {{- toYaml .Values.deployment.resources | nindent 10 }} + {{- end }} + volumes: + {{- if .Values.web_root_override }} + - name: kiali-console + configMap: + name: kiali-console + items: + - key: env.js + path: env.js + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-configuration + configMap: + name: {{ include "kiali-server.fullname" . }} + - name: {{ include "kiali-server.fullname" . }}-cert + secret: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + secretName: {{ include "kiali-server.fullname" . }}-cert-secret + {{- else }} + secretName: istio.{{ include "kiali-server.fullname" . }}-service-account + {{- end }} + {{- if not (include "kiali-server.identity.cert_file" .) }} + optional: true + {{- end }} + - name: {{ include "kiali-server.fullname" . }}-secret + secret: + secretName: {{ .Values.deployment.secret_name }} + optional: true + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + - name: {{ include "kiali-server.fullname" . }}-cabundle + configMap: + name: {{ include "kiali-server.fullname" . }}-cabundle + {{- end }} + {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.affinity.pod) (.Values.deployment.affinity.pod_anti)) }} + affinity: + {{- if .Values.deployment.affinity.node }} + nodeAffinity: + {{- toYaml .Values.deployment.affinity.node | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod }} + podAffinity: + {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} + {{- end }} + {{- if .Values.deployment.affinity.pod_anti }} + podAntiAffinity: + {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.tolerations }} + tolerations: + {{- toYaml .Values.deployment.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.deployment.node_selector }} + nodeSelector: + {{- toYaml .Values.deployment.node_selector | nindent 8 }} + {{- end }} +... diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/hpa.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/hpa.yaml new file mode 100644 index 000000000..934c4c1e9 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/hpa.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deployment.hpa.spec }} +--- +apiVersion: {{ .Values.deployment.hpa.api_version }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "kiali-server.fullname" . }} + {{- toYaml .Values.deployment.hpa.spec | nindent 2 }} +... +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/ingress.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/ingress.yaml new file mode 100644 index 000000000..1268101d6 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/ingress.yaml @@ -0,0 +1,43 @@ +{{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} +{{- if .Values.deployment.ingress_enabled }} +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }} + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- else }} + # For ingress-nginx versions older than 0.20.0 use secure-backends. + # (see: https://github.com/kubernetes/ingress-nginx/issues/3416#issuecomment-438247948) + # For ingress-nginx versions 0.20.0 and later use backend-protocol. + {{- if (include "kiali-server.identity.cert_file" .) }} + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + {{- else }} + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + {{- end }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + rules: + - http: + paths: + - path: {{ include "kiali-server.server.web_root" . }} + backend: + serviceName: {{ include "kiali-server.fullname" . }} + servicePort: {{ .Values.server.port }} + {{- if not (empty .Values.server.web_fqdn) }} + host: {{ .Values.server.web_fqdn }} + {{- end }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/oauth.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/oauth.yaml new file mode 100644 index 000000000..a178bb85e --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/oauth.yaml @@ -0,0 +1,17 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.kiali_route_url }} +--- +apiVersion: oauth.openshift.io/v1 +kind: OAuthClient +metadata: + name: {{ include "kiali-server.fullname" . }}-{{ .Release.Namespace }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +redirectURIs: +- {{ .Values.kiali_route_url }} +grantMethod: auto +allowAnyScope: true +... +{{- end }} +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/psp.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/psp.yaml new file mode 100644 index 000000000..f891892cc --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/psp.yaml @@ -0,0 +1,67 @@ +{{- if .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: kiali +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - policy + resourceNames: + - {{ include "kiali-server.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "kiali-server.fullname" . }}-psp + namespace: {{ .Release.Namespace }} +spec: + allowPrivilegeEscalation: false + forbiddenSysctls: + - '*' + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + requiredDropCapabilities: + - ALL + runAsUser: + rule: MustRunAsNonRoot + runAsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - emptyDir + - projected + - secret + - downwardAPI + - persistentVolumeClaim +{{- end }} \ No newline at end of file diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role-controlplane.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role-controlplane.yaml new file mode 100644 index 000000000..a22c76756 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role-controlplane.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - secrets + verbs: + - list +... diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role-viewer.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role-viewer.yaml new file mode 100644 index 000000000..c1a766750 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role-viewer.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }}-viewer + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - pods/log + - pods/proxy + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - namespaces + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list + - watch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role.yaml new file mode 100644 index 000000000..b764570c8 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/role.yaml @@ -0,0 +1,106 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: + - configmaps + - endpoints + - pods/log + - pods/proxy + verbs: + - get + - list + - watch +- apiGroups: [""] + resources: + - namespaces + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch + - patch +- apiGroups: [""] + resources: + - pods/portforward + verbs: + - create + - post +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch + - patch +- apiGroups: ["batch"] + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch + - patch +- apiGroups: + - networking.istio.io + - security.istio.io + resources: ["*"] + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: ["apps.openshift.io"] + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + - patch +- apiGroups: ["project.openshift.io"] + resources: + - projects + verbs: + - get +- apiGroups: ["route.openshift.io"] + resources: + - routes + verbs: + - get +- apiGroups: ["monitoring.kiali.io"] + resources: + - monitoringdashboards + verbs: + - get + - list +- apiGroups: ["iter8.tools"] + resources: + - experiments + verbs: + - get + - list + - watch + - create + - delete + - patch +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: + - create +... diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/rolebinding-controlplane.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/rolebinding-controlplane.yaml new file mode 100644 index 000000000..5a0015836 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/rolebinding-controlplane.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }}-controlplane + namespace: {{ include "kiali-server.istio_namespace" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kiali-server.fullname" . }}-controlplane +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/rolebinding.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/rolebinding.yaml new file mode 100644 index 000000000..1eaabd65f --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kiali-server.fullname" . }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.deployment.view_only_mode }} + name: {{ include "kiali-server.fullname" . }}-viewer + {{- else }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} +... diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/route.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/route.yaml new file mode 100644 index 000000000..27940dc96 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/route.yaml @@ -0,0 +1,30 @@ +{{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} +{{- if .Values.deployment.ingress_enabled }} +# As of OpenShift 4.5, need to use --disable-openapi-validation when installing via Helm +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + {{- if hasKey .Values.deployment.override_ingress_yaml.metadata "annotations" }}} + annotations: + {{- toYaml .Values.deployment.override_ingress_yaml.metadata.annotations | nindent 4 }} + {{- end }} +spec: + {{- if hasKey .Values.deployment.override_ingress_yaml "spec" }} + {{- toYaml .Values.deployment.override_ingress_yaml.spec | nindent 2 }} + {{- else }} + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + targetPort: {{ .Values.server.port }} + name: {{ include "kiali-server.fullname" . }} + {{- end }} +... +{{- end }} +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/service.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/service.yaml new file mode 100644 index 000000000..e7618d68f --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/service.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} + annotations: + {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} + service.beta.openshift.io/serving-cert-secret-name: {{ include "kiali-server.fullname" . }}-cert-secret + {{- end }} + {{- if and (not (empty .Values.server.web_fqdn)) (not (empty .Values.server.web_schema)) }} + {{- if empty .Values.server.web_port }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}{{ default "" .Values.server.web_root }} + {{- else }} + kiali.io/external-url: {{ .Values.server.web_schema }}://{{ .Values.server.web_fqdn }}:{{ .Values.server.web_port }}{{(default "" .Values.server.web_root) }} + {{- end }} + {{- end }} + {{- if .Values.deployment.service_annotations }} + {{- toYaml .Values.deployment.service_annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.deployment.service_type }} + type: {{ .Values.deployment.service_type }} + {{- end }} + ports: + {{- if (include "kiali-server.identity.cert_file" .) }} + - name: tcp + {{- else }} + - name: http + {{- end }} + protocol: TCP + port: {{ .Values.server.port }} + {{- if .Values.server.metrics_enabled }} + - name: http-metrics + protocol: TCP + port: {{ .Values.server.metrics_port }} + {{- end }} + selector: + {{- include "kiali-server.selectorLabels" . | nindent 4 }} + {{- if .Values.deployment.additional_service_yaml }} + {{- toYaml .Values.deployment.additional_service_yaml | nindent 2 }} + {{- end }} +... diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/serviceaccount.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..9151b6f6a --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kiali-server.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +... diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/validate-install-crd.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/validate-install-crd.yaml new file mode 100644 index 000000000..b42eeb266 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/validate-install-crd.yaml @@ -0,0 +1,14 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.kiali.io/v1alpha1/MonitoringDashboard" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/web-root-configmap.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/web-root-configmap.yaml new file mode 100644 index 000000000..970d4e4f5 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/templates/web-root-configmap.yaml @@ -0,0 +1,12 @@ +{{- if .Values.web_root_override }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: kiali-console + namespace: {{ .Release.Namespace }} + labels: + {{- include "kiali-server.labels" . | nindent 4 }} +data: + env.js: | + window.WEB_ROOT='/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Release.Namespace }}/services/http:kiali:20001/proxy/kiali'; +{{- end }} diff --git a/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/values.yaml b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/values.yaml new file mode 100644 index 000000000..8db88b0d9 --- /dev/null +++ b/charts/rancher-kiali-server/rancher-kiali-server/100.0.0+up1.35.0/values.yaml @@ -0,0 +1,98 @@ +# 'fullnameOverride' is deprecated. Use 'deployment.instance_name' instead. +# This is only supported for backward compatibility and will be removed in a future version. +# If 'fullnameOverride' is not "kiali" and 'deployment.instance_name' is "kiali", +# then 'deployment.instance_name' will take the value of 'fullnameOverride' value. +# Otherwise, 'fullnameOverride' is ignored and 'deployment.instance_name' is used. +fullnameOverride: "kiali" + +# This is required for "openshift" auth strategy. +# You have to know ahead of time what your Route URL will be because +# right now the helm chart can't figure this out at runtime (it would +# need to wait for the Kiali Route to be deployed and for OpenShift +# to start it up). If someone knows how to update this helm chart to +# do this, a PR would be welcome. +kiali_route_url: "" + +# rancher specific override that allows proxy access to kiali url +web_root_override: true + +# +# Settings that mimic the Kiali CR which are placed in the ConfigMap. +# Note that only those values used by the Helm Chart will be here. +# + +istio_namespace: "" # default is where Kiali is installed + +auth: + openid: {} + openshift: {} + strategy: "" + +deployment: + # This only limits what Kiali will attempt to see, but Kiali Service Account has permissions to see everything. + # For more control over what the Kial Service Account can see, use the Kiali Operator + accessible_namespaces: + - "**" + additional_service_yaml: {} + affinity: + node: {} + pod: {} + pod_anti: {} + custom_dashboards: + excludes: [''] + includes: ['*'] + hpa: + api_version: "autoscaling/v2beta2" + spec: {} + repository: rancher/mirrored-kiali-kiali + image_pull_policy: "Always" + image_pull_secrets: [] + tag: v1.35.0 + ingress_enabled: true + instance_name: "kiali" + logger: + log_format: "text" + log_level: "info" + time_field_format: "2006-01-02T15:04:05Z07:00" + sampler_rate: "1" + node_selector: {} + override_ingress_yaml: + metadata: {} + pod_annotations: {} + pod_labels: {} + priority_class_name: "" + replicas: 1 + resources: {} + secret_name: "kiali" + service_annotations: {} + service_type: "" + tolerations: [] + version_label: v1.35.0 + view_only_mode: false + +external_services: + custom_dashboards: + enabled: true + +identity: {} + #cert_file: + #private_key_file: + +login_token: + signing_key: "" + +server: + port: 20001 + metrics_enabled: true + metrics_port: 9090 + web_root: "" + +# Common settings used among istio subcharts. +global: + # Specify rancher clusterId of external tracing config + # https://github.com/istio/istio.io/issues/4146#issuecomment-493543032 + cattle: + systemDefaultRegistry: "" + clusterId: + rbac: + pspEnabled: false diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/.helmignore b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/Chart.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/Chart.yaml new file mode 100644 index 000000000..50458c9ce --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/Chart.yaml @@ -0,0 +1,25 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-kube-state-metrics +apiVersion: v2 +appVersion: 2.0.0 +description: Install kube-state-metrics to generate and expose cluster-level metrics +home: https://github.com/kubernetes/kube-state-metrics/ +keywords: +- metric +- monitoring +- prometheus +- kubernetes +maintainers: +- email: tariq.ibrahim@mulesoft.com + name: tariq1890 +- email: manuel@rueg.eu + name: mrueg +name: rancher-kube-state-metrics +sources: +- https://github.com/kubernetes/kube-state-metrics/ +type: application +version: 100.0.0+up3.2.0 diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/OWNERS b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/OWNERS new file mode 100644 index 000000000..206b4fee7 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/OWNERS @@ -0,0 +1,6 @@ +approvers: +- tariq1890 +- mrueg +reviewers: +- tariq1890 +- mrueg diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/README.md b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/README.md new file mode 100644 index 000000000..7c2e16918 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/README.md @@ -0,0 +1,68 @@ +# kube-state-metrics Helm Chart + +Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics + +You can upgrade in-place: + +1. [get repo info](#get-repo-info) +1. [upgrade](#upgrading-chart) your existing release name using the new chart repo + + +## Upgrading to v3.0.0 + +v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side. + +The upgraded chart now the following changes: +* Dropped support for helm v2 (helm v3 or later is required) +* collectors key was renamed to resources +* namespace key was renamed to namespaces + + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values prometheus-community/kube-state-metrics +``` + +You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options. diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/NOTES.txt b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/NOTES.txt new file mode 100644 index 000000000..5a646e0cc --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/NOTES.txt @@ -0,0 +1,10 @@ +kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. +The exposed metrics can be found here: +https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + +The metrics are exported on the HTTP endpoint /metrics on the listening port. +In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics + +They are served either as plaintext or protobuf depending on the Accept header. +They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/_helpers.tpl b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/_helpers.tpl new file mode 100644 index 000000000..4f76b188b --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/_helpers.tpl @@ -0,0 +1,76 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-state-metrics.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kube-state-metrics.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kube-state-metrics.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-state-metrics.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/clusterrolebinding.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..af158c512 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- if .Values.rbac.useExistingRole }} + name: {{ .Values.rbac.useExistingRole }} +{{- else }} + name: {{ template "kube-state-metrics.fullname" . }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end -}} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/deployment.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/deployment.yaml new file mode 100644 index 000000000..f338308ad --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/deployment.yaml @@ -0,0 +1,224 @@ +apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + replicas: {{ .Values.replicas }} +{{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: "{{ .Release.Name }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 8 }} +{{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} +{{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + args: +{{ if .Values.extraArgs }} + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} +{{ end }} +{{ if .Values.collectors.certificatesigningrequests }} + - --resources=certificatesigningrequests +{{ end }} +{{ if .Values.collectors.configmaps }} + - --resources=configmaps +{{ end }} +{{ if .Values.collectors.cronjobs }} + - --resources=cronjobs +{{ end }} +{{ if .Values.collectors.daemonsets }} + - --resources=daemonsets +{{ end }} +{{ if .Values.collectors.deployments }} + - --resources=deployments +{{ end }} +{{ if .Values.collectors.endpoints }} + - --resources=endpoints +{{ end }} +{{ if .Values.collectors.horizontalpodautoscalers }} + - --resources=horizontalpodautoscalers +{{ end }} +{{ if .Values.collectors.ingresses }} + - --resources=ingresses +{{ end }} +{{ if .Values.collectors.jobs }} + - --resources=jobs +{{ end }} +{{ if .Values.collectors.limitranges }} + - --resources=limitranges +{{ end }} +{{ if .Values.collectors.mutatingwebhookconfigurations }} + - --resources=mutatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.namespaces }} + - --resources=namespaces +{{ end }} +{{ if .Values.collectors.networkpolicies }} + - --resources=networkpolicies +{{ end }} +{{ if .Values.collectors.nodes }} + - --resources=nodes +{{ end }} +{{ if .Values.collectors.persistentvolumeclaims }} + - --resources=persistentvolumeclaims +{{ end }} +{{ if .Values.collectors.persistentvolumes }} + - --resources=persistentvolumes +{{ end }} +{{ if .Values.collectors.poddisruptionbudgets }} + - --resources=poddisruptionbudgets +{{ end }} +{{ if .Values.collectors.pods }} + - --resources=pods +{{ end }} +{{ if .Values.collectors.replicasets }} + - --resources=replicasets +{{ end }} +{{ if .Values.collectors.replicationcontrollers }} + - --resources=replicationcontrollers +{{ end }} +{{ if .Values.collectors.resourcequotas }} + - --resources=resourcequotas +{{ end }} +{{ if .Values.collectors.secrets }} + - --resources=secrets +{{ end }} +{{ if .Values.collectors.services }} + - --resources=services +{{ end }} +{{ if .Values.collectors.statefulsets }} + - --resources=statefulsets +{{ end }} +{{ if .Values.collectors.storageclasses }} + - --resources=storageclasses +{{ end }} +{{ if .Values.collectors.validatingwebhookconfigurations }} + - --resources=validatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.verticalpodautoscalers }} + - --resources=verticalpodautoscalers +{{ end }} +{{ if .Values.collectors.volumeattachments }} + - --resources=volumeattachments +{{ end }} +{{ if .Values.namespaces }} + - --namespaces={{ tpl .Values.namespaces $ | join "," }} +{{ end }} +{{ if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) +{{ end }} +{{ if .Values.kubeconfig.enabled }} + - --kubeconfig=/opt/k8s/.kube/config +{{ end }} +{{ if .Values.selfMonitor.telemetryHost }} + - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} +{{ end }} + - --telemetry-port=8081 +{{- if .Values.kubeconfig.enabled }} + volumeMounts: + - name: kubeconfig + mountPath: /opt/k8s/.kube/ + readOnly: true +{{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: 8080 +{{- if .Values.selfMonitor.enabled }} + - containerPort: 8081 +{{- end }} + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 +{{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- end }} +{{- if .Values.containerSecurityContext }} + securityContext: +{{ toYaml .Values.containerSecurityContext | indent 10 }} +{{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} +{{- if .Values.kubeconfig.enabled}} + volumes: + - name: kubeconfig + secret: + secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig +{{- end }} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/kubeconfig-secret.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/kubeconfig-secret.yaml new file mode 100644 index 000000000..a7800d7ad --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/kubeconfig-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.kubeconfig.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +type: Opaque +data: + config: '{{ .Values.kubeconfig.secret }}' +{{- end -}} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/pdb.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/pdb.yaml new file mode 100644 index 000000000..d3ef8104e --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/podsecuritypolicy.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..e822ba0e7 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/podsecuritypolicy.yaml @@ -0,0 +1,42 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + volumes: + - 'secret' +{{- if .Values.podSecurityPolicy.additionalVolumes }} +{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/psp-clusterrole.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/psp-clusterrole.yaml new file mode 100644 index 000000000..217abc950 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/psp-clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} +{{- end }} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/psp-clusterrolebinding.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/psp-clusterrolebinding.yaml new file mode 100644 index 000000000..feb97f228 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/role.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/role.yaml new file mode 100644 index 000000000..25c8bc893 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/role.yaml @@ -0,0 +1,190 @@ +{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} +{{- range (split "," .Values.namespaces) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq $.Values.rbac.useClusterRole false }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- if eq $.Values.rbac.useClusterRole false }} + namespace: {{ . }} +{{- end }} +rules: +{{ if $.Values.collectors.certificatesigningrequests }} +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.configmaps }} +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.cronjobs }} +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.daemonsets }} +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.deployments }} +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.endpoints }} +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.horizontalpodautoscalers }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.ingresses }} +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.jobs }} +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.limitranges }} +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.mutatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.namespaces }} +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.networkpolicies }} +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.nodes }} +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumeclaims }} +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumes }} +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.poddisruptionbudgets }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.pods }} +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicasets }} +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicationcontrollers }} +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.resourcequotas }} +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.secrets }} +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.services }} +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.statefulsets }} +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.storageclasses }} +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.validatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.volumeattachments }} +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.verticalpodautoscalers }} +- apiGroups: ["autoscaling.k8s.io"] + resources: + - verticalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/rolebinding.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/rolebinding.yaml new file mode 100644 index 000000000..72a1a2e90 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/rolebinding.yaml @@ -0,0 +1,27 @@ +{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} +{{- range (split "," $.Values.namespaces) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not $.Values.rbac.useExistingRole) }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- else }} + name: {{ $.Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ template "kube-state-metrics.namespace" $ }} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/service.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/service.yaml new file mode 100644 index 000000000..4f8e4a497 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/service.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} + annotations: + {{- if .Values.prometheusScrape }} + prometheus.io/scrape: '{{ .Values.prometheusScrape }}' + {{- end }} + {{- if .Values.service.annotations }} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: "{{ .Values.service.type }}" + ports: + - name: "http" + protocol: TCP + port: {{ .Values.service.port }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: 8080 + {{ if .Values.selfMonitor.enabled }} + - name: "metrics" + protocol: TCP + port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + targetPort: 8081 + {{ end }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} + selector: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/serviceaccount.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..2e8a1ee38 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/servicemonitor.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/servicemonitor.yaml new file mode 100644 index 000000000..7d1cd7aa1 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/servicemonitor.yaml @@ -0,0 +1,34 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: http + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ if .Values.selfMonitor.enabled }} + - port: metrics + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ end }} +{{- end }} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/stsdiscovery-role.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/stsdiscovery-role.yaml new file mode 100644 index 000000000..9770b0498 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/stsdiscovery-role.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} + resources: + - statefulsets + verbs: + - get + - list + - watch +{{- end }} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/stsdiscovery-rolebinding.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/stsdiscovery-rolebinding.yaml new file mode 100644 index 000000000..6a2e5bfe7 --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/values.yaml b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/values.yaml new file mode 100644 index 000000000..052e534de --- /dev/null +++ b/charts/rancher-kube-state-metrics/rancher-kube-state-metrics/100.0.0+up3.2.0/values.yaml @@ -0,0 +1,189 @@ +global: + cattle: + systemDefaultRegistry: "" + +# Default values for kube-state-metrics. +prometheusScrape: true +image: + repository: rancher/mirrored-kube-state-metrics-kube-state-metrics + tag: v2.0.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +# List of additional cli arguments to configure kube-state-metrics +# for example: --enable-gzip-encoding, --log-file, etc. +# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md +extraArgs: [] + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + nodePort: 0 + loadBalancerIP: "" + annotations: {} + +customLabels: {} + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + + # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. + # useExistingRole: your-existing-role + + # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) + useClusterRole: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # ServiceAccount annotations. + # Use case: AWS EKS IAM roles for service accounts + # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html + annotations: {} + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + honorLabels: false + +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: false + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + additionalVolumes: [] + +securityContext: + enabled: true + runAsNonRoot: true + runAsGroup: 65534 + runAsUser: 65534 + fsGroup: 65534 + +## Specify security settings for a Container +## Allows overrides and additional options compared to (Pod) securityContext +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +containerSecurityContext: {} + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Annotations to be added to the pod +podAnnotations: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} + +# Available collectors for kube-state-metrics. By default all available +# resources are enabled. +collectors: + certificatesigningrequests: true + configmaps: true + cronjobs: true + daemonsets: true + deployments: true + endpoints: true + horizontalpodautoscalers: true + ingresses: true + jobs: true + limitranges: true + mutatingwebhookconfigurations: true + namespaces: true + networkpolicies: true + nodes: true + persistentvolumeclaims: true + persistentvolumes: true + poddisruptionbudgets: true + pods: true + replicasets: true + replicationcontrollers: true + resourcequotas: true + secrets: true + services: true + statefulsets: true + storageclasses: true + validatingwebhookconfigurations: true + verticalpodautoscalers: false + volumeattachments: true + +# Enabling kubeconfig will pass the --kubeconfig argument to the container +kubeconfig: + enabled: false + # base64 encoded kube-config file + secret: + +# Comma-separated list of namespaces to be enabled for collecting resources. By default all namespaces are collected. +namespaces: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. +## For example: kubeTargetVersionOverride: 1.14.9 +## +kubeTargetVersionOverride: "" + +# Enable self metrics configuration for service and Service Monitor +# Default values for telemetry configuration can be overridden +selfMonitor: + enabled: false + # telemetryHost: 0.0.0.0 + # telemetryPort: 8081 diff --git a/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/Chart.yaml b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/Chart.yaml new file mode 100644 index 000000000..e27c04950 --- /dev/null +++ b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/release-name: rancher-logging-crd +apiVersion: v1 +description: Installs the CRDs for rancher-logging. +name: rancher-logging-crd +type: application +version: 100.0.0+up3.12.0 diff --git a/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/README.md b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/README.md new file mode 100644 index 000000000..d4beb54fa --- /dev/null +++ b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/README.md @@ -0,0 +1,2 @@ +# rancher-logging-crd +A Rancher chart that installs the CRDs used by rancher-logging. diff --git a/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_clusterflows.yaml b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_clusterflows.yaml new file mode 100644 index 000000000..ea319f8d2 --- /dev/null +++ b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_clusterflows.yaml @@ -0,0 +1,1500 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + name: clusterflows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterFlow + listKind: ClusterFlowList + plural: clusterflows + singular: clusterflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is the flow active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Is the flow active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + namespaces: + items: + type: string + type: array + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_clusteroutputs.yaml b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_clusteroutputs.yaml new file mode 100644 index 000000000..3ea3fa4d9 --- /dev/null +++ b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_clusteroutputs.yaml @@ -0,0 +1,9436 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + name: clusteroutputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: ClusterOutput + listKind: ClusterOutputList + plural: clusteroutputs + singular: clusteroutput + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is the output active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + logstash_prefix: + type: string + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_id: + type: string + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + discard_kafka_delivery_failed: + type: boolean + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + kafka_agg_max_bytes: + type: integer + kafka_agg_max_messages: + type: integer + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Is the output active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + logstash_prefix: + type: string + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + enabledNamespaces: + items: + type: string + type: array + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_id: + type: string + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + discard_kafka_delivery_failed: + type: boolean + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + kafka_agg_max_bytes: + type: integer + kafka_agg_max_messages: + type: integer + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_flows.yaml b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_flows.yaml new file mode 100644 index 000000000..66eaa8f86 --- /dev/null +++ b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_flows.yaml @@ -0,0 +1,1492 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + name: flows.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Flow + listKind: FlowList + plural: flows + singular: flow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is the flow active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Is the flow active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + localOutputRefs: + items: + type: string + type: array + loggingRef: + type: string + match: + items: + properties: + exclude: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + select: + properties: + container_names: + items: + type: string + type: array + hosts: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + outputRefs: + items: + type: string + type: array + selectors: + additionalProperties: + type: string + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_loggings.yaml b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_loggings.yaml new file mode 100644 index 000000000..9c04f2126 --- /dev/null +++ b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_loggings.yaml @@ -0,0 +1,15844 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + name: loggings.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Logging + listKind: LoggingList + plural: loggings + singular: logging + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + envVars: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + DNS_Retries: + type: string + DNS_Wait_Time: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Kubelet_Port: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + Use_Kubelet: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + bufferVolumeArgs: + items: + type: string + type: array + bufferVolumeImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + bufferVolumeMetrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + envVars: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + rootDir: + type: string + scaling: + properties: + drain: + properties: + enabled: + type: boolean + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + type: object + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + nodeAgents: + items: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + nodeAgentFluentbit: + properties: + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + containersPath: + type: string + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + daemonSet: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + minReadySeconds: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + type: object + type: object + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + enabled: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + DNS_Retries: + type: string + DNS_Wait_Time: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Kubelet_Port: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + Use_Kubelet: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + livenessDefaultCheck: + type: boolean + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + metricsService: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + allocateLoadBalancerNodePorts: + type: boolean + clusterIP: + type: string + clusterIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + internalTrafficPolicy: + type: string + ipFamilies: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + topologyKeys: + items: + type: string + type: array + type: + type: string + type: object + type: object + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + podPriorityClassName: + type: string + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + varLogsPath: + type: string + type: object + profile: + type: string + type: object + type: array + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + allowClusterResourcesFromAllNamespaces: + type: boolean + controlNamespace: + type: string + defaultFlow: + properties: + filters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + globalOutputRefs: + items: + type: string + type: array + outputRefs: + items: + type: string + type: array + type: object + enableRecreateWorkloadOnImmutableFieldChange: + type: boolean + flowConfigCheckDisabled: + type: boolean + flowConfigOverride: + type: string + fluentbit: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + envVars: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + DNS_Retries: + type: string + DNS_Wait_Time: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Kubelet_Port: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + Use_Kubelet: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + mountPath: + type: string + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + type: object + parser: + type: string + podPriorityClassName: + type: string + position_db: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + type: object + fluentd: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + bufferVolumeArgs: + items: + type: string + type: array + bufferVolumeImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + bufferVolumeMetrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + configCheckAnnotations: + additionalProperties: + type: string + type: object + configReloaderImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + disablePvc: + type: boolean + envVars: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + fluentLogDestination: + type: string + fluentOutLogrotate: + properties: + age: + type: string + enabled: + type: boolean + path: + type: string + size: + type: string + required: + - enabled + type: object + fluentdPvcSpec: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + forwardInputConfig: + properties: + add_tag_prefix: + type: string + bind: + type: string + chunk_size_limit: + type: string + chunk_size_warn_limit: + type: string + deny_keepalive: + type: boolean + linger_timeout: + type: integer + port: + type: string + resolve_hostname: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_keepalive_packet: + type: boolean + skip_invalid_event: + type: boolean + source_address_key: + type: string + sourceHostnameKey: + type: string + tag: + type: string + transport: + properties: + ca_cert_path: + type: string + ca_path: + type: string + ca_private_key_passphrase: + type: string + ca_private_key_path: + type: string + cert_path: + type: string + ciphers: + type: string + client_cert_auth: + type: boolean + insecure: + type: boolean + private_key_passphrase: + type: string + private_key_path: + type: string + protocol: + type: string + version: + type: string + type: object + type: object + ignoreRepeatedLogInterval: + type: string + ignoreSameLogInterval: + type: string + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + livenessDefaultCheck: + type: boolean + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + podPriorityClassName: + type: string + port: + format: int32 + type: integer + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + rootDir: + type: string + scaling: + properties: + drain: + properties: + enabled: + type: boolean + image: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + type: object + podManagementPolicy: + type: string + replicas: + type: integer + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeModImage: + properties: + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + pullPolicy: + type: string + repository: + type: string + tag: + type: string + type: object + volumeMountChmod: + type: boolean + workers: + format: int32 + type: integer + type: object + globalFilters: + items: + properties: + concat: + properties: + continuous_line_regexp: + type: string + flush_interval: + type: integer + keep_partial_key: + type: boolean + keep_partial_metadata: + type: string + key: + type: string + multiline_end_regexp: + type: string + multiline_start_regexp: + type: string + n_lines: + type: integer + partial_key: + type: string + partial_value: + type: string + separator: + type: string + stream_identity_key: + type: string + timeout_label: + type: string + use_first_timestamp: + type: boolean + use_partial_metadata: + type: string + type: object + dedot: + properties: + de_dot_nested: + type: boolean + de_dot_separator: + type: string + type: object + detectExceptions: + properties: + languages: + items: + type: string + type: array + max_bytes: + type: integer + max_lines: + type: integer + message: + type: string + multiline_flush_interval: + type: string + remove_tag_prefix: + type: string + stream: + type: string + type: object + enhanceK8s: + properties: + api_groups: + items: + type: string + type: array + bearer_token_file: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cache_refresh: + type: integer + cache_refresh_variation: + type: integer + cache_size: + type: integer + cache_ttl: + type: integer + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + core_api_versions: + items: + type: string + type: array + data_type: + type: string + in_namespace_path: + items: + type: string + type: array + in_pod_path: + items: + type: string + type: array + kubernetes_url: + type: string + secret_dir: + type: string + ssl_partial_chain: + type: boolean + verify_ssl: + type: boolean + type: object + geoip: + properties: + backend_library: + type: string + geoip_2_database: + type: string + geoip_database: + type: string + geoip_lookup_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + skip_adding_null_record: + type: boolean + type: object + grep: + properties: + and: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + or: + items: + properties: + exclude: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + type: array + regexp: + items: + properties: + key: + type: string + pattern: + type: string + required: + - key + - pattern + type: object + type: array + type: object + parser: + properties: + emit_invalid_record_to_error: + type: boolean + hash_value_field: + type: string + inject_key_prefix: + type: string + key_name: + type: string + parse: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + parsers: + items: + properties: + delimiter: + type: string + delimiter_pattern: + type: string + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + format_firstline: + type: string + keep_time_key: + type: boolean + label_delimiter: + type: string + local_time: + type: boolean + multiline: + items: + type: string + type: array + null_empty_string: + type: boolean + null_value_pattern: + type: string + patterns: + items: + properties: + estimate_current_event: + type: boolean + expression: + type: string + format: + type: string + keep_time_key: + type: boolean + local_time: + type: boolean + null_empty_string: + type: boolean + null_value_pattern: + type: string + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + time_format: + type: string + time_key: + type: string + time_type: + type: string + timezone: + type: string + type: + type: string + types: + type: string + utc: + type: boolean + type: object + type: array + remove_key_name_field: + type: boolean + replace_invalid_sequence: + type: boolean + reserve_data: + type: boolean + reserve_time: + type: boolean + type: object + prometheus: + properties: + labels: + additionalProperties: + type: string + type: object + metrics: + items: + properties: + buckets: + type: string + desc: + type: string + key: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - desc + - name + - type + type: object + type: array + type: object + record_modifier: + properties: + char_encoding: + type: string + prepare_value: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + replaces: + items: + properties: + expression: + type: string + key: + type: string + replace: + type: string + required: + - expression + - key + - replace + type: object + type: array + whitelist_keys: + type: string + type: object + record_transformer: + properties: + auto_typecast: + type: boolean + enable_ruby: + type: boolean + keep_keys: + type: string + records: + items: + additionalProperties: + type: string + type: object + type: array + remove_keys: + type: string + renew_record: + type: boolean + renew_time_key: + type: string + type: object + stdout: + properties: + output_type: + type: string + type: object + sumologic: + properties: + collector_key_name: + type: string + collector_value: + type: string + exclude_container_regex: + type: string + exclude_facility_regex: + type: string + exclude_host_regex: + type: string + exclude_namespace_regex: + type: string + exclude_pod_regex: + type: string + exclude_priority_regex: + type: string + exclude_unit_regex: + type: string + log_format: + type: string + source_category: + type: string + source_category_key_name: + type: string + source_category_prefix: + type: string + source_category_replace_dash: + type: string + source_host: + type: string + source_host_key_name: + type: string + source_name: + type: string + source_name_key_name: + type: string + tracing_annotation_prefix: + type: string + tracing_container_name: + type: string + tracing_format: + type: boolean + tracing_host: + type: string + tracing_label_prefix: + type: string + tracing_namespace: + type: string + tracing_pod: + type: string + tracing_pod_id: + type: string + type: object + tag_normaliser: + properties: + format: + type: string + type: object + throttle: + properties: + group_bucket_limit: + type: integer + group_bucket_period_s: + type: integer + group_drop_logs: + type: boolean + group_key: + type: string + group_reset_rate_s: + type: integer + group_warning_delay_s: + type: integer + type: object + type: object + type: array + loggingRef: + type: string + nodeAgents: + items: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + nodeAgentFluentbit: + properties: + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + containersPath: + type: string + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + daemonSet: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + minReadySeconds: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + type: object + type: object + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + enabled: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + DNS_Retries: + type: string + DNS_Wait_Time: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Kubelet_Port: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + Use_Kubelet: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + type: object + grace: + format: int32 + type: integer + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + storage.type: + type: string + type: object + livenessDefaultCheck: + type: boolean + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + type: string + type: array + targetLabel: + type: string + type: object + type: array + type: object + timeout: + type: string + type: object + metricsService: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + allocateLoadBalancerNodePorts: + type: boolean + clusterIP: + type: string + clusterIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + internalTrafficPolicy: + type: string + ipFamilies: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + topologyKeys: + items: + type: string + type: array + type: + type: string + type: object + type: object + network: + properties: + connectTimeout: + format: int32 + type: integer + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + type: object + podPriorityClassName: + type: string + positiondb: + properties: + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + security: + properties: + podSecurityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: array + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + varLogsPath: + type: string + type: object + profile: + type: string + type: object + type: array + watchNamespaces: + items: + type: string + type: array + required: + - controlNamespace + type: object + status: + properties: + configCheckResults: + additionalProperties: + type: boolean + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_outputs.yaml b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_outputs.yaml new file mode 100644 index 000000000..3489dadb3 --- /dev/null +++ b/charts/rancher-logging/rancher-logging-crd/100.0.0+up3.12.0/templates/logging.banzaicloud.io_outputs.yaml @@ -0,0 +1,9424 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + name: outputs.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: Output + listKind: OutputList + plural: outputs + singular: output + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Is the output active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + logstash_prefix: + type: string + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_id: + type: string + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + discard_kafka_delivery_failed: + type: boolean + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + kafka_agg_max_bytes: + type: integer + kafka_agg_max_messages: + type: integer + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Is the output active? + jsonPath: .status.active + name: Active + type: boolean + - description: Number of problems + jsonPath: .status.problemsCount + name: Problems + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + awsElasticsearch: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_arn: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_session_name: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + assume_role_web_identity_token_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ecs_container_credentials_relative_uri: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + region: + type: string + secret_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + sts_credentials_region: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + flush_interval: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + include_tag_key: + type: boolean + logstash_format: + type: boolean + logstash_prefix: + type: string + tag_key: + type: string + type: object + azurestorage: + properties: + auto_create_container: + type: boolean + azure_container: + type: string + azure_imds_api_version: + type: string + azure_object_key_format: + type: string + azure_storage_access_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_account: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + azure_storage_sas_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + type: string + path: + type: string + required: + - azure_container + - azure_storage_account + type: object + cloudwatch: + properties: + auto_create_stream: + type: boolean + aws_instance_profile_credentials_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sts_role_arn: + type: string + aws_sts_session_name: + type: string + aws_use_sts: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + concurrency: + type: integer + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + http_proxy: + type: string + include_time_key: + type: boolean + json_handler: + type: string + localtime: + type: boolean + log_group_aws_tags: + type: string + log_group_aws_tags_key: + type: string + log_group_name: + type: string + log_group_name_key: + type: string + log_rejected_request: + type: string + log_stream_name: + type: string + log_stream_name_key: + type: string + max_events_per_batch: + type: integer + max_message_length: + type: integer + message_keys: + type: string + put_log_events_disable_retry_limit: + type: boolean + put_log_events_retry_limit: + type: integer + put_log_events_retry_wait: + type: string + region: + type: string + remove_log_group_aws_tags_key: + type: string + remove_log_group_name_key: + type: string + remove_log_stream_name_key: + type: string + remove_retention_in_days: + type: string + retention_in_days: + type: string + retention_in_days_key: + type: string + use_tag_as_group: + type: boolean + use_tag_as_stream: + type: boolean + required: + - region + type: object + datadog: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compression_level: + type: string + dd_hostname: + type: string + dd_source: + type: string + dd_sourcecategory: + type: string + dd_tags: + type: string + host: + type: string + include_tag_key: + type: boolean + max_backoff: + type: string + max_retries: + type: string + no_ssl_validation: + type: boolean + port: + type: string + service: + type: string + ssl_port: + type: string + tag_key: + type: string + timestamp_key: + type: string + use_compression: + type: boolean + use_http: + type: boolean + use_json: + type: boolean + use_ssl: + type: boolean + required: + - api_key + type: object + elasticsearch: + properties: + application_name: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + bulk_message_request_threshold: + type: string + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key_pass: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + content_type: + type: string + custom_headers: + type: string + customize_template: + type: string + data_stream_enable: + type: boolean + data_stream_name: + type: string + default_elasticsearch_version: + type: string + deflector_alias: + type: string + enable_ilm: + type: boolean + exception_backup: + type: boolean + fail_on_putting_template_retry_exceed: + type: boolean + flatten_hashes: + type: boolean + flatten_hashes_separator: + type: string + host: + type: string + hosts: + type: string + http_backend: + type: string + id_key: + type: string + ignore_exceptions: + type: string + ilm_policy: + type: string + ilm_policy_id: + type: string + ilm_policy_overwrite: + type: boolean + include_index_in_url: + type: boolean + include_tag_key: + type: boolean + include_timestamp: + type: boolean + index_date_pattern: + type: string + index_name: + type: string + index_prefix: + type: string + log_es_400_reason: + type: boolean + logstash_dateformat: + type: string + logstash_format: + type: boolean + logstash_prefix: + type: string + logstash_prefix_separator: + type: string + max_retry_get_es_version: + type: string + max_retry_putting_template: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + path: + type: string + pipeline: + type: string + port: + type: integer + prefer_oj_serializer: + type: boolean + reconnect_on_error: + type: boolean + reload_after: + type: string + reload_connections: + type: boolean + reload_on_failure: + type: boolean + remove_keys_on_update: + type: string + remove_keys_on_update_key: + type: string + request_timeout: + type: string + resurrect_after: + type: string + retry_tag: + type: string + rollover_index: + type: boolean + routing_key: + type: string + scheme: + type: string + sniffer_class_name: + type: string + ssl_max_version: + type: string + ssl_min_version: + type: string + ssl_verify: + type: boolean + ssl_version: + type: string + suppress_doc_wrap: + type: boolean + suppress_type_name: + type: boolean + tag_key: + type: string + target_index_key: + type: string + target_type_key: + type: string + template_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + template_name: + type: string + template_overwrite: + type: boolean + templates: + type: string + time_key: + type: string + time_key_format: + type: string + time_parse_error_tag: + type: string + time_precision: + type: string + type_name: + type: string + unrecoverable_error_types: + type: string + user: + type: string + utc_index: + type: boolean + validate_client_version: + type: boolean + verify_es_version_at_startup: + type: boolean + with_transporter_log: + type: boolean + write_operation: + type: string + type: object + file: + properties: + add_path_suffix: + type: boolean + append: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + path: + type: string + path_suffix: + type: string + symlink_path: + type: boolean + required: + - path + type: object + forward: + properties: + ack_response_timeout: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + connect_timeout: + type: integer + dns_round_robin: + type: boolean + expire_dns_cache: + type: integer + hard_timeout: + type: integer + heartbeat_interval: + type: integer + heartbeat_type: + type: string + ignore_network_errors_at_startup: + type: boolean + keepalive: + type: boolean + keepalive_timeout: + type: integer + phi_failure_detector: + type: boolean + phi_threshold: + type: integer + recover_wait: + type: integer + require_ack_response: + type: boolean + security: + properties: + allow_anonymous_source: + type: boolean + self_hostname: + type: string + shared_key: + type: string + user_auth: + type: boolean + required: + - self_hostname + - shared_key + type: object + send_timeout: + type: integer + servers: + items: + properties: + host: + type: string + name: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + shared_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + standby: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + weight: + type: integer + required: + - host + type: object + type: array + tls_allow_self_signed_cert: + type: boolean + tls_cert_logical_store_name: + type: string + tls_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_cert_thumbprint: + type: string + tls_cert_use_enterprise_store: + type: boolean + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_client_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_insecure_mode: + type: boolean + tls_verify_hostname: + type: boolean + tls_version: + type: string + verify_connection_at_startup: + type: boolean + required: + - servers + type: object + gcs: + properties: + acl: + type: string + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_retries: + type: integer + client_timeout: + type: integer + credentials_json: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + encryption_key: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + keyfile: + type: string + object_key_format: + type: string + object_metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + overwrite: + type: boolean + path: + type: string + project: + type: string + storage_class: + type: string + store_as: + type: string + transcoding: + type: boolean + required: + - bucket + - project + type: object + gelf: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + host: + type: string + port: + type: integer + protocol: + type: string + tls: + type: boolean + tls_options: + additionalProperties: + type: string + type: object + required: + - host + - port + type: object + http: + properties: + auth: + properties: + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - password + - username + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + content_type: + type: string + endpoint: + type: string + error_response_as_unrecoverable: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + headers: + additionalProperties: + type: string + type: object + http_method: + type: string + json_array: + type: boolean + open_timeout: + type: integer + proxy: + type: string + read_timeout: + type: integer + retryable_response_codes: + items: + type: integer + type: array + ssl_timeout: + type: integer + tls_ca_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_ciphers: + type: string + tls_client_cert_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_passphrase: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_private_key_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + tls_verify_mode: + type: string + tls_version: + type: string + required: + - endpoint + type: object + kafka: + properties: + ack_timeout: + type: integer + brokers: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + client_id: + type: string + compression_codec: + type: string + default_message_key: + type: string + default_partition_key: + type: string + default_topic: + type: string + discard_kafka_delivery_failed: + type: boolean + exclude_partion_key: + type: boolean + exclude_topic_key: + type: boolean + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + get_kafka_client_log: + type: boolean + headers: + additionalProperties: + type: string + type: object + headers_from_record: + additionalProperties: + type: string + type: object + idempotent: + type: boolean + kafka_agg_max_bytes: + type: integer + kafka_agg_max_messages: + type: integer + max_send_retries: + type: integer + message_key_key: + type: string + partition_key: + type: string + partition_key_key: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required_acks: + type: integer + sasl_over_ssl: + type: boolean + scram_mechanism: + type: string + ssl_ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_ca_certs_from_system: + type: boolean + ssl_client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_chain: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_client_cert_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ssl_verify_hostname: + type: boolean + topic_key: + type: string + use_default_for_unknown_topic: + type: boolean + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - brokers + - format + type: object + kinesisStream: + properties: + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + aws_iam_retries: + type: integer + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_ses_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + batch_request_max_count: + type: integer + batch_request_max_size: + type: integer + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + partition_key: + type: string + process_credentials: + properties: + process: + type: string + required: + - process + type: object + region: + type: string + reset_backoff_if_success: + type: boolean + retries_on_batch_request: + type: integer + stream_name: + type: string + required: + - stream_name + type: object + logdna: + properties: + api_key: + type: string + app: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + hostname: + type: string + ingester_domain: + type: string + ingester_endpoint: + type: string + request_timeout: + type: string + tags: + type: string + required: + - api_key + - hostname + type: object + loggingRef: + type: string + logz: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + endpoint: + properties: + port: + type: integer + token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + url: + type: string + type: object + gzip: + type: boolean + http_idle_timeout: + type: integer + output_include_tags: + type: boolean + output_include_time: + type: boolean + retry_count: + type: integer + retry_sleep: + type: integer + required: + - endpoint + type: object + loki: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + configure_kubernetes_labels: + type: boolean + drop_single_key: + type: boolean + extra_labels: + additionalProperties: + type: string + type: object + extract_kubernetes_labels: + type: boolean + insecure_tls: + type: boolean + key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + labels: + additionalProperties: + type: string + type: object + line_format: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + remove_keys: + items: + type: string + type: array + tenant: + type: string + url: + type: string + username: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + newrelic: + properties: + api_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + base_uri: + type: string + license_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + type: object + nullout: + type: object + oss: + properties: + aaccess_key_secret: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + access_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + auto_create_bucket: + type: boolean + bucket: + type: string + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_bucket: + type: boolean + check_object: + type: boolean + download_crc_enable: + type: boolean + endpoint: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hex_random_length: + type: integer + index_format: + type: string + key_format: + type: string + open_timeout: + type: integer + oss_sdk_log_dir: + type: string + overwrite: + type: boolean + path: + type: string + read_timeout: + type: integer + store_as: + type: string + upload_crc_enable: + type: boolean + warn_for_delay: + type: string + required: + - aaccess_key_secret + - access_key_id + - bucket + - endpoint + type: object + redis: + properties: + allow_duplicate_key: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + db_number: + type: integer + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insert_key_prefix: + type: string + password: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + port: + type: integer + strftime_format: + type: string + ttl: + type: integer + type: object + s3: + properties: + acl: + type: string + assume_role_credentials: + properties: + duration_seconds: + type: string + external_id: + type: string + policy: + type: string + role_arn: + type: string + role_session_name: + type: string + required: + - role_arn + - role_session_name + type: object + auto_create_bucket: + type: string + aws_iam_retries: + type: string + aws_key_id: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + aws_sec_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + check_apikey_on_start: + type: string + check_bucket: + type: string + check_object: + type: string + clustername: + type: string + compute_checksums: + type: string + enable_transfer_acceleration: + type: string + force_path_style: + type: string + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + grant_full_control: + type: string + grant_read: + type: string + grant_read_acp: + type: string + grant_write_acp: + type: string + hex_random_length: + type: string + index_format: + type: string + instance_profile_credentials: + properties: + http_open_timeout: + type: string + http_read_timeout: + type: string + ip_address: + type: string + port: + type: string + retries: + type: string + type: object + oneeye_format: + type: boolean + overwrite: + type: string + path: + type: string + proxy_uri: + type: string + s3_bucket: + type: string + s3_endpoint: + type: string + s3_metadata: + type: string + s3_object_key_format: + type: string + s3_region: + type: string + shared_credentials: + properties: + path: + type: string + profile_name: + type: string + type: object + signature_version: + type: string + sse_customer_algorithm: + type: string + sse_customer_key: + type: string + sse_customer_key_md5: + type: string + ssekms_key_id: + type: string + ssl_verify_peer: + type: string + storage_class: + type: string + store_as: + type: string + use_bundled_cert: + type: string + use_server_side_encryption: + type: string + warn_for_delay: + type: string + required: + - s3_bucket + type: object + splunkHec: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + ca_file: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_cert: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + client_key: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + coerce_to_utf8: + type: boolean + data_type: + type: string + fields: + additionalProperties: + type: string + type: object + format: + properties: + add_newline: + type: boolean + message_key: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + hec_host: + type: string + hec_port: + type: integer + hec_token: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + host: + type: string + host_key: + type: string + idle_timeout: + type: integer + index: + type: string + index_key: + type: string + insecure_ssl: + type: boolean + keep_keys: + type: boolean + metric_name_key: + type: string + metric_value_key: + type: string + metrics_from_event: + type: boolean + non_utf8_replacement_string: + type: string + open_timeout: + type: integer + protocol: + type: string + read_timeout: + type: integer + source: + type: string + source_key: + type: string + sourcetype: + type: string + sourcetype_key: + type: string + ssl_ciphers: + type: string + required: + - hec_host + - hec_token + type: object + sumologic: + properties: + add_timestamp: + type: boolean + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + compress: + type: boolean + compress_encoding: + type: string + custom_dimensions: + type: string + custom_fields: + items: + type: string + type: array + data_type: + type: string + delimiter: + type: string + disable_cookies: + type: boolean + endpoint: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + log_format: + type: string + log_key: + type: string + metric_data_format: + type: string + open_timeout: + type: integer + proxy_uri: + type: string + source_category: + type: string + source_host: + type: string + source_name: + type: string + source_name_key: + type: string + sumo_client: + type: string + timestamp_key: + type: string + verify_ssl: + type: boolean + required: + - endpoint + - source_name + type: object + syslog: + properties: + buffer: + properties: + chunk_full_threshold: + type: string + chunk_limit_records: + type: integer + chunk_limit_size: + type: string + compress: + type: string + delayed_commit_timeout: + type: string + disable_chunk_backup: + type: boolean + flush_at_shutdown: + type: boolean + flush_interval: + type: string + flush_mode: + type: string + flush_thread_burst_interval: + type: string + flush_thread_count: + type: integer + flush_thread_interval: + type: string + overflow_action: + type: string + path: + type: string + queue_limit_length: + type: integer + queued_chunks_limit_size: + type: integer + retry_exponential_backoff_base: + type: string + retry_forever: + type: boolean + retry_max_interval: + type: string + retry_max_times: + type: integer + retry_randomize: + type: boolean + retry_secondary_threshold: + type: string + retry_timeout: + type: string + retry_type: + type: string + retry_wait: + type: string + tags: + type: string + timekey: + type: string + timekey_use_utc: + type: boolean + timekey_wait: + type: string + timekey_zone: + type: string + total_limit_size: + type: string + type: + type: string + type: object + format: + properties: + app_name_field: + type: string + hostname_field: + type: string + log_field: + type: string + message_id_field: + type: string + proc_id_field: + type: string + rfc6587_message_size: + type: boolean + structured_data_field: + type: string + type: + enum: + - out_file + - json + - ltsv + - csv + - msgpack + - hash + - single_value + type: string + type: object + host: + type: string + insecure: + type: boolean + port: + type: integer + transport: + type: string + trusted_ca_path: + properties: + mountFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + required: + - host + type: object + type: object + status: + properties: + active: + type: boolean + problems: + items: + type: string + type: array + problemsCount: + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/.helmignore b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/Chart.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/Chart.yaml new file mode 100644 index 000000000..48f444370 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/Chart.yaml @@ -0,0 +1,20 @@ +annotations: + catalog.cattle.io/auto-install: rancher-logging-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Logging + catalog.cattle.io/namespace: cattle-logging-system + catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 + catalog.cattle.io/release-name: rancher-logging + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: logging +apiVersion: v1 +appVersion: 3.12.0 +description: Collects and filter logs using highly configurable CRDs. Powered by Banzai + Cloud Logging Operator. +icon: https://charts.rancher.io/assets/logos/logging.svg +keywords: +- logging +- monitoring +- security +name: rancher-logging +version: 100.0.0+up3.12.0 diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/README.md b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/README.md new file mode 100644 index 000000000..a8672c02a --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/README.md @@ -0,0 +1,131 @@ + +# Logging operator Chart + +[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator +``` + +## Introduction + +This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release banzaicloud-stable/logging-operator +``` + +### CRDs +Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. + +The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the logging-operator chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | +| `image.tag` | Container image tag | `3.9.5` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `nameOverride` | Override name of app | `` | +| `fullnameOverride` | Override full name of app | `` | +| `namespaceOverride` | Override namespace of app | `` | +| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | +| `rbac.enabled` | Create rbac service account and roles | `true` | +| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | +| `priorityClassName` | Operator priorityClassName | `{}` | +| `affinity` | Node Affinity | `{}` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `tolerations` | Node Tolerations | `[]` | +| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | +| `podLabels` | Define custom labels for logging-operator pods | `{}` | +| `annotations` | Define annotations for logging-operator pods | `{}` | +| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | +| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | +| `createCustomResource` | Create CRDs. | `true` | +| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | +| `global.seLinux.enabled` | Add seLinuxOptions to Logging resources, requires the [rke2-selinux RPM](https://github.com/rancher/rke2-selinux/releases) | `false` | + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: + +```bash +$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Installing Fluentd and Fluent-bit via logging + +The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. + +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. +## tl;dr: + +```bash +$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com +$ helm repo update +$ helm install banzaicloud-stable/logging-operator-logging +``` + +## Configuration + +The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. + +| Parameter | Description | Default | +| --------------------------------------------------- | ------------------------------------------------------ | ------------------------------ | +| `tls.enabled` | Enabled TLS communication between components | true | +| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | +| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | +| `fluentbit.enabled` | Install fluent-bit | true | +| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | +| `fluentbit.image.tag` | Fluentbit container image tag | `1.7.9` | +| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | +| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | +| `fluentd.enabled` | Install fluentd | true | +| `fluentd.image.tag` | Fluentd container image tag | `v1.12.4-alpine-1` | +| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | +| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | +| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | +| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | +| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | +| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | +| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | +| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | +| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | +| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | +| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/app-readme.md b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/app-readme.md new file mode 100644 index 000000000..3b4d49310 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/app-readme.md @@ -0,0 +1,27 @@ +# Rancher Logging + +This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.5/). + +## Namespace-level logging + +To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. + +## Cluster-level logging + +To collect logs from an entire cluster, users create cluster flows and cluster outputs. + +## CRDs + +- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. +- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. +- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. +- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. + +For more information on how to configure the Helm chart, refer to the Helm README. + +## Systemd Configuration +Some kubernetes distributions log to journald. In order to collect these logs the `systemdLogPath` needs to be defined. While the `/run/log/journal` directory is used by default, some Linux distributions do not default to this path. For example Ubuntu defaults to `/var/log/journal`. To determine your `systemdLogPath` run `cat /etc/systemd/journald.conf | grep -E ^\#?Storage | cut -d"=" -f2` on one of your nodes. If `persistent` is returned your `systemdLogPath` should be `/var/log/journal`. If `volatile` is returned `systemdLogPath` should be `/run/log/journal`. If `auto` is returned check if `/var/log/journal` exists, and if it does then use `/var/log/journal`, otherwise use `/run/log/journal`. + +If any value not described here is returned, Rancher Logging will not be able to collect control plane logs. To address this issue set `Storage=volatile` in journald.conf, reboot your machine, and set `systemdLogPath` to `/run/log/journal`. diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/NOTES.txt b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/_helpers.tpl b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/_helpers.tpl new file mode 100644 index 000000000..f108e8f30 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/_helpers.tpl @@ -0,0 +1,147 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "logging-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "logging-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Provides the namespace the chart will be installed in using the builtin .Release.Namespace, +or, if provided, a manually overwritten namespace value. +*/}} +{{- define "logging-operator.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{ .Values.namespaceOverride -}} +{{- else -}} +{{ .Release.Namespace }} +{{- end -}} +{{- end -}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "logging-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "logging-operator.labels" -}} +app.kubernetes.io/name: {{ include "logging-operator.name" . }} +helm.sh/chart: {{ include "logging-operator.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "windowsEnabled" }} +{{- if not (kindIs "invalid" .Values.global.cattle.windows) }} +{{- if not (kindIs "invalid" .Values.global.cattle.windows.enabled) }} +{{- if .Values.global.cattle.windows.enabled }} +true +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "windowsPathPrefix" -}} +{{- trimSuffix "/" (default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "\\" "/" | replace "//" "/" | replace "c:" "C:") -}} +{{- end -}} + +{{- define "windowsKubernetesFilter" -}} +{{- printf "kubernetes.%s" ((include "windowsPathPrefix" .) | replace ":" "" | replace "/" ".") -}} +{{- end -}} + +{{- define "windowsInputTailMount" -}} +{{- (include "windowsPathPrefix" .) | replace "C:" "" -}} +{{- end -}} + +{{/* +Set the controlplane selector based on kubernetes distribution +*/}} +{{- define "controlplaneSelector" -}} +{{- $master := or .Values.additionalLoggingSources.rke2.enabled .Values.additionalLoggingSources.k3s.enabled -}} +{{- $defaultSelector := $master | ternary (dict "node-role.kubernetes.io/master" "true") (dict "node-role.kubernetes.io/controlplane" "true") -}} +{{ default $defaultSelector .Values.additionalLoggingSources.kubeAudit.nodeSelector | toYaml }} +{{- end -}} + +{{/* +Set kube-audit file path prefix based on distribution +*/}} +{{- define "kubeAuditPathPrefix" -}} +{{- if .Values.additionalLoggingSources.rke.enabled -}} +{{ default "/var/log/kube-audit" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} +{{- else if .Values.additionalLoggingSources.rke2.enabled -}} +{{ default "/var/lib/rancher/rke2/server/logs" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} +{{- else -}} +{{ required "Directory PathPrefix of the kube-audit location is required" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} +{{- end -}} +{{- end -}} + +{{/* +Set kube-audit file name based on distribution +*/}} +{{- define "kubeAuditFilename" -}} +{{- if .Values.additionalLoggingSources.rke.enabled -}} +{{ default "audit-log.json" .Values.additionalLoggingSources.kubeAudit.auditFilename }} +{{- else if .Values.additionalLoggingSources.rke2.enabled -}} +{{ default "audit.log" .Values.additionalLoggingSources.kubeAudit.auditFilename }} +{{- else -}} +{{ required "Filename of the kube-audit log is required" .Values.additionalLoggingSources.kubeAudit.auditFilename }} +{{- end -}} +{{- end -}} + +{{/* +A shared list of custom parsers for the vairous fluentbit pods rancher creates +*/}} +{{- define "logging-operator.parsers" -}} +[PARSER] + Name klog + Format regex + Regex ^(?[IWEF])(?\d{4} \d{2}:\d{2}:\d{2}).\d{6} +?(?\d+) (?.+):(?\d+)] (?.+) + Time_Key timestamp + Time_Format %m%d %T + +[PARSER] + Name rancher + Format regex + Regex ^time="(?.+)" level=(?.+) msg="(?.+)"$ + Time_Key timestamp + Time_Format %FT%H:%M:%S +[PARSER] + Name etcd + Format json + Time_Key timestamp + Time_Format %FT%H:%M:%S.%L +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/clusterrole.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/clusterrole.yaml new file mode 100644 index 000000000..80e1cb5fa --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/clusterrole.yaml @@ -0,0 +1,185 @@ +{{- if .Values.rbac.enabled }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ template "logging-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + - namespaces + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - '*' +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - extensions + - policy + resources: + - podsecuritypolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows + - clusteroutputs + - flows + - loggings + - outputs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - logging.banzaicloud.io + resources: + - clusterflows/status + - clusteroutputs/status + - flows/status + - loggings/status + - outputs/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/clusterrolebinding.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..89d17d094 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "logging-operator.fullname" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "logging-operator.fullname" . }} + + {{- end }} \ No newline at end of file diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/crds.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/crds.yaml new file mode 100644 index 000000000..f573652d0 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/crds.yaml @@ -0,0 +1,6 @@ +{{- if .Values.createCustomResource -}} +{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} +{{ $.Files.Get $path }} +--- +{{- end }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/deployment.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/deployment.yaml new file mode 100644 index 000000000..26d14cca2 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + args: {{ range .Values.extraArgs }} + - {{ . -}} + {{ end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.http.port }} + + {{- if .Values.securityContext }} + securityContext: {{ toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "logging-operator.fullname" . }} + {{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/aks/logging.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/aks/logging.yaml new file mode 100644 index 000000000..658103e43 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/aks/logging.yaml @@ -0,0 +1,89 @@ +{{- if .Values.additionalLoggingSources.aks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-aks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "aks" + Path: "/var/log/azure/kubelet-status.log" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} + {{- end }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/eks/logging.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/eks/logging.yaml new file mode 100644 index 000000000..5714aa092 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/eks/logging.yaml @@ -0,0 +1,90 @@ +{{- if .Values.additionalLoggingSources.eks.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-eks + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "eks" + Path: "/var/log/messages" + Parser: "syslog" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} + {{- end }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/gke/logging.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/gke/logging.yaml new file mode 100644 index 000000000..2266eb207 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/gke/logging.yaml @@ -0,0 +1,89 @@ +{{- if .Values.additionalLoggingSources.gke.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-gke + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "gke" + Path: "/var/log/kube-proxy.log" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} + {{- end }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/configmap.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/configmap.yaml new file mode 100644 index 000000000..96b76ef46 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/configmap.yaml @@ -0,0 +1,57 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd") }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-k3s + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Flush 1 + Grace 5 + Daemon Off + Log_Level info + Coro_Stack_Size 24576 + Parsers_File parsers.conf + + [INPUT] + Name systemd + Tag k3s + Path {{ .Values.systemdLogPath }} + Systemd_Filter _SYSTEMD_UNIT=k3s.service + {{- if .Values.additionalLoggingSources.k3s.stripUnderscores }} + Strip_Underscores On + {{- end }} + Systemd_Filter _SYSTEMD_UNIT=k3s-agent.service + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser klog + Reserve_Data On + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser rancher + Reserve_Data On + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser etcd + Reserve_Data On + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False + parsers.conf: | +{{ include "logging-operator.parsers" . | indent 4 }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/daemonset.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/daemonset.yaml new file mode 100644 index 000000000..6597949c1 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/daemonset.yaml @@ -0,0 +1,110 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd") }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-k3s-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-k3s-journald-aggregator + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/loggings/k3s/configmap.yaml") . | sha256sum }} + name: "{{ .Release.Name }}-k3s-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-k3s-journald-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumeMounts: + - mountPath: /fluent-bit/etc/ + name: config + - mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }} + name: journal + readOnly: true + - mountPath: /etc/machine-id + name: machine-id + readOnly: true + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-k3s-journald-aggregator" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-k3s" + - name: journal + hostPath: + path: {{ .Values.systemdLogPath | default "/var/log/journal" }} + - name: machine-id + hostPath: + path: /etc/machine-id +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-k3s-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-k3s-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-k3s-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-k3s-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-k3s-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-k3s-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-k3s-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/logging-k3s-openrc.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/logging-k3s-openrc.yaml new file mode 100644 index 000000000..311586d49 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -0,0 +1,94 @@ +{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-k3s + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: "k3s" + Path: "/var/log/k3s.log" + Path_Key: filename + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} + {{- end }} + extraVolumeMounts: + - source: "/var/log/" + destination: "/var/log" + readOnly: true + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/kube-audit/logging.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/kube-audit/logging.yaml new file mode 100644 index 000000000..b5cb30091 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/kube-audit/logging.yaml @@ -0,0 +1,98 @@ +{{- if .Values.additionalLoggingSources.kubeAudit.enabled }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }}-kube-audit + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + {{- if .Values.additionalLoggingSources.kubeAudit.loggingRef }} + loggingRef: {{ .Values.additionalLoggingSources.kubeAudit.loggingRef }} + {{- end }} + fluentbit: + disableKubernetesFilter: true + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + inputTail: + Tag: {{ .Values.additionalLoggingSources.kubeAudit.fluentbit.logTag }} + Path: /kube-audit-logs/{{ template "kubeAuditFilename" . }} + Parser: json + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} + {{- end }} + extraVolumeMounts: + - source: {{ template "kubeAuditPathPrefix" . }} + destination: "/kube-audit-logs" + readOnly: true + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (concat (.Values.tolerations) (.Values.additionalLoggingSources.kubeAudit.fluentbit.tolerations)) }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + nodeSelector: + {{- include "controlplaneSelector" . | nindent 6 }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke/configmap.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke/configmap.yaml new file mode 100644 index 000000000..ab91d93e2 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke/configmap.yaml @@ -0,0 +1,29 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} + Parsers_File parsers.conf + + [INPUT] + Tag rke + Name tail + Path_Key filename + Parser docker + DB /tail-db/tail-containers-state.db + Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} + Path /var/lib/rancher/rke/log/*.log + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke/daemonset.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke/daemonset.yaml new file mode 100644 index 000000000..e08ee8559 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke/daemonset.yaml @@ -0,0 +1,122 @@ +{{- if .Values.additionalLoggingSources.rke.enabled }} +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke-aggregator + template: + metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + volumeMounts: + - mountPath: /var/lib/rancher/rke/log/ + name: indir + - mountPath: {{ $containers }} + name: containers + - mountPath: /tail-db + name: positiondb + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: config + subPath: fluent-bit.conf + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumes: + - name: indir + hostPath: + path: /var/lib/rancher/rke/log/ + type: DirectoryOrCreate + - name: containers + hostPath: + path: {{ $containers }} + type: DirectoryOrCreate + - name: positiondb + emptyDir: {} + - name: config + configMap: + name: "{{ .Release.Name }}-rke" + serviceAccountName: "{{ .Release.Name }}-rke-aggregator" + {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} + {{- with $total_tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: {{ $containers }} + readOnly: false + - pathPrefix: /var/lib/rancher/rke/log/ + readOnly: false + - pathPrefix: /var/lib/rancher/logging/ + readOnly: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke2/configmap.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke2/configmap.yaml new file mode 100644 index 000000000..11aef4294 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke2/configmap.yaml @@ -0,0 +1,69 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-rke2 + labels: +{{ include "logging-operator.labels" . | indent 4 }} +data: + fluent-bit.conf: | + [SERVICE] + Flush 1 + Grace 5 + Daemon Off + Log_Level info + Coro_Stack_Size 24576 + Parsers_File parsers.conf + + [INPUT] + Name systemd + Tag rke2 + Path {{ .Values.systemdLogPath }} + Systemd_Filter _SYSTEMD_UNIT=rke2-server.service + Systemd_Filter _SYSTEMD_UNIT=rke2-agent.service + {{- if .Values.additionalLoggingSources.rke2.stripUnderscores }} + Strip_Underscores On + {{- end }} + + [INPUT] + Name tail + Tag rke2 + Path /var/lib/rancher/rke2/agent/logs/kubelet.log + + [FILTER] + Name parser + Match * + Key_Name log + Parser klog + Reserve_Data On + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser klog + Reserve_Data On + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser rancher + Reserve_Data On + + [FILTER] + Name parser + Match * + Key_Name MESSAGE + Parser etcd + Reserve_Data On + + [OUTPUT] + Name forward + Match * + Host {{ .Release.Name }}-fluentd.{{ .Release.Namespace }}.svc + Port 24240 + Retry_Limit False + parsers.conf: | +{{ include "logging-operator.parsers" . | indent 4 }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke2/daemonset.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke2/daemonset.yaml new file mode 100644 index 000000000..b39c45b3e --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/rke2/daemonset.yaml @@ -0,0 +1,116 @@ +{{- if .Values.additionalLoggingSources.rke2.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + selector: + matchLabels: + name: {{ .Release.Name }}-rke2-journald-aggregator + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/loggings/rke2/configmap.yaml") . | sha256sum }} + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" + labels: + name: {{ .Release.Name }}-rke2-journald-aggregator + spec: + containers: + - name: fluentbit + image: "{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}:{{ .Values.images.fluentbit.tag }}" + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + volumeMounts: + - mountPath: /fluent-bit/etc/ + name: config + - mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }} + name: journal + readOnly: true + - mountPath: "/var/lib/rancher/rke2/agent/logs/kubelet.log" + name: kubelet + readOnly: true + - mountPath: /etc/machine-id + name: machine-id + readOnly: true + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" + volumes: + - name: config + configMap: + name: "{{ .Release.Name }}-rke2" + - name: journal + hostPath: + path: {{ .Values.systemdLogPath | default "/var/log/journal" }} + - name: kubelet + hostPath: + path: "/var/lib/rancher/rke2/agent/logs/kubelet.log" + - name: machine-id + hostPath: + path: /etc/machine-id +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +{{- if .Values.global.psp.enabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +rules: + - apiGroups: + - policy + resourceNames: + - "{{ .Release.Name }}-rke2-journald-aggregator" + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "{{ .Release.Name }}-rke2-journald-aggregator" +subjects: + - kind: ServiceAccount + name: "{{ .Release.Name }}-rke2-journald-aggregator" +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: "{{ .Release.Name }}-rke2-journald-aggregator" + namespace: "{{ .Release.Namespace }}" +spec: + allowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + readOnlyRootFilesystem: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - emptyDir + - secret + - hostPath +{{- end }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/root/logging.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/root/logging.yaml new file mode 100644 index 000000000..6ad50783d --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/loggings/root/logging.yaml @@ -0,0 +1,154 @@ +{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} +apiVersion: logging.banzaicloud.io/v1beta1 +kind: Logging +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + controlNamespace: {{ .Release.Namespace }} + {{- if (include "windowsEnabled" .) }} + nodeAgents: + - name: win-agent + profile: windows + nodeAgentFluentbit: + daemonSet: + spec: + template: + spec: + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}" + name: fluent-bit + tls: + enabled: {{ .Values.nodeAgents.tls.enabled | default false }} + {{- if .Values.additionalLoggingSources.rke.enabled }} + - name: win-agent-rke + profile: windows + nodeAgentFluentbit: + filterKubernetes: + Kube_Tag_Prefix: "{{ template "windowsKubernetesFilter" . }}.var.lib.rancher.rke.log." + inputTail: + Path: "{{ template "windowsPathPrefix" . }}/var/lib/rancher/rke/log" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} + {{- end }} + extraVolumeMounts: + - source: "{{ template "windowsInputTailMount" . }}/var/lib/rancher/rke/log" + destination: "{{ template "windowsInputTailMount" . }}/var/lib/rancher/rke/log" + readOnly: true + daemonSet: + spec: + template: + spec: + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}" + name: fluent-bit + tls: + enabled: {{ .Values.nodeAgents.tls.enabled | default false }} + {{- end }} + {{- end }} + fluentbit: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} + tag: {{ .Values.images.fluentbit.tag }} + {{- if or .Values.fluentbit.inputTail.Buffer_Chunk_Size .Values.fluentbit.inputTail.Buffer_Max_Size .Values.fluentbit.inputTail.Mem_Buf_Limit .Values.fluentbit.inputTail.Multiline_Flush .Values.fluentbit.inputTail.Skip_Long_Lines }} + inputTail: + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} + {{- end }} + {{- end }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} + security: + {{- end }} + {{- if .Values.global.psp.enabled }} + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- if .Values.global.seLinux.enabled }} + securityContext: + seLinuxOptions: + type: rke_logreader_t + {{- end }} + {{- if .Values.global.dockerRootDirectory }} + mountPath: {{ $containers }} + extraVolumeMounts: + - source: {{ $containers }} + destination: {{ $containers }} + readOnly: true + {{- end }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + fluentd: + image: + repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} + tag: {{ .Values.images.fluentd.tag }} + configReloaderImage: + repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} + tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} + {{- if .Values.global.psp.enabled }} + security: + podSecurityPolicyCreate: true + roleBasedAccessControlCreate: true + {{- end }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentd.livenessProbe }} + livenessProbe: {{- toYaml . | nindent 6 }} + {{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/psp.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/psp.yaml new file mode 100644 index 000000000..46b2071ef --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/psp.yaml @@ -0,0 +1,34 @@ +{{ if and .Values.rbac.enabled .Values.rbac.psp.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: psp.logging-operator + namespace: {{ include "logging-operator.namespace" . }} + annotations: +{{- if .Values.rbac.psp.annotations }} +{{ toYaml .Values.rbac.psp.annotations | indent 4 }} +{{- end }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + runAsUser: + rule: MustRunAsNonRoot + fsGroup: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + supplementalGroups: + rule: MustRunAs + ranges: + - min: 1 + max: 65535 + seLinux: + rule: RunAsAny + volumes: + - secret + - configMap +{{ end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/service.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/service.yaml new file mode 100644 index 000000000..f419ae2c4 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +spec: + type: ClusterIP + {{- with .Values.http.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + ports: + - port: {{ .Values.http.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "logging-operator.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/serviceMonitor.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/serviceMonitor.yaml new file mode 100644 index 000000000..1bb762cde --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/serviceMonitor.yaml @@ -0,0 +1,30 @@ +{{ if .Values.monitoring.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- with .Values.monitoring.serviceMonitor.additionalLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: +{{ include "logging-operator.labels" . | indent 6 }} + endpoints: + - port: http + path: /metrics + {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.monitoring.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "logging-operator.namespace" . }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/serviceaccount.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..cbb2a94b4 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +{{- if .Values.rbac.enabled }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "logging-operator.fullname" . }} + namespace: {{ include "logging-operator.namespace" . }} + labels: +{{ include "logging-operator.labels" . | indent 4 }} +{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/userroles.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/userroles.yaml new file mode 100644 index 000000000..f4136b09a --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/userroles.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "logging-view" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: + - "logging.banzaicloud.io" + resources: + - flows + - outputs + - clusterflows + - clusteroutputs + verbs: + - get + - list + - watch diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/validate-install-crd.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/validate-install-crd.yaml new file mode 100644 index 000000000..2f95472f6 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/validate-install-crd.yaml @@ -0,0 +1,18 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "logging.banzaicloud.io/v1alpha1/ClusterFlow" false -}} +# {{- set $found "logging.banzaicloud.io/v1alpha1/ClusterOutput" false -}} +# {{- set $found "logging.banzaicloud.io/v1alpha1/Flow" false -}} +# {{- set $found "logging.banzaicloud.io/v1alpha1/Logging" false -}} +# {{- set $found "logging.banzaicloud.io/v1alpha1/Output" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/validate-install.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/validate-install.yaml new file mode 100644 index 000000000..bd624cc4b --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/templates/validate-install.yaml @@ -0,0 +1,5 @@ +#{{- if .Values.global.dockerRootDirectory }} +#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} +#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} +#{{- end }} +#{{- end }} diff --git a/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/values.yaml b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/values.yaml new file mode 100644 index 000000000..f25fb53f9 --- /dev/null +++ b/charts/rancher-logging/rancher-logging/100.0.0+up3.12.0/values.yaml @@ -0,0 +1,211 @@ +# Default values for logging-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: rancher/mirrored-banzaicloud-logging-operator + tag: 3.12.0 + pullPolicy: IfNotPresent + +extraArgs: + - -enable-leader-election=true +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" +namespaceOverride: "" + +## Pod custom labels +## +podLabels: {} + +annotations: {} + +## Deploy CRDs used by Logging Operator. +## +createCustomResource: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: + kubernetes.io/os: linux + +tolerations: + - key: cattle.io/os + operator: "Equal" + value: "linux" + effect: NoSchedule + +affinity: {} + +http: + # http listen port number + port: 8080 + # Service definition for query http service + service: + type: ClusterIP + clusterIP: None + # Annotations to query http service + annotations: {} + # Labels to query http service + labels: {} + +# These "rbac" settings match the upstream defaults. For only using psp in the overlay files, which +# include the default Logging CRs created, see the "global.psp" setting. To enable psp for the entire +# chart, enable both "rbac.psp" and "global.psp" (this may require further changes to the chart). +rbac: + enabled: true + psp: + enabled: true + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + + + +## SecurityContext holds pod-level security attributes and common container settings. +## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} +# runAsNonRoot: true +# runAsUser: 1000 +# fsGroup: 2000 +securityContext: {} +# allowPrivilegeEscalation: false +# readOnlyRootFilesystem: true + # capabilities: + # drop: ["ALL"] + +## Operator priorityClassName +## +priorityClassName: {} + +monitoring: + # Create a Prometheus Operator ServiceMonitor object + serviceMonitor: + enabled: false + additionalLabels: {} + metricRelabelings: [] + relabelings: [] + +disablePvc: true + +systemdLogPath: "/run/log/journal" + +additionalLoggingSources: + rke: + enabled: false + fluentbit: + log_level: "info" + mem_buffer_limit: "5MB" + rke2: + enabled: false + stripUnderscores: false + k3s: + enabled: false + container_engine: "systemd" + stripUnderscores: false + aks: + enabled: false + eks: + enabled: false + gke: + enabled: false + kubeAudit: + auditFilename: "" + enabled: false + pathPrefix: "" + fluentbit: + logTag: kube-audit + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +images: + config_reloader: + repository: rancher/mirrored-jimmidyson-configmap-reload + tag: v0.4.0 + fluentbit: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.7.9 + fluentbit_debug: + repository: rancher/mirrored-fluent-fluent-bit + tag: 1.7.9-debug + fluentd: + repository: rancher/mirrored-banzaicloud-fluentd + tag: v1.12.4-alpine-1 + nodeagent_fluentbit: + os: "windows" + repository: rancher/fluent-bit + tag: 1.7.4 + +# These settings apply to every Logging CR, including vendor Logging CRs enabled in "additionalLoggingSources". +# Changing these affects every Logging CR installed. +nodeAgents: + tls: + enabled: false +fluentd: + bufferStorageVolume: {} + livenessProbe: + tcpSocket: + port: 24240 + initialDelaySeconds: 30 + periodSeconds: 15 + nodeSelector: {} + resources: {} + tolerations: {} +fluentbit: + inputTail: + Buffer_Chunk_Size: "" + Buffer_Max_Size: "" + Mem_Buf_Limit: "" + Multiline_Flush: "" + Skip_Long_Lines: "" + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/etcd + value: "true" + effect: NoExecute + +global: + cattle: + systemDefaultRegistry: "" + # Uncomment the below two lines to either enable or disable Windows logging. If this chart is + # installed via the Rancher UI, it will set this value to "true" if the cluster is a Windows + # cluster. In that scenario, if you would like to disable Windows logging on Windows clusters, + # set the value below to "false". + # windows: + # enabled: true + # Change the "dockerRootDirectory" if the default Docker directory has changed. + dockerRootDirectory: "" + # This psp setting differs from the upstream "rbac.psp" by only enabling psp settings for the + # overlay files, which include the Logging CRs created, whereas the upstream "rbac.psp" affects the + # logging operator. + psp: + enabled: true + rkeWindowsPathPrefix: "c:\\" + seLinux: + enabled: false diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/Chart.yaml new file mode 100644 index 000000000..5b6bdd30a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/release-name: rancher-monitoring-crd +apiVersion: v1 +description: Installs the CRDs for rancher-monitoring. +name: rancher-monitoring-crd +type: application +version: 100.0.0+up16.6.0 diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/README.md b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/README.md new file mode 100644 index 000000000..e0b63e026 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/README.md @@ -0,0 +1,24 @@ +# rancher-monitoring-crd +A Rancher chart that installs the CRDs used by rancher-monitoring. + +## How does this chart work? + +This chart marshalls all of the CRD files placed in the `crd-manifest` directory into a ConfigMap that is installed onto a cluster alongside relevant RBAC (ServiceAccount, ClusterRoleBinding, ClusterRole, and PodSecurityPolicy). + +Once the relevant dependent resourcees are installed / upgraded / rolled back, this chart executes a post-install / post-upgrade / post-rollback Job that: +- Patches any existing versions of the CRDs contained within the `crd-manifest` on the cluster to set `spec.preserveUnknownFields=false`; this step is required since, based on [Kubernetes docs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning) and a [known workaround](https://github.com/kubernetes-sigs/controller-tools/issues/476#issuecomment-691519936), such CRDs cannot be upgraded normally from `apiextensions.k8s.io/v1beta1` to `apiextensions.k8s.io/v1`. +- Runs a `kubectl apply` on the CRDs that are contained within the crd-manifest ConfigMap to upgrade CRDs in the cluster + +On an uninstall, this chart executes a separate post-delete Job that: +- Patches any existing versions of the CRDs contained within `crd-manifest` on the cluster to set `metadata.finalizers=[]` +- Runs a `kubectl delete` on the CRDs that are contained within the crd-manifest ConfigMap to clean up the CRDs from the cluster + +Note: If the relevant CRDs already existed in the cluster at the time of install, this chart will absorb ownership of the lifecycle of those CRDs; therefore, on a `helm uninstall`, those CRDs will also be removed from the cluster alongside this chart. + +## Why can't we just place the CRDs in the templates/ directory of the main chart? + +In Helm today, you cannot declare a CRD and declare a resource of that CRD's kind in templates/ without encountering a failure on render. + +## [Helm 3] Why can't we just place the CRDs in the crds/ directory of the main chart? + +The Helm 3 `crds/` directory only supports the installation of CRDs, but does not support the upgrade and removal of CRDs, unlike what this chart facilitiates. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-alertmanagerconfigs.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-alertmanagerconfigs.yaml new file mode 100644 index 000000000..a6988a7d3 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-alertmanagerconfigs.yaml @@ -0,0 +1,1869 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.48.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: alertmanagerconfigs.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: AlertmanagerConfig + listKind: AlertmanagerConfigList + plural: alertmanagerconfigs + singular: alertmanagerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. + properties: + inhibitRules: + description: List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace. + items: + description: InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule + properties: + equal: + description: Labels that must have an equal value in the source and target alert for the inhibition to take effect. + items: + type: string + type: array + sourceMatch: + description: Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + authSecret: + description: The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to the SMTP server. + type: string + html: + description: The HTML body of the email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + smarthost: + description: The SMTP host through which emails are sent. + type: string + text: + description: The text body of the email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + to: + description: The email address to send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique across all items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + apiKey: + description: The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value pairs that provide further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible values are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible for notifications. + items: + description: OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + source: + description: Backlink to the sender of the notification. + type: string + tags: + description: Comma separated list of tags attached to the notifications. + type: string + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the affected system that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs that provide further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + routingKey: + description: The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + serviceKey: + description: The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: How long your notification will continue to be retried for, unless the user acknowledges the notification. + type: string + html: + description: Whether notification message is HTML or plain text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sound: + description: The name of one of the sounds supported by device clients to override the user's default sound choice + type: string + title: + description: Notification title. + type: string + token: + description: The secret's key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + url: + description: A supplementary URL shown alongside the message. + type: string + urlTitle: + description: A title for supplementary URL, otherwise just the URL is shown + type: string + userKey: + description: The secret's key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that are sent with each notification. + items: + description: SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information. + properties: + confirm: + description: SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + callbackId: + type: string + channel: + description: The channel or user to send notifications to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that are sent with each notification. + items: + description: SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for notification. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the alert (CRITICAL, WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state message is from. + type: string + routingKey: + description: A key used to map the alert to a team. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of the alerted problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + url: + description: The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. + type: string + urlSecret: + description: The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + basicAuth: + description: BasicAuth for the client. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + message: + description: API request data as defined by the WeChat API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. + properties: + continue: + description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. + type: boolean + groupBy: + description: List of labels to group by. + items: + type: string + type: array + groupInterval: + description: How long to wait before sending an updated notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + groupWait: + description: How long to wait before sending the initial notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + matchers: + description: 'List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher.' + items: + description: Matcher defines how to match on alert's labels. + properties: + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression (true). + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + receiver: + description: Name of the receiver for this route. If not empty, it should be listed in the `receivers` field. + type: string + repeatInterval: + description: How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-alertmanagers.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-alertmanagers.yaml new file mode 100644 index 000000000..486ee7ee5 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-alertmanagers.yaml @@ -0,0 +1,3218 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.48.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + singular: alertmanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Alertmanager + jsonPath: .spec.version + name: Version + type: string + - description: The desired replicas number of Alertmanagers + jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertmanagerConfigNamespaceSelector: + description: Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + alertmanagerConfigSelector: + description: AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + baseImage: + description: 'Base image that is used to deploy pods, without tag. Deprecated: use ''image'' instead' + type: string + clusterAdvertiseAddress: + description: 'ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918' + type: string + clusterGossipInterval: + description: Interval between gossip attempts. + type: string + clusterPeerTimeout: + description: Timeout for cluster peering. + type: string + clusterPushpullInterval: + description: Interval between pushpull attempts. + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + items: + type: string + type: array + configSecret: + description: ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. + type: string + containers: + description: 'Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. + type: string + forceEnableClusterMode: + description: ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + portName: + description: Port name used for the pods and governing service. This defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. + type: string + sha: + description: 'SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + type: string + storage: + description: Storage is the definition of how storage will be used by the Alertmanager instances. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: 'Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager cluster. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-podmonitors.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-podmonitors.yaml new file mode 100644 index 000000000..c16e955c9 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-podmonitors.yaml @@ -0,0 +1,358 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.48.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + singular: podmonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery by Prometheus. + properties: + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields and replaces original scrape job name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + targetLimit: + description: TargetLimit defines a limit on the number of scraped targets that will be accepted. + format: int64 + type: integer + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-probes.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-probes.yaml new file mode 100644 index 000000000..4b3f92c6d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-probes.yaml @@ -0,0 +1,344 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.48.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: probes.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Probe + listKind: ProbeList + plural: probes + singular: probe + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Probe defines monitoring for a set of static targets or ingresses. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Ingress selection for target discovery by Prometheus. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + interval: + description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. + type: string + jobName: + description: The job name assigned to scraped metrics by default. + type: string + module: + description: 'The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' + type: string + prober: + description: Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. + properties: + path: + description: Path to collect metrics from. Defaults to `/probe`. + type: string + scheme: + description: HTTP scheme to use for scraping. Defaults to `http`. + type: string + url: + description: Mandatory URL of the prober. + type: string + required: + - url + type: object + scrapeTimeout: + description: Timeout for scraping metrics from the Prometheus exporter. + type: string + targets: + description: Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. + properties: + ingress: + description: Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. + properties: + namespaceSelector: + description: Select Ingress objects by namespace. + properties: + any: + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + selector: + description: Select Ingress objects by labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: object + staticConfig: + description: 'StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' + properties: + labels: + additionalProperties: + type: string + description: Labels assigned to all metrics scraped from the targets. + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + static: + description: Targets is a list of URLs to probe using the configured prober. + items: + type: string + type: array + type: object + type: object + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-prometheuses.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-prometheuses.yaml new file mode 100644 index 000000000..cea3585f6 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-prometheuses.yaml @@ -0,0 +1,4447 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.48.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: prometheuses.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Prometheus + listKind: PrometheusList + plural: prometheuses + singular: prometheus + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Prometheus + jsonPath: .spec.version + name: Version + type: string + - description: The desired replicas number of Prometheuses + jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: Prometheus defines a Prometheus deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalAlertManagerConfigs: + description: 'AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalAlertRelabelConfigs: + description: 'AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alerting: + description: Define details regarding alerting. + properties: + alertmanagers: + description: AlertmanagerEndpoints Prometheus should fire alerts against. + items: + description: AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against. + properties: + apiVersion: + description: Version of the Alertmanager API that Prometheus uses to send alerts. It can be "v1" or "v2". + type: string + bearerTokenFile: + description: BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. + type: string + name: + description: Name of Endpoints object in Namespace. + type: string + namespace: + description: Namespace of Endpoints object. + type: string + pathPrefix: + description: Prefix for the HTTP path alerts are pushed to. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port the Alertmanager API is exposed on. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use when firing alerts. + type: string + timeout: + description: Timeout is a per-target Alertmanager timeout when pushing alerts. + type: string + tlsConfig: + description: TLS Config to use for alertmanager connection. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - name + - namespace + - port + type: object + type: array + required: + - alertmanagers + type: object + allowOverlappingBlocks: + description: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release. + type: boolean + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + basicAuth: + description: BasicAuth allow an endpoint to authenticate over basic authentication + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + baseImage: + description: 'Base image to use for a Prometheus deployment. Deprecated: use ''image'' instead' + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + disableCompaction: + description: Disable prometheus compaction. + type: boolean + enableAdminAPI: + description: 'Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis' + type: boolean + enableFeatures: + description: Enable access to Prometheus disabled features. By default, no features are enabled. Enabling disabled features is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/ + items: + type: string + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. + type: string + enforcedSampleLimit: + description: EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + format: int64 + type: integer + enforcedTargetLimit: + description: EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep overall number of targets under the desired limit. Note that if TargetLimit is higher that value will be taken instead. + format: int64 + type: integer + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. + type: string + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor configs, and they will only discover endpoints within their current namespace. Defaults to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + type: string + logLevel: + description: Log level for Prometheus to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor to true, this overrides honor_labels to false. + type: boolean + overrideHonorTimestamps: + description: OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. + type: boolean + paused: + description: When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are propagated to the prometheus pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + podMonitorNamespaceSelector: + description: Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + podMonitorSelector: + description: '*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + portName: + description: Port name used for the pods and governing service. This defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + probeNamespaceSelector: + description: '*Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + probeSelector: + description: '*Experimental* Probes to be selected for target discovery.' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + prometheusExternalLabelName: + description: Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`""`). + type: string + prometheusRulesExcludedFromEnforce: + description: PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + items: + description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. + properties: + ruleName: + description: RuleNamespace - name of excluded rule + type: string + ruleNamespace: + description: RuleNamespace - namespace of excluded rule + type: string + required: + - ruleName + - ruleNamespace + type: object + type: array + query: + description: QuerySpec defines the query command line flags when starting Prometheus. + properties: + lookbackDelta: + description: The delta difference allowed for retrieving metrics during expression evaluations. + type: string + maxConcurrency: + description: Number of concurrent queries that can be run at once. + format: int32 + type: integer + maxSamples: + description: Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return. + format: int32 + type: integer + timeout: + description: Maximum time a query may take before being aborted. + type: string + type: object + queryLogFile: + description: QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such as `/dev/stdout` to log querie information to the default Prometheus log stream. This is only available in versions of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) + type: string + remoteRead: + description: If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteReadSpec defines the remote_read configuration for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for remote read. + type: string + bearerTokenFile: + description: File to read bearer token for remote read. + type: string + name: + description: The name of the remote read queue, must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. Only valid in Prometheus versions 2.15.0 and newer. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + readRecent: + description: Whether reads should be made for queries for time ranges that the local storage should have complete data for. + type: boolean + remoteTimeout: + description: Timeout for requests to the remote read endpoint. + type: string + requiredMatchers: + additionalProperties: + type: string + description: An optional list of equality matchers which have to be present in a selector to query the remote read endpoint. + type: object + tlsConfig: + description: TLS Config to use for remote read. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - url + type: object + type: array + remoteWrite: + description: If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way. + items: + description: RemoteWriteSpec defines the remote_write configuration for prometheus. + properties: + basicAuth: + description: BasicAuth for the URL. + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerToken: + description: Bearer token for remote write. + type: string + bearerTokenFile: + description: File to read bearer token for remote write. + type: string + headers: + additionalProperties: + type: string + description: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.25.0 and newer. + type: object + metadataConfig: + description: MetadataConfig configures the sending of series metadata to remote storage. + properties: + send: + description: Whether metric metadata is sent to remote storage or not. + type: boolean + sendInterval: + description: How frequently metric metadata is sent to remote storage. + type: string + type: object + name: + description: The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer. + type: string + proxyUrl: + description: Optional ProxyURL + type: string + queueConfig: + description: QueueConfig allows tuning of the remote write queue parameters. + properties: + batchSendDeadline: + description: BatchSendDeadline is the maximum time a sample will wait in buffer. + type: string + capacity: + description: Capacity is the number of samples to buffer per shard before we start dropping them. + type: integer + maxBackoff: + description: MaxBackoff is the maximum retry delay. + type: string + maxRetries: + description: MaxRetries is the maximum number of times to retry a batch on recoverable errors. + type: integer + maxSamplesPerSend: + description: MaxSamplesPerSend is the maximum number of samples per send. + type: integer + maxShards: + description: MaxShards is the maximum number of shards, i.e. amount of concurrency. + type: integer + minBackoff: + description: MinBackoff is the initial retry delay. Gets doubled for every retry. + type: string + minShards: + description: MinShards is the minimum number of shards, i.e. amount of concurrency. + type: integer + type: object + remoteTimeout: + description: Timeout for requests to the remote write endpoint. + type: string + tlsConfig: + description: TLS Config to use for remote write. + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + url: + description: The URL of the endpoint to send samples to. + type: string + writeRelabelConfigs: + description: The list of remote write relabel configurations. + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + required: + - url + type: object + type: array + replicaExternalLabelName: + description: Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`""`). + type: string + replicas: + description: Number of replicas of each shard to deploy for a Prometheus deployment. Number of replicas multiplied by shards is the total number of Pods created. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + type: string + retentionSize: + description: 'Maximum amount of disk space used by blocks. Supported units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`.' + type: string + routePrefix: + description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + ruleSelector: + description: A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + rules: + description: /--rules.*/ command-line arguments. + properties: + alert: + description: /--rules.alert.*/ command-line arguments + properties: + forGracePeriod: + description: Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period. + type: string + forOutageTolerance: + description: Max time to tolerate prometheus outage for restoring 'for' state of alert. + type: string + resendDelay: + description: Minimum amount of time to wait before resending an alert to Alertmanager. + type: string + type: object + type: object + scrapeInterval: + description: Interval between consecutive scrapes. + type: string + scrapeTimeout: + description: Number of seconds to wait for target to respond before erroring. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. + type: string + serviceMonitorNamespaceSelector: + description: Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + serviceMonitorSelector: + description: ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + sha: + description: 'SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + type: string + shards: + description: 'EXPERIMENTAL: Number of shards to distribute targets onto. Number of replicas multiplied by shards is the total number of Pods created. Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. Sharding is done on the content of the `__address__` target meta-label.' + format: int32 + type: integer + storage: + description: Storage spec to specify how storage shall be used. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tag: + description: 'Tag of Prometheus container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + type: string + thanos: + description: "Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. \n This section is experimental, it may change significantly without deprecation notice in any release. \n This is experimental and may change significantly without backward compatibility in any release." + properties: + baseImage: + description: 'Thanos base image if other than default. Deprecated: use ''image'' instead' + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured. + type: string + listenLocal: + description: ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: LogFormat for Thanos sidecar to be configured with. + type: string + logLevel: + description: LogLevel for Thanos sidecar to be configured with. + type: string + minTime: + description: MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. + type: string + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + objectStorageConfigFile: + description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + type: string + resources: + description: Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sha: + description: 'SHA of Thanos container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use ''image'' instead. The image digest can be specified as part of the image URL.' + type: string + tag: + description: 'Tag of Thanos sidecar container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use ''image'' instead. The image tag can be specified as part of the image URL.' + type: string + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + tracingConfigFile: + description: TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence. + type: string + version: + description: Version describes the version of Thanos to use. + type: string + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + description: Version of Prometheus to be deployed. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + walCompression: + description: Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus >= 2.11.0. + type: boolean + web: + description: WebSpec defines the web command line flags when starting Prometheus. + properties: + pageTitle: + description: The prometheus web page title + type: string + type: object + type: object + status: + description: 'Most recent observed status of the Prometheus cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Prometheus deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-prometheusrules.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-prometheusrules.yaml new file mode 100644 index 000000000..1c33519d7 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-prometheusrules.yaml @@ -0,0 +1,90 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.48.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: prometheusrules.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + kind: PrometheusRule + listKind: PrometheusRuleList + plural: prometheusrules + singular: prometheusrule + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PrometheusRule defines recording and alerting rules for a Prometheus instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired alerting rule definitions for Prometheus. + properties: + groups: + description: Content of Prometheus rule file + items: + description: 'RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response' + properties: + interval: + type: string + name: + type: string + partial_response_strategy: + type: string + rules: + items: + description: Rule describes an alerting or recording rule. + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-servicemonitors.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-servicemonitors.yaml new file mode 100644 index 000000000..1c8a4a354 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-servicemonitors.yaml @@ -0,0 +1,375 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.48.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: servicemonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: ServiceMonitor + listKind: ServiceMonitorList + plural: servicemonitors + singular: servicemonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ServiceMonitor defines monitoring for a set of services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Service selection for target discovery by Prometheus. + properties: + endpoints: + description: A list of endpoints allowed as part of this ServiceMonitor. + items: + description: Endpoint defines a scrapeable endpoint serving Prometheus metrics. + properties: + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' + properties: + password: + description: The secret in the service monitor namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + username: + description: The secret in the service monitor namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + bearerTokenFile: + description: File to read bearer token for scraping targets. + type: string + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + honorLabels: + description: HonorLabels chooses the metric's labels on collisions with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. + type: string + port: + description: Name of the service port this endpoint refers to. Mutually exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields and replaces original scrape job name with __tmp_prometheus_job_name. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + description: Action to perform based on regex matching. Default is 'replace' + type: string + modulus: + description: Modulus to take of the hash of the source label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port. + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + jobLabel: + description: The label to use to retrieve the job name from. + type: string + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names. + items: + type: string + type: array + type: object + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Endpoints objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + targetLabels: + description: TargetLabels transfers labels on the Kubernetes Service onto the target. + items: + type: string + type: array + targetLimit: + description: TargetLimit defines a limit on the number of scraped targets that will be accepted. + format: int64 + type: integer + required: + - endpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-thanosrulers.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-thanosrulers.yaml new file mode 100644 index 000000000..9112650dd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/crd-manifest/crd-thanosrulers.yaml @@ -0,0 +1,3342 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.48.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: thanosrulers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: ThanosRuler + listKind: ThanosRulerList + plural: thanosrulers + singular: thanosruler + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ThanosRuler defines a ThanosRuler deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertDropLabels: + description: AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. If `labels` field is not provided, `thanos_ruler_replica` will be dropped in alerts by default. + items: + type: string + type: array + alertQueryUrl: + description: The external Query URL the Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg. + type: string + alertmanagersConfig: + description: Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` arg. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + alertmanagersUrl: + description: 'Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: this field will be ignored if AlertManagersConfig is specified. Maps to the `alertmanagers.url` arg.' + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enforcedNamespaceLabel: + description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. + type: string + evaluationInterval: + description: Interval between consecutive evaluations. + type: string + externalPrefix: + description: The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. + type: string + grpcServerTlsConfig: + description: 'GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the ''--grpc-server-tls-*'' CLI args.' + properties: + ca: + description: Struct containing the CA cert to use for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + caFile: + description: Path to the CA cert in the Prometheus container to use for the targets. + type: string + cert: + description: Struct containing the client cert file for the targets. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + certFile: + description: Path to the client cert file in the Prometheus container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + image: + description: Thanos container image URL. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels configure the external label pairs to ThanosRuler. If not provided, default replica label `thanos_ruler_replica` will be added as a label and be dropped in alerts. + type: object + listenLocal: + description: ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for ThanosRuler to be configured with. + type: string + logLevel: + description: Log level for ThanosRuler to be configured with. + type: string + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + objectStorageConfig: + description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + objectStorageConfigFile: + description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + type: string + paused: + description: When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. + type: boolean + podMetadata: + description: PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + portName: + description: Port name used for the pods and governing service. This defaults to web + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + prometheusRulesExcludedFromEnforce: + description: PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + items: + description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. + properties: + ruleName: + description: RuleNamespace - name of excluded rule + type: string + ruleNamespace: + description: RuleNamespace - namespace of excluded rule + type: string + required: + - ruleName + - ruleNamespace + type: object + type: array + queryConfig: + description: Define configuration for connecting to thanos query instances. If this is defined, the QueryEndpoints field will be ignored. Maps to the `query.config` CLI argument. Only available with thanos v0.11.0 and higher. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + queryEndpoints: + description: QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler. + items: + type: string + type: array + replicas: + description: Number of thanos ruler instances to deploy. + format: int32 + type: integer + resources: + description: Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + retention: + description: Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). + type: string + routePrefix: + description: The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path. + type: string + ruleNamespaceSelector: + description: Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + ruleSelector: + description: A label selector to select which PrometheusRules to mount for alerting and recording. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + securityContext: + description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods. + type: string + storage: + description: Storage spec to specify how storage shall be used. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the Prometheus StatefulSets. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.' + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + resources: + description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + selector: + description: A label query over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: VolumeName is the binding reference to the PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Represents the actual resources of the underlying volume. + type: object + conditions: + description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contails details about state of pvc + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: Phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: object + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. It''s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + tracingConfig: + description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + volumes: + description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, configmaps, and downward API + properties: + defaultMode: + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: information about the configMap data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret data to project + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken data to project + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' + type: string + image: + description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: 'Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. + format: int32 + type: integer + paused: + description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this ThanosRuler deployment. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/_helpers.tpl new file mode 100644 index 000000000..edac2b315 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/_helpers.tpl @@ -0,0 +1,50 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# CRD Installation + +{{- define "crd.established" -}} +{{- if not (regexMatch "^([a-zA-Z]+[.][a-zA-Z]*)+$" .) -}} +{{ required (printf "%s is not a valid CRD" .) "" }} +{{- else -}} +echo "beginning wait for {{ . }} to be established..."; +num_tries=1; +until kubectl get crd {{ . }} -o=jsonpath='{range .status.conditions[*]}{.type}={.status} {end}' | grep -qE 'Established=True'; do + if (( num_tries == 30 )); then + echo "timed out waiting for {{ . }}"; + exit 1; + fi; + num_tries=$(( num_tries + 1 )); + echo "{{ . }} is not established. Sleeping for 2 seconds and trying again..."; + sleep 2; +done; +echo "successfully established {{ . }}"; +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/jobs.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/jobs.yaml new file mode 100644 index 000000000..6167ddbe2 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/jobs.yaml @@ -0,0 +1,135 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-create + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": post-install, post-upgrade, post-rollback + "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed +spec: + template: + metadata: + name: {{ .Chart.Name }}-create + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: false + runAsUser: 0 + initContainers: + - name: set-preserve-unknown-fields-false + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - > + {{- range $path, $_ := (.Files.Glob "crd-manifest/**.yaml") }} + {{- $crd := get (get ($.Files.Get $path | fromYaml) "metadata") "name" }} + if [[ -n "$(kubectl get crd {{ $crd }} -o jsonpath='{.spec.preserveUnknownFields}')" ]]; then + patch='{"spec": {"preserveUnknownFields": false}}'; + if [[ -z "$(kubectl get crd {{ $crd }} -o jsonpath='{.spec.versions[0].schema}')" ]]; then + patch='{"spec": {"preserveUnknownFields": false, "versions": [{"name": "v1", "served": false, "storage": true, "schema": {"openAPIV3Schema": {"description": "placeholder", "type": "object"}}}]}}'; + fi + echo "Applying patch to {{ $crd }}: ${patch}" + if kubectl patch crd {{ $crd }} -p "${patch}" --type="merge"; then + {{- include "crd.established" $crd | nindent 18 }} + fi; + fi; + {{- end }} + containers: + - name: create-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - > + echo "Applying CRDs..."; + kubectl apply -f /etc/config/crd-manifest.yaml; + + echo "Waiting for CRDs to be recognized before finishing installation..."; + + {{- range $path, $_ := (.Files.Glob "crd-manifest/**.yaml") }} + {{- $apiGroup := get (get ($.Files.Get $path | fromYaml) "spec") "group" }} + rm -rf $HOME/.kube/cache/discovery/*/{{ $apiGroup }}; + {{- end }} + + {{- range $path, $_ := (.Files.Glob "crd-manifest/**.yaml") }} + {{- $crd := get (get ($.Files.Get $path | fromYaml) "metadata") "name" }} + {{- include "crd.established" $crd | nindent 12 }} + {{- end }} + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-delete + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed +spec: + template: + metadata: + name: {{ .Chart.Name }}-delete + labels: + app: {{ .Chart.Name }} + spec: + serviceAccountName: {{ .Chart.Name }}-manager + securityContext: + runAsNonRoot: false + runAsUser: 0 + initContainers: + - name: remove-finalizers + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - > + {{- range $path, $_ := (.Files.Glob "crd-manifest/**.yaml") }} + {{- $crd := get (get ($.Files.Get $path | fromYaml) "metadata") "name" }} + if kubectl patch crd {{ $crd }} -p '{"metadata": {"finalizers": []}}'; then + {{- include "crd.established" $crd | nindent 14 }} + fi; + {{- end }} + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + containers: + - name: delete-crds + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - > + kubectl delete -f /etc/config/crd-manifest.yaml + volumeMounts: + - name: crd-manifest + readOnly: true + mountPath: /etc/config + restartPolicy: OnFailure + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + volumes: + - name: crd-manifest + configMap: + name: {{ .Chart.Name }}-manifest diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/manifest.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/manifest.yaml new file mode 100644 index 000000000..31016b6ef --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/manifest.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-manifest + namespace: {{ .Release.Namespace }} +data: + crd-manifest.yaml: | + {{- $currentScope := . -}} + {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}} + {{- range $path, $_ := $crds -}} + {{- with $currentScope -}} + {{ .Files.Get $path | nindent 4 }} + --- + {{- end -}}{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/rbac.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/rbac.yaml new file mode 100644 index 000000000..1c07c7dd0 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: ['create', 'get', 'patch', 'delete'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-manager + labels: + app: {{ .Chart.Name }}-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-manager +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-manager + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-manager +spec: + privileged: false + allowPrivilegeEscalation: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'configMap' + - 'secret' diff --git a/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/values.yaml b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/values.yaml new file mode 100644 index 000000000..129d13914 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring-crd/100.0.0+up16.6.0/values.yaml @@ -0,0 +1,11 @@ +# Default values for rancher-monitoring-crd. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/shell + tag: v0.1.8 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/.helmignore new file mode 100644 index 000000000..93bf1ec02 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# helm/charts +OWNERS +hack/ +ci/ +kube-prometheus-*.tgz diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/CHANGELOG.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/CHANGELOG.md new file mode 100644 index 000000000..8178169b9 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/CHANGELOG.md @@ -0,0 +1,47 @@ +# Changelog +All notable changes from the upstream Prometheus Operator chart will be added to this file. + +## [Package Version 00] - 2020-07-19 +### Added +- Added [Prometheus Adapter](https://github.com/helm/charts/tree/master/stable/prometheus-adapter) as a dependency to the upstream Prometheus Operator chart to allow users to expose custom metrics from the default Prometheus instance deployed by this chart +- Remove `prometheus-operator/cleanup-crds.yaml` and `prometheus-operator/crds.yaml` from the Prometheus Operator upstream chart in favor of just using the CRD directory to install the CRDs. +- Added support for `rkeControllerManager`, `rkeScheduler`, `rkeProxy`, and `rkeEtcd` PushProx exporters for monitoring k8s components within RKE clusters +- Added support for a `k3sServer` PushProx exporter that monitors k3s server components (`kubeControllerManager`, `kubeScheduler`, and `kubeProxy`) within k3s clusters +- Added support for `kubeAdmControllerManager`, `kubeAdmScheduler`, `kubeAdmProxy`, and `kubeAdmEtcd` PushProx exporters for monitoring k8s components within kubeAdm clusters +- Added support for `rke2ControllerManager`, `rke2Scheduler`, `rke2Proxy`, and `rke2Etcd` PushProx exporters for monitoring k8s components within rke2 clusters +- Exposed `prometheus.prometheusSpec.ignoreNamespaceSelectors` on values.yaml and set it to `false` by default. This value instructs the default Prometheus server deployed with this chart to ignore the `namespaceSelector` field within any created ServiceMonitor or PodMonitor CRs that it selects. This prevents ServiceMonitors and PodMonitors from configuring the Prometheus scrape configuration to monitor resources outside the namespace that they are deployed in; if a user needs to have one ServiceMonitor / PodMonitor monitor resources within several namespaces (such as the resources that are used to monitor Istio in a default installation), they should not enable this option since it would require them to create one ServiceMonitor / PodMonitor CR per namespace that they would like to monitor. Relevant fields were also updated in the default README.md. +- Added `grafana.sidecar.dashboards.searchNamespace` to `values.yaml` with a default value of `cattle-dashboards`. The namespace provided should contain all ConfigMaps with the label `grafana_dashboard` and will be searched by the Grafana Dashboards sidecar for updates. The namespace specified is also created along with this deployment. All default dashboard ConfigMaps have been relocated from the deployment namespace to the namespace specified +- Added `monitoring-admin`, `monitoring-edit`, and `monitoring-view` default `ClusterRoles` to allow admins to assign roles to users to interact with Prometheus Operator CRs. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to use a `ClusterRoleBinding` to bind these roles to a Subject to allow them to set up or view `ServiceMonitors` / `PodMonitors` / `PrometheusRules` and view `Prometheus` or `Alertmanager` CRs across the cluster. If `.Values.global.rbac.userRoles.aggregateRolesForRBAC` is enabled, these ClusterRoles will aggregate into the respective default ClusterRoles provided by Kubernetes +- Added `monitoring-config-admin`, `monitoring-config-edit` and `monitoring-config-view` default `Roles` to allow admins to assign roles to users to be able to edit / view `Secrets` and `ConfigMaps` within the `cattle-monitoring-system` namespace. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`). In a typical RBAC setup, you might want to use a `RoleBinding` to bind these roles to a Subject within the `cattle-monitoring-system` namespace to allow them to modify Secrets / ConfigMaps tied to the deployment, such as your Alertmanager Config Secret. +- Added `monitoring-dashboard-admin`, `monitoring-dashboard-edit` and `monitoring-dashboard-view` default `Roles` to allow admins to assign roles to users to be able to edit / view `ConfigMaps` within the `cattle-dashboards` namespace. These can be enabled by setting `.Values.global.rbac.userRoles.create` (default: `true`) and deploying Grafana as part of this chart. In a typical RBAC setup, you might want to use a `RoleBinding` to bind these roles to a Subject within the `cattle-dashboards` namespace to allow them to create / modify ConfigMaps that contain the JSON used to persist Grafana Dashboards on the cluster. +- Added default resource limits for `Prometheus Operator`, `Prometheus`, `AlertManager`, `Grafana`, `kube-state-metrics`, `node-exporter` +- Added a default template `rancher_defaults.tmpl` to AlertManager that Rancher will offer to users in order to help configure the way alerts are rendered on a notifier. Also updated the default template deployed with this chart to reference that template and added an example of a Slack config using this template as a comment in the `values.yaml`. +- Added support for private registries via introducing a new field for `global.cattle.systemDefaultRegistry` that, if supplied, will automatically be prepended onto every image used by the chart. +- Added a default `nginx` proxy container deployed with Grafana whose config is set in the `ConfigMap` located in `charts/grafana/templates/nginx-config.yaml`. The purpose of this container is to make it possible to view Grafana's UI through a proxy that has a subpath (e.g. Rancher's proxy). This proxy container is set to listen on port `8080` (with a `portName` of `nginx-http` instead of the default `service`), which is also where the Grafana service will now point to, and will forward all requests to the Grafana container listening on the default port `3000`. +- Added a default `nginx` proxy container deployed with Prometheus whose config is set in the `ConfigMap` located in `templates/prometheus/nginx-config.yaml`. The purpose of this container is to make it possible to view Prometheus's UI through a proxy that has a subpath (e.g. Rancher's proxy). This proxy container is set to listen on port `8081` (with a `portName` of `nginx-http` instead of the default `web`), which is also where the Prometheus service will now point to, and will forward all requests to the Prometheus container listening on the default port `9090`. +- Added support for passing CIS Scans in a hardened cluster by introducing a Job that patches the default service account within the `cattle-monitoring-system` and `cattle-dashboards` namespaces on install or upgrade and adding a default allow all `NetworkPolicy` to the `cattle-monitoring-system` and `cattle-dashboards` namespaces. +### Modified +- Updated the chart name from `prometheus-operator` to `rancher-monitoring` and added the `io.rancher.certified: rancher` annotation to `Chart.yaml` +- Modified the default `node-exporter` port from `9100` to `9796` +- Modified the default `nameOverride` to `rancher-monitoring`. This change is necessary as the Prometheus Adapter's default URL (`http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc`) is based off of the value used here; if modified, the default Adapter URL must also be modified +- Modified the default `namespaceOverride` to `cattle-monitoring-system`. This change is necessary as the Prometheus Adapter's default URL (`http://{{ .Values.nameOverride }}-prometheus.{{ .Values.namespaceOverride }}.svc`) is based off of the value used here; if modified, the default Adapter URL must also be modified +- Configured some default values for `grafana.service` values and exposed them in the default README.md +- The default namespaces the following ServiceMonitors were changed from the deployment namespace to allow them to continue to monitor metrics when `prometheus.prometheusSpec.ignoreNamespaceSelectors` is enabled: + - `core-dns`: `kube-system` + - `api-server`: `default` + - `kube-controller-manager`: `kube-system` + - `kubelet`: `{{ .Values.kubelet.namespace }}` +- Disabled the following deployments by default (can be enabled if required): + - `AlertManager` + - `kube-controller-manager` metrics exporter + - `kube-etcd` metrics exporter + - `kube-scheduler` metrics exporter + - `kube-proxy` metrics exporter +- Updated default Grafana `deploymentStrategy` to `Recreate` to prevent deployments from being stuck on upgrade if a PV is attached to Grafana +- Modified the default `SelectorNilUsesHelmValues` to default to `false`. As a result, we look for all CRs with any labels in all namespaces by default rather than just the ones tagged with the label `release: rancher-monitoring`. +- Modified the default images used by the `rancher-monitoring` chart to point to Rancher mirrors of the original images from upstream. +- Modified the behavior of the chart to create the Alertmanager Config Secret via a pre-install hook instead of using the normal Helm lifecycle to manage the secret. The benefit of this approach is that all changes to the Config Secret done on a live cluster will never get overridden on a `helm upgrade` since the secret only gets created on a `helm install`. If you would like the secret to be cleaned up on an `helm uninstall`, enable `alertmanager.cleanupOnUninstall`; however, this is disabled by default to prevent the loss of alerting configuration on an uninstall. This secret will never be modified on a `helm upgrade`. +- Modified the default `securityContext` for `Pod` templates across the chart to `{"runAsNonRoot": "true", "runAsUser": "1000"}` and replaced `grafana.rbac.pspUseAppArmor` in favor of `grafana.rbac.pspAnnotations={}` in order to make it possible to deploy this chart on a hardened cluster which does not support Seccomp or AppArmor annotations in PSPs. Users can always choose to specify the annotations they want to use for the PSP directly as part of the values provided. +- Modified `.Values.prometheus.prometheusSpec.containers` to take in a string representing a template that should be rendered by Helm (via `tpl`) instead of allowing a user to provide YAML directly. +- Modified the default Grafana configuration to auto assign users who access Grafana to the Viewer role and enable anonymous access to Grafana dashboards by default. This default works well for a Rancher user who is accessing Grafana via the `kubectl proxy` on the Rancher Dashboard UI since anonymous users who enter via the proxy are authenticated by the k8s API Server, but you can / should modify this behavior if you plan on exposing Grafana in a way that does not require authentication (e.g. as a `NodePort` service). +- Modified the default Grafana configuration to add a default dashboard for Rancher on the Grafana home page. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/CONTRIBUTING.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/CONTRIBUTING.md new file mode 100644 index 000000000..f6ce2a323 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/CONTRIBUTING.md @@ -0,0 +1,12 @@ +# Contributing Guidelines + +## How to contribute to this chart + +1. Fork this repository, develop and test your Chart. +1. Bump the chart version for every change. +1. Ensure PR title has the prefix `[kube-prometheus-stack]` +1. When making changes to rules or dashboards, see the README.md section on how to sync data from upstream repositories +1. Check the `hack/minikube` folder has scripts to set up minikube and components of this chart that will allow all components to be scraped. You can use this configuration when validating your changes. +1. Check for changes of RBAC rules. +1. Check for changes in CRD specs. +1. PR must pass the linter (`helm lint`) diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/Chart.yaml new file mode 100644 index 000000000..0278b88e3 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/Chart.yaml @@ -0,0 +1,116 @@ +annotations: + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/prometheus-community/helm-charts + - name: Upstream Project + url: https://github.com/prometheus-operator/kube-prometheus + artifacthub.io/operator: "true" + catalog.cattle.io/auto-install: rancher-monitoring-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Monitoring + catalog.cattle.io/namespace: cattle-monitoring-system + catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 + catalog.cattle.io/release-name: rancher-monitoring + catalog.cattle.io/requests-cpu: 4500m + catalog.cattle.io/requests-memory: 4000Mi + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: monitoring +apiVersion: v2 +appVersion: 0.48.0 +dependencies: +- condition: grafana.enabled + name: grafana + repository: file://./charts/grafana +- condition: hardenedKubelet.enabled + name: hardenedKubelet + repository: file://./charts/hardenedKubelet +- condition: hardenedNodeExporter.enabled + name: hardenedNodeExporter + repository: file://./charts/hardenedNodeExporter +- condition: k3sServer.enabled + name: k3sServer + repository: file://./charts/k3sServer +- condition: kubeStateMetrics.enabled + name: kube-state-metrics + repository: file://./charts/kube-state-metrics +- condition: kubeAdmControllerManager.enabled + name: kubeAdmControllerManager + repository: file://./charts/kubeAdmControllerManager +- condition: kubeAdmEtcd.enabled + name: kubeAdmEtcd + repository: file://./charts/kubeAdmEtcd +- condition: kubeAdmProxy.enabled + name: kubeAdmProxy + repository: file://./charts/kubeAdmProxy +- condition: kubeAdmScheduler.enabled + name: kubeAdmScheduler + repository: file://./charts/kubeAdmScheduler +- condition: prometheus-adapter.enabled + name: prometheus-adapter + repository: file://./charts/prometheus-adapter +- condition: nodeExporter.enabled + name: prometheus-node-exporter + repository: file://./charts/prometheus-node-exporter +- condition: rke2ControllerManager.enabled + name: rke2ControllerManager + repository: file://./charts/rke2ControllerManager +- condition: rke2Etcd.enabled + name: rke2Etcd + repository: file://./charts/rke2Etcd +- condition: rke2IngressNginx.enabled + name: rke2IngressNginx + repository: file://./charts/rke2IngressNginx +- condition: rke2Proxy.enabled + name: rke2Proxy + repository: file://./charts/rke2Proxy +- condition: rke2Scheduler.enabled + name: rke2Scheduler + repository: file://./charts/rke2Scheduler +- condition: rkeControllerManager.enabled + name: rkeControllerManager + repository: file://./charts/rkeControllerManager +- condition: rkeEtcd.enabled + name: rkeEtcd + repository: file://./charts/rkeEtcd +- condition: rkeIngressNginx.enabled + name: rkeIngressNginx + repository: file://./charts/rkeIngressNginx +- condition: rkeProxy.enabled + name: rkeProxy + repository: file://./charts/rkeProxy +- condition: rkeScheduler.enabled + name: rkeScheduler + repository: file://./charts/rkeScheduler +- condition: global.cattle.windows.enabled + name: windowsExporter + repository: file://./charts/windowsExporter +description: Collects several related Helm charts, Grafana dashboards, and Prometheus + rules combined with documentation and scripts to provide easy to operate end-to-end + Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. +home: https://github.com/prometheus-operator/kube-prometheus +icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png +keywords: +- operator +- prometheus +- kube-prometheus +- monitoring +kubeVersion: '>=1.16.0-0' +maintainers: +- name: vsliouniaev +- name: bismarck +- email: gianrubio@gmail.com + name: gianrubio +- email: github.gkarthiks@gmail.com + name: gkarthiks +- email: scott@r6by.com + name: scottrigby +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: arvind.iyengar@suse.com + name: Arvind +name: rancher-monitoring +sources: +- https://github.com/prometheus-community/helm-charts +- https://github.com/prometheus-operator/kube-prometheus +type: application +version: 100.0.0+up16.6.0 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/README.md new file mode 100644 index 000000000..d1f5883d4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/README.md @@ -0,0 +1,475 @@ +# kube-prometheus-stack + +Installs the [kube-prometheus stack](https://github.com/prometheus-operator/kube-prometheus), a collection of Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). + +See the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) README for details about components, dashboards, and alerts. + +_Note: This chart was formerly named `prometheus-operator` chart, now renamed to more clearly reflect that it installs the `kube-prometheus` project stack, within which Prometheus Operator is only one component._ + +## Prerequisites + +- Kubernetes 1.16+ +- Helm 3+ + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm +$ helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Dependencies + +By default this chart installs additional, dependent charts: + +- [prometheus-community/kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) +- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter) +- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana) + +To disable dependencies during installation, see [multiple releases](#multiple-releases) below. + +_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ + +## Uninstall Chart + +```console +# Helm +$ helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +CRDs created by this chart are not removed by default and should be manually cleaned up: + +```console +kubectl delete crd alertmanagerconfigs.monitoring.coreos.com +kubectl delete crd alertmanagers.monitoring.coreos.com +kubectl delete crd podmonitors.monitoring.coreos.com +kubectl delete crd probes.monitoring.coreos.com +kubectl delete crd prometheuses.monitoring.coreos.com +kubectl delete crd prometheusrules.monitoring.coreos.com +kubectl delete crd servicemonitors.monitoring.coreos.com +kubectl delete crd thanosrulers.monitoring.coreos.com +``` + +## Upgrading Chart + +```console +# Helm +$ helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack +``` + +With Helm v3, CRDs created by this chart are not updated by default and should be manually updated. +Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. + +### From 15.x to 16.x +Version 16 upgrades kube-state-metrics to v2.0.0. This includes changed command-line arguments and removed metrics, see this [blog post](https://kubernetes.io/blog/2021/04/13/kube-state-metrics-v-2-0/). This version also removes Grafana dashboards that supported Kubernetes 1.14 or earlier. + +### From 14.x to 15.x +Version 15 upgrades prometheus-operator from 0.46.x to 0.47.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 13.x to 14.x + +Version 14 upgrades prometheus-operator from 0.45.x to 0.46.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + +### From 12.x to 13.x + +Version 13 upgrades prometheus-operator from 0.44.x to 0.45.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +``` + +### From 11.x to 12.x + +Version 12 upgrades prometheus-operator from 0.43.x to 0.44.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.44/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +``` + +The chart was migrated to support only helm v3 and later. + +### From 10.x to 11.x + +Version 11 upgrades prometheus-operator from 0.42.x to 0.43.x. Starting with 0.43.x an additional `AlertmanagerConfigs` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.43/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +``` + +Version 11 removes the deprecated tlsProxy via ghostunnel in favor of native TLS support the prometheus-operator gained with v0.39.0. + +### From 9.x to 10.x + +Version 10 upgrades prometheus-operator from 0.38.x to 0.42.x. Starting with 0.40.x an additional `Probes` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: + +```console +kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.42/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +``` + +### From 8.x to 9.x + +Version 9 of the helm chart removes the existing `additionalScrapeConfigsExternal` in favour of `additionalScrapeConfigsSecret`. This change lets users specify the secret name and secret key to use for the additional scrape configuration of prometheus. This is useful for users that have prometheus-operator as a subchart and also have a template that creates the additional scrape configuration. + +### From 7.x to 8.x + +Due to new template functions being used in the rules in version 8.x.x of the chart, an upgrade to Prometheus Operator and Prometheus is necessary in order to support them. First, upgrade to the latest version of 7.x.x + +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version 7.5.0 +``` + +Then upgrade to 8.x.x + +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version [8.x.x] +``` + +Minimal recommended Prometheus version for this chart release is `2.12.x` + +### From 6.x to 7.x + +Due to a change in grafana subchart, version 7.x.x now requires Helm >= 2.12.0. + +### From 5.x to 6.x + +Due to a change in deployment labels of kube-state-metrics, the upgrade requires `helm upgrade --force` in order to re-create the deployment. If this is not done an error will occur indicating that the deployment cannot be modified: + +```console +invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable +``` + +If this error has already been encountered, a `helm history` command can be used to determine which release has worked, then `helm rollback` to the release, then `helm upgrade --force` to this new one + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values prometheus-community/kube-prometheus-stack +``` + +You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options. + +### Rancher Monitoring Configuration + +The following table shows values exposed by Rancher Monitoring's additions to the chart: + +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `nameOverride` | Provide a name that should be used instead of the chart name when naming all resources deployed by this chart |`"rancher-monitoring"`| +| `namespaceOverride` | Override the deployment namespace | `"cattle-monitoring-system"` | +| `global.rbac.userRoles.create` | Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets | `true` | +| `global.rbac.userRoles.aggregateToDefaultRoles` | Aggregate default user ClusterRoles into default k8s ClusterRoles | `true` | +| `prometheus-adapter.enabled` | Whether to install [prometheus-adapter](https://github.com/helm/charts/tree/master/stable/prometheus-adapter) within the cluster | `true` | +| `prometheus-adapter.prometheus.url` | A URL pointing to the Prometheus deployment within your cluster. The default value is set based on the assumption that you plan to deploy the default Prometheus instance from this chart where `.Values.namespaceOverride=cattle-monitoring-system` and `.Values.nameOverride=rancher-monitoring` | `http://rancher-monitoring-prometheus.cattle-monitoring-system.svc` | +| `prometheus-adapter.prometheus.port` | The port on the Prometheus deployment that Prometheus Adapter can make requests to | `9090` | +| `prometheus.prometheusSpec.ignoreNamespaceSelectors` | Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs. If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into | `false` | + +The following values are enabled for different distributions via [rancher-pushprox](https://github.com/rancher/dev-charts/tree/master/packages/rancher-pushprox). See the rancher-pushprox `README.md` for more information on what all values can be configured for the PushProxy chart. + +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `rkeControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in RKE clusters | `false` | +| `rkeScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in RKE clusters | `false` | +| `rkeProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in RKE clusters | `false` | +| `rkeIngressNginx.enabled` | Create a PushProx installation for monitoring ingress-nginx metrics in RKE clusters | `false` | +| `rkeEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in RKE clusters | `false` | +| `rke2IngressNginx.enabled` | Create a PushProx installation for monitoring ingress-nginx metrics in RKE2 clusters | `false` | +| `k3sServer.enabled` | Create a PushProx installation for monitoring k3s-server metrics (accounts for kube-controller-manager, kube-scheduler, and kube-proxy metrics) in k3s clusters | `false` | +| `kubeAdmControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in kubeAdm clusters | `false` | +| `kubeAdmScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in kubeAdm clusters | `false` | +| `kubeAdmProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in kubeAdm clusters | `false` | +| `kubeAdmEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in kubeAdm clusters | `false` | + + +### Multiple releases + +The same chart can be used to run multiple Prometheus instances in the same cluster if required. To achieve this, it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration, while all other components need to be disabled. To disable a dependency during installation, set `kubeStateMetrics.enabled`, `nodeExporter.enabled` and `grafana.enabled` to `false`. + +## Work-Arounds for Known Issues + +### Running on private GKE clusters + +When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod. + +You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) + +Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`. + +## PrometheusRules Admission Webhooks + +With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent malformed rules from being added to the cluster. + +### How the Chart Configures the Hooks + +A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. + +1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end-user certificates. If the certificate already exists, the hook exits. +2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate. +3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set. +4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations + +### Alternatives + +It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested. + +You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `prometheusOperator.admissionWebhooks.certManager.enabled` value to true. + +### Limitations + +Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default. + +## Developing Prometheus Rules and Grafana Dashboards + +This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repo](https://github.com/prometheus-operator/kube-prometheus/blob/master/docs/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. + +## Further Information + +For more in-depth documentation of configuration options meanings, please see + +- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) +- [Prometheus](https://prometheus.io/docs/introduction/overview/) +- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart) + +## prometheus.io/scrape + +The prometheus operator does not support annotation-based discovery of services, using the `PodMonitor` or `ServiceMonitor` CRD in its place as they provide far more configuration options. +For information on how to use PodMonitors/ServiceMonitors, please see the documentation on the `prometheus-operator/prometheus-operator` documentation here: + +- [ServiceMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#include-servicemonitors) +- [PodMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md#include-podmonitors) +- [Running Exporters](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/running-exporters.md) + +By default, Prometheus discovers PodMonitors and ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release. +Sometimes, you may need to discover custom PodMonitors/ServiceMonitors, for example used to scrape data from third-party applications. +An easy way of doing this, without compromising the default PodMonitors/ServiceMonitors discovery, is allowing Prometheus to discover all PodMonitors/ServiceMonitors within its namespace, without applying label filtering. +To do so, you can set `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` and `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`. + +## Migrating from stable/prometheus-operator chart + +## Zero downtime + +Since `kube-prometheus-stack` is fully compatible with the `stable/prometheus-operator` chart, a migration without downtime can be achieved. +However, the old name prefix needs to be kept. If you want the new name please follow the step by step guide below (with downtime). + +You can override the name to achieve this: + +```console +helm upgrade prometheus-operator prometheus-community/kube-prometheus-stack -n monitoring --reuse-values --set nameOverride=prometheus-operator +``` + +**Note**: It is recommended to run this first with `--dry-run --debug`. + +## Redeploy with new name (downtime) + +If the **prometheus-operator** values are compatible with the new **kube-prometheus-stack** chart, please follow the below steps for migration: + +> The guide presumes that chart is deployed in `monitoring` namespace and the deployments are running there. If in other namespace, please replace the `monitoring` to the deployed namespace. + +1. Patch the PersistenceVolume created/used by the prometheus-operator chart to `Retain` claim policy: + + ```console + kubectl patch pv/ -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' + ``` + + **Note:** To execute the above command, the user must have a cluster wide permission. Please refer [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) + +2. Uninstall the **prometheus-operator** release and delete the existing PersistentVolumeClaim, and verify PV become Released. + + ```console + helm uninstall prometheus-operator -n monitoring + kubectl delete pvc/ -n monitoring + ``` + + Additionally, you have to manually remove the remaining `prometheus-operator-kubelet` service. + + ```console + kubectl delete service/prometheus-operator-kubelet -n kube-system + ``` + + You can choose to remove all your existing CRDs (ServiceMonitors, Podmonitors, etc.) if you want to. + +3. Remove current `spec.claimRef` values to change the PV's status from Released to Available. + + ```console + kubectl patch pv/ --type json -p='[{"op": "remove", "path": "/spec/claimRef"}]' -n monitoring + ``` + +**Note:** To execute the above command, the user must have a cluster wide permission. Please refer to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) + +After these steps, proceed to a fresh **kube-prometheus-stack** installation and make sure the current release of **kube-prometheus-stack** matching the `volumeClaimTemplate` values in the `values.yaml`. + +The binding is done via matching a specific amount of storage requested and with certain access modes. + +For example, if you had storage specified as this with **prometheus-operator**: + +```yaml +volumeClaimTemplate: + spec: + storageClassName: gp2 + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 50Gi +``` + +You have to specify matching `volumeClaimTemplate` with 50Gi storage and `ReadWriteOnce` access mode. + +Additionally, you should check the current AZ of your legacy installation's PV, and configure the fresh release to use the same AZ as the old one. If the pods are in a different AZ than the PV, the release will fail to bind the existing one, hence creating a new PV. + +This can be achieved either by specifying the labels through `values.yaml`, e.g. setting `prometheus.prometheusSpec.nodeSelector` to: + +```yaml +nodeSelector: + failure-domain.beta.kubernetes.io/zone: east-west-1a +``` + +or passing these values as `--set` overrides during installation. + +The new release should now re-attach your previously released PV with its content. + +## Migrating from coreos/prometheus-operator chart + +The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster. + +There is no simple and direct migration path between the charts as the changes are extensive and intended to make the chart easier to support. + +The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy. + +You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765). + +### High-level overview of Changes + +#### Added dependencies + +The chart has added 3 [dependencies](#dependencies). + +- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components +- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md) + +#### Kubelet Service + +Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice. + +#### Persistent Volumes + +If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created: + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pvc-prometheus-migration-prometheus-0 +spec: + accessModes: + - ReadWriteOnce + azureDisk: + cachingMode: None + diskName: pvc-prometheus-migration-prometheus-0 + diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0 + fsType: "" + kind: Managed + readOnly: false + capacity: + storage: 1Gi + persistentVolumeReclaimPolicy: Delete + storageClassName: prometheus + volumeMode: Filesystem +``` + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/name: prometheus + prometheus: prometheus-migration-prometheus + name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0 + namespace: monitoring +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: prometheus + volumeMode: Filesystem + volumeName: pvc-prometheus-migration-prometheus-0 +``` + +The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used. + +#### KubeProxy + +The metrics bind address of kube-proxy is default to `127.0.0.1:10249` that prometheus instances **cannot** access to. You should expose metrics by changing `metricsBindAddress` field value to `0.0.0.0:10249` if you want to collect them. + +Depending on the cluster, the relevant part `config.conf` will be in ConfigMap `kube-system/kube-proxy` or `kube-system/kube-proxy-config`. For example: + +```console +kubectl -n kube-system edit cm kube-proxy +``` + +```yaml +apiVersion: v1 +data: + config.conf: |- + apiVersion: kubeproxy.config.k8s.io/v1alpha1 + kind: KubeProxyConfiguration + # ... + # metricsBindAddress: 127.0.0.1:10249 + metricsBindAddress: 0.0.0.0:10249 + # ... + kubeconfig.conf: |- + # ... +kind: ConfigMap +metadata: + labels: + app: kube-proxy + name: kube-proxy + namespace: kube-system +``` diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/app-README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/app-README.md new file mode 100644 index 000000000..af77e04ec --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/app-README.md @@ -0,0 +1,15 @@ +# Rancher Monitoring and Alerting + + This chart is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) chart. The chart deploys [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) and its CRDs along with [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana), [Prometheus Adapter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter) and additional charts / Kubernetes manifests to gather metrics. It allows users to monitor their Kubernetes clusters, view metrics in Grafana dashboards, and set up alerts and notifications. + +For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/). + +The chart installs the following components: + +- [Prometheus Operator](https://github.com/coreos/prometheus-operator) - The operator provides easy monitoring definitions for Kubernetes services, manages [Prometheus](https://prometheus.io/) and [AlertManager](https://prometheus.io/docs/alerting/latest/alertmanager/) instances, and adds default scrape targets for some Kubernetes components. +- [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/) - A collection of community-curated Kubernetes manifests, Grafana Dashboards, and PrometheusRules that deploy a default end-to-end cluster monitoring configuration. +- [Grafana](https://github.com/helm/charts/tree/master/stable/grafana) - Grafana allows a user to create / view dashboards based on the cluster metrics collected by Prometheus. +- [node-exporter](https://github.com/helm/charts/tree/master/stable/prometheus-node-exporter) / [kube-state-metrics](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) / [rancher-pushprox](https://github.com/rancher/charts/tree/dev-v2.5/packages/rancher-pushprox/charts) - These charts monitor various Kubernetes components across different Kubernetes cluster types. +- [Prometheus Adapter](https://github.com/helm/charts/tree/master/stable/prometheus-adapter) - The adapter allows a user to expose custom metrics, resource metrics, and external metrics on the default [Prometheus](https://prometheus.io/) instance to the Kubernetes API Server. + +For more information, review the Helm README of this chart. diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/.helmignore new file mode 100644 index 000000000..8cade1318 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.vscode +.project +.idea/ +*.tmproj +OWNERS diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/Chart.yaml new file mode 100644 index 000000000..77df89c48 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/Chart.yaml @@ -0,0 +1,28 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-grafana +apiVersion: v2 +appVersion: 7.5.8 +description: The leading tool for querying and visualizing time series and metrics. +home: https://grafana.net +icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png +kubeVersion: ^1.8.0-0 +maintainers: +- email: zanhsieh@gmail.com + name: zanhsieh +- email: rluckie@cisco.com + name: rtluckie +- email: maor.friedman@redhat.com + name: maorfr +- email: miroslav.hadzhiev@gmail.com + name: Xtigyro +- email: mail@torstenwalter.de + name: torstenwalter +name: grafana +sources: +- https://github.com/grafana/grafana +type: application +version: 6.11.0 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/README.md new file mode 100644 index 000000000..3d1d73e48 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/README.md @@ -0,0 +1,526 @@ +# Grafana Helm Chart + +* Installs the web dashboarding system [Grafana](http://grafana.org/) + +## Get Repo Info + +```console +helm repo add grafana https://grafana.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release grafana/grafana +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading an existing Release to a new major version + +A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an +incompatible breaking change needing manual actions. + +### To 4.0.0 (And 3.12.1) + +This version requires Helm >= 2.12.0. + +### To 5.0.0 + +You have to add --force to your helm upgrade command as the labels of the chart have changed. + +### To 6.0.0 + +This version requires Helm >= 3.1.0. + +## Configuration + +| Parameter | Description | Default | +|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| +| `replicas` | Number of nodes | `1` | +| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | +| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | +| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | +| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | +| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| +| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | +| `priorityClassName` | Name of Priority Class to assign pods | `nil` | +| `image.repository` | Image repository | `grafana/grafana` | +| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.4.5` | +| `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `{}` | +| `service.enabled` | Enable grafana service | `true` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Kubernetes port where service is exposed | `80` | +| `service.portName` | Name of the port on the service | `service` | +| `service.targetPort` | Internal service is port | `3000` | +| `service.nodePort` | Kubernetes service nodePort | `nil` | +| `service.annotations` | Service annotations | `{}` | +| `service.labels` | Custom labels | `{}` | +| `service.clusterIP` | internal cluster service IP | `nil` | +| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | +| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | +| `service.externalIPs` | service external IP addresses | `[]` | +| `extraExposePorts` | Additional service ports for sidecar containers| `[]` | +| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations (values are templated) | `{}` | +| `ingress.labels` | Custom labels | `{}` | +| `ingress.path` | Ingress accepted path | `/` | +| `ingress.pathType` | Ingress type of path | `Prefix` | +| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | +| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | +| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` | +| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | +| `extraLabels` | Custom labels for all manifests | `{}` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | +| `persistence.size` | Size of persistent volume claim | `10Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClassName` | Type of persistent volume claim | `nil` | +| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | +| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | +| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | +| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` | +| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | +| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | +| `initChownData.enabled` | If false, don't reset data ownership at startup | true | +| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | +| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | +| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` | +| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` | +| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | +| `schedulerName` | Alternate scheduler name | `nil` | +| `env` | Extra environment variables passed to pods | `{}` | +| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. | `{}` | +| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | +| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | +| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | +| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` | +| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | +| `plugins` | Plugins to be loaded along with Grafana | `[]` | +| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | +| `notifiers` | Configure grafana notifiers | `{}` | +| `dashboardProviders` | Configure grafana dashboard providers | `{}` | +| `dashboards` | Dashboards to import | `{}` | +| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | +| `grafana.ini` | Grafana's primary configuration | `{}` | +| `ldap.enabled` | Enable LDAP authentication | `false` | +| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | +| `ldap.config` | Grafana's LDAP configuration | `""` | +| `annotations` | Deployment annotations | `{}` | +| `labels` | Deployment labels | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Pod labels | `{}` | +| `podPortName` | Name of the grafana port on the pod | `grafana` | +| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | +| `sidecar.image.tag` | Sidecar image tag | `1.10.7` | +| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | +| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | +| `sidecar.resources` | Sidecar resources | `{}` | +| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable | `false` | +| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | +| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | +| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | +| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | +| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | +| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | +| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | +| `sidecar.dashboards.provider.type` | Provider type | `file` | +| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` | +| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | +| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | +| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | +| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` | +| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | +| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | +| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | +| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | +| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | +| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` | +| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | +| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | +| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | +| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | +| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | +| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | +| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | +| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` | +| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | +| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | +| `serviceAccount.annotations` | ServiceAccount annotations | | +| `serviceAccount.create` | Create service account | `true` | +| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | +| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | +| `rbac.create` | Create and use RBAC resources | `true` | +| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | +| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | +| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | +| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | +| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | +| `command` | Define command to be executed by grafana container at startup | `nil` | +| `testFramework.enabled` | Whether to create test-related resources | `true` | +| `testFramework.image` | `test-framework` image repository. | `bats/bats` | +| `testFramework.tag` | `test-framework` image tag. | `v1.1.0` | +| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | +| `testFramework.securityContext` | `test-framework` securityContext | `{}` | +| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | +| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | +| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | +| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` | +| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` | +| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` | +| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | +| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | +| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | +| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | +| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | +| `serviceMonitor.path` | Path to scrape | `/metrics` | +| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` | +| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | +| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | +| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | +| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | +| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | +| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | +| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | +| `imageRenderer.image.tag` | image-renderer Image tag | `latest` | +| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | +| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | +| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | +| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | +| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | +| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | +| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | +| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` | +| `imageRenderer.service.portName` | image-renderer service port name | `'http'` | +| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` | +| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | +| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | +| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | +| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | +| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | +| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | + +### Example ingress with path + +With grafana 6.3 and above +```yaml +grafana.ini: + server: + domain: monitoring.example.com + root_url: "%(protocol)s://%(domain)s/grafana" + serve_from_sub_path: true +ingress: + enabled: true + hosts: + - "monitoring.example.com" + path: "/grafana" +``` + +### Example of extraVolumeMounts + +Volume can be type persistentVolumeClaim or hostPath but not both at same time. +If none existingClaim or hostPath argument is givent then type is emptyDir. + +```yaml +- extraVolumeMounts: + - name: plugins + mountPath: /var/lib/grafana/plugins + subPath: configs/grafana/plugins + existingClaim: existing-grafana-claim + readOnly: false + - name: dashboards + mountPath: /var/lib/grafana/dashboards + hostPath: /usr/shared/grafana/dashboards + readOnly: false +``` + +## Import dashboards + +There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +dashboards: + default: + some-dashboard: + json: | + { + "annotations": + + ... + # Complete json file here + ... + + "title": "Some Dashboard", + "uid": "abcd1234", + "version": 1 + } + custom-dashboard: + # This is a path to a file inside the dashboards directory inside the chart directory + file: dashboards/custom-dashboard.json + prometheus-stats: + # Ref: https://grafana.com/dashboards/2 + gnetId: 2 + revision: 2 + datasource: Prometheus + local-dashboard: + url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json +``` + +## BASE64 dashboards + +Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) +A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. +If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. + +### Gerrit use case + +Gerrit API for download files has the following schema: where {project-name} and +{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard +the url value is + +## Sidecar for dashboards + +If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana +pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with +a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written +to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported +dashboards are deleted/updated. + +A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside +one configmap is currently not properly mirrored in grafana. + +Example dashboard config: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: sample-grafana-dashboard + labels: + grafana_dashboard: "1" +data: + k8s-dashboard.json: |- + [...] +``` + +## Sidecar for datasources + +If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the data sources in grafana can be imported. + +Secrets are recommended over configmaps for this usecase because datasources usually contain private +data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): + +```yaml +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + # name of the datasource. Required + - name: Graphite + # datasource type. Required + type: graphite + # access mode. proxy or direct (Server or Browser in the UI). Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://localhost:8080 + # database password, if used + password: + # database user, if used + user: + # database name, if used + database: + # enable/disable basic auth + basicAuth: + # basic auth username + basicAuthUser: + # basic auth password + basicAuthPassword: + # enable/disable with credentials headers + withCredentials: + # mark as default datasource. Max one per org + isDefault: + # fields that will be converted to json and stored in json_data + jsonData: + graphiteVersion: "1.1" + tlsAuth: true + tlsAuthWithCACert: true + # json object of data that will be encrypted. + secureJsonData: + tlsCACert: "..." + tlsClientCert: "..." + tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: false +``` + +## Sidecar for notifiers + +If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana +pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and +filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in +those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, +the notification channels in grafana can be imported. The secrets must be created before +`helm install` so that the notifiers init container can list the secrets. + +Secrets are recommended over configmaps for this usecase because alert notification channels usually contain +private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. + +Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): + +```yaml +notifiers: + - name: notification-channel-1 + type: slack + uid: notifier1 + # either + org_id: 2 + # or + org_name: Main Org. + is_default: true + send_reminder: true + frequency: 1h + disable_resolve_message: false + # See `Supported Settings` section for settings supporter for each + # alert notification type. + settings: + recipient: 'XXX' + token: 'xoxb' + uploadImage: true + url: https://slack.com + +delete_notifiers: + - name: notification-channel-1 + uid: notifier1 + org_id: 2 + - name: notification-channel-2 + # default org_id: 1 +``` + +## How to serve Grafana with a path prefix (/grafana) + +In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. + +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/rewrite-target: /$1 + nginx.ingress.kubernetes.io/use-regex: "true" + + path: /grafana/?(.*) + hosts: + - k8s.example.dev + +grafana.ini: + server: + root_url: http://localhost:3000/grafana # this host can be localhost +``` + +## How to securely reference secrets in grafana.ini + +This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. + +In grafana.ini: + +```yaml +grafana.ini: + [auth.generic_oauth] + enabled = true + client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} + client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} +``` + +Existing secret, or created along with helm: + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: auth-generic-oauth-secret +type: Opaque +stringData: + client_id: + client_secret: +``` + +Include in the `extraSecretMounts` configuration flag: + +```yaml +- extraSecretMounts: + - name: auth-generic-oauth-secret-mount + secretName: auth-generic-oauth-secret + defaultMode: 0440 + mountPath: /etc/secrets/auth_generic_oauth + readOnly: true +``` + +### extraSecretMounts using a Container Storage Interface (CSI) provider + +This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) + +```yaml +- extraSecretMounts: + - name: secrets-store-inline + mountPath: /run/secrets + readOnly: true + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "my-provider" + nodePublishSecretRef: + name: akv-creds +``` + +## Image Renderer Plug-In + +This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/docs/remote_rendering_using_docker.md) + +```yaml +imageRenderer: + enabled: true +``` + +### Image Renderer NetworkPolicy + +By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/dashboards/custom-dashboard.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/dashboards/custom-dashboard.json new file mode 100644 index 000000000..9e26dfeeb --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/dashboards/custom-dashboard.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/NOTES.txt b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/NOTES.txt new file mode 100644 index 000000000..1fc8436d9 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/NOTES.txt @@ -0,0 +1,54 @@ +1. Get your '{{ .Values.adminUser }}' user password by running: + + kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo + +2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: + + {{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local +{{ if .Values.ingress.enabled }} + If you bind grafana to 80, please update values in values.yaml and reinstall: + ``` + securityContext: + runAsUser: 0 + runAsGroup: 0 + fsGroup: 0 + + command: + - "setcap" + - "'cap_net_bind_service=+ep'" + - "/usr/sbin/grafana-server &&" + - "sh" + - "/run.sh" + ``` + Details refer to https://grafana.com/docs/installation/configuration/#http-port. + Or grafana would always crash. + + From outside the cluster, the server URL(s) are: +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{ else }} + Get the Grafana URL to visit by running these commands in the same shell: +{{ if contains "NodePort" .Values.service.type -}} + export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{ else if contains "LoadBalancer" .Values.service.type -}} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + http://$SERVICE_IP:{{ .Values.service.port -}} +{{ else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000 +{{- end }} +{{- end }} + +3. Login with the password from step 1 and the username: {{ .Values.adminUser }} + +{{- if not .Values.persistence.enabled }} +################################################################################# +###### WARNING: Persistence is disabled!!! You will lose your data when ##### +###### the Grafana pod is terminated. ##### +################################################################################# +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_helpers.tpl new file mode 100644 index 000000000..03da0ff33 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_helpers.tpl @@ -0,0 +1,158 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "grafana.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account +*/}} +{{- define "grafana.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{- define "grafana.serviceAccountNameTest" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} +{{- else -}} + {{ default "default" .Values.serviceAccount.nameTest }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "grafana.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.extraLabels }} +{{ toYaml .Values.extraLabels }} +{{- end }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "grafana.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana.imageRenderer.labels" -}} +helm.sh/chart: {{ include "grafana.chart" . }} +{{ include "grafana.imageRenderer.selectorLabels" . }} +{{- if or .Chart.AppVersion .Values.image.tag }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels ImageRenderer +*/}} +{{- define "grafana.imageRenderer.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for rbac. +*/}} +{{- define "rbac.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Looks if there's an existing secret and reuse its password. If not it generates +new password and use it. +*/}} +{{- define "grafana.password" -}} +{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}} + {{- if $secret -}} + {{- index $secret "data" "admin-password" -}} + {{- else -}} + {{- (randAlphaNum 40) | b64enc | quote -}} + {{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_pod.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_pod.tpl new file mode 100644 index 000000000..9d19b4a32 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/_pod.tpl @@ -0,0 +1,511 @@ +{{- define "grafana.pod" -}} +{{- if .Values.schedulerName }} +schedulerName: "{{ .Values.schedulerName }}" +{{- end }} +serviceAccountName: {{ template "grafana.serviceAccountName" . }} +{{- if .Values.securityContext }} +securityContext: +{{ toYaml .Values.securityContext | indent 2 }} +{{- end }} +{{- if .Values.hostAliases }} +hostAliases: +{{ toYaml .Values.hostAliases | indent 2 }} +{{- end }} +{{- if .Values.priorityClassName }} +priorityClassName: {{ .Values.priorityClassName }} +{{- end }} +{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.datasources.enabled .Values.sidecar.notifiers.enabled .Values.extraInitContainers) }} +initContainers: +{{- end }} +{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} + - name: init-chown-data + {{- if .Values.initChownData.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"] + resources: +{{ toYaml .Values.initChownData.resources | indent 6 }} + volumeMounts: + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- end }} +{{- if .Values.dashboards }} + - name: download-dashboards + {{- if .Values.downloadDashboardsImage.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh /etc/grafana/download_dashboards.sh" ] + resources: +{{ toYaml .Values.downloadDashboards.resources | indent 6 }} + env: +{{- range $key, $value := .Values.downloadDashboards.env }} + - name: "{{ $key }}" + value: "{{ $value }}" +{{- end }} +{{- if .Values.downloadDashboards.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.downloadDashboards.envFromSecret . }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/download_dashboards.sh" + subPath: download_dashboards.sh + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: {{ template "grafana.name" . }}-sc-datasources + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + {{- if .Values.sidecar.datasources.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.sidecar.datasources.envFromSecret . }} + {{- end }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + {{- if .Values.sidecar.datasources.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.datasources.labelValue }} + {{- end }} + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + - name: RESOURCE + value: {{ quote .Values.sidecar.datasources.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: {{ template "grafana.name" . }}-sc-notifiers + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.notifiers.label }}" + - name: FOLDER + value: "/etc/grafana/provisioning/notifiers" + - name: RESOURCE + value: {{ quote .Values.sidecar.notifiers.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.notifiers.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.notifiers.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} +{{- if .Values.extraInitContainers }} +{{ toYaml .Values.extraInitContainers | indent 2 }} +{{- end }} +{{- if .Values.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end}} +{{- end }} +containers: +{{- if .Values.sidecar.dashboards.enabled }} + - name: {{ template "grafana.name" . }}-sc-dashboard + {{- if .Values.sidecar.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: {{ .Values.sidecar.dashboards.watchMethod }} + - name: LABEL + value: "{{ .Values.sidecar.dashboards.label }}" + {{- if .Values.sidecar.dashboards.labelValue }} + - name: LABEL_VALUE + value: {{ quote .Values.sidecar.dashboards.labelValue }} + {{- end }} + - name: FOLDER + value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" + - name: RESOURCE + value: {{ quote .Values.sidecar.dashboards.resource }} + {{- if .Values.sidecar.enableUniqueFilenames }} + - name: UNIQUE_FILENAMES + value: "{{ .Values.sidecar.enableUniqueFilenames }}" + {{- end }} + {{- if .Values.sidecar.dashboards.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.dashboards.searchNamespace }}" + {{- end }} + {{- if .Values.sidecar.skipTlsVerify }} + - name: SKIP_TLS_VERIFY + value: "{{ .Values.sidecar.skipTlsVerify }}" + {{- end }} + {{- if .Values.sidecar.dashboards.folderAnnotation }} + - name: FOLDER_ANNOTATION + value: "{{ .Values.sidecar.dashboards.folderAnnotation }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 6 }} + volumeMounts: + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{- end}} + - name: {{ .Chart.Name }} + {{- if .Values.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.command }} + command: + {{- range .Values.command }} + - {{ . }} + {{- end }} + {{- end}} +{{- if .Values.containerSecurityContext }} + securityContext: +{{- toYaml .Values.containerSecurityContext | nindent 6 }} +{{- end }} + volumeMounts: + - name: config + mountPath: "/etc/grafana/grafana.ini" + subPath: grafana.ini + {{- if .Values.ldap.enabled }} + - name: ldap + mountPath: "/etc/grafana/ldap.toml" + subPath: ldap.toml + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + - name: storage + mountPath: "/var/lib/grafana" +{{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} +{{- end }} +{{- if .Values.dashboards }} +{{- range $provider, $dashboards := .Values.dashboards }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} + - name: dashboards-{{ $provider }} + mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + subPath: "{{ $key }}.json" +{{- end }} +{{- end }} +{{- end }} +{{- end -}} +{{- if .Values.dashboardsConfigMaps }} +{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }} + - name: dashboards-{{ . }} + mountPath: "/var/lib/grafana/dashboards/{{ . }}" +{{- end }} +{{- end }} +{{- if .Values.datasources }} + - name: config + mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" + subPath: datasources.yaml +{{- end }} +{{- if .Values.notifiers }} + - name: config + mountPath: "/etc/grafana/provisioning/notifiers/notifiers.yaml" + subPath: notifiers.yaml +{{- end }} +{{- if .Values.dashboardProviders }} + - name: config + mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" + subPath: dashboardproviders.yaml +{{- end }} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + mountPath: {{ .Values.sidecar.dashboards.folder | quote }} +{{ if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" + subPath: provider.yaml +{{- end}} +{{- end}} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + mountPath: "/etc/grafana/provisioning/notifiers" +{{- end}} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + subPath: {{ .subPath | default "" }} + {{- end }} + {{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- end }} + ports: + - name: {{ .Values.service.portName }} + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + - name: {{ .Values.podPortName }} + containerPort: 3000 + protocol: TCP + env: + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: GF_SECURITY_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: GF_SECURITY_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if .Values.plugins }} + - name: GF_INSTALL_PLUGINS + valueFrom: + configMapKeyRef: + name: {{ template "grafana.fullname" . }} + key: plugins + {{- end }} + {{- if .Values.smtp.existingSecret }} + - name: GF_SMTP_USER + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.userKey | default "user" }} + - name: GF_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.smtp.existingSecret }} + key: {{ .Values.smtp.passwordKey | default "password" }} + {{- end }} + {{ if .Values.imageRenderer.enabled }} + - name: GF_RENDERING_SERVER_URL + value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render + - name: GF_RENDERING_CALLBACK_URL + value: http://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} + {{ end }} + - name: GF_PATHS_DATA + value: {{ (get .Values "grafana.ini").paths.data }} + - name: GF_PATHS_LOGS + value: {{ (get .Values "grafana.ini").paths.logs }} + - name: GF_PATHS_PLUGINS + value: {{ (get .Values "grafana.ini").paths.plugins }} + - name: GF_PATHS_PROVISIONING + value: {{ (get .Values "grafana.ini").paths.provisioning }} + {{- range $key, $value := .Values.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: +{{ toYaml $value | indent 10 }} + {{- end }} +{{- range $key, $value := .Values.env }} + - name: "{{ tpl $key $ }}" + value: "{{ tpl (print $value) $ }}" +{{- end }} + {{- if .Values.envFromSecret }} + envFrom: + - secretRef: + name: {{ tpl .Values.envFromSecret . }} + {{- end }} + {{- if .Values.envRenderSecret }} + envFrom: + - secretRef: + name: {{ template "grafana.fullname" . }}-env + {{- end }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 6 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 6 }} + resources: +{{ toYaml .Values.resources | indent 6 }} +{{- with .Values.extraContainers }} +{{ tpl . $ | indent 2 }} +{{- end }} +nodeSelector: {{ include "linux-node-selector" . | nindent 2 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 2 }} +{{- end }} +{{- with .Values.affinity }} +affinity: +{{ toYaml . | indent 2 }} +{{- end }} +tolerations: {{ include "linux-node-tolerations" . | nindent 2 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 2 }} +{{- end }} +volumes: + - name: config + configMap: + name: {{ template "grafana.fullname" . }} +{{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} +{{- end }} + {{- if .Values.dashboards }} + {{- range (keys .Values.dashboards | sortAlpha) }} + - name: dashboards-{{ . }} + configMap: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} + {{- end }} + {{- end }} + {{- if .Values.dashboardsConfigMaps }} + {{ $root := . }} + {{- range $provider, $name := .Values.dashboardsConfigMaps }} + - name: dashboards-{{ $provider }} + configMap: + name: {{ tpl $name $root }} + {{- end }} + {{- end }} + {{- if .Values.ldap.enabled }} + - name: ldap + secret: + {{- if .Values.ldap.existingSecret }} + secretName: {{ .Values.ldap.existingSecret }} + {{- else }} + secretName: {{ template "grafana.fullname" . }} + {{- end }} + items: + - key: ldap-toml + path: ldap.toml + {{- end }} +{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }} + - name: storage + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "grafana.fullname" .) }} +{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }} +# nothing +{{- else }} + - name: storage +{{- if .Values.persistence.inMemory.enabled }} + emptyDir: + medium: Memory +{{- if .Values.persistence.inMemory.sizeLimit }} + sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }} +{{- end -}} +{{- else }} + emptyDir: {} +{{- end -}} +{{- end -}} +{{- if .Values.sidecar.dashboards.enabled }} + - name: sc-dashboard-volume + emptyDir: {} +{{- if .Values.sidecar.dashboards.SCProvider }} + - name: sc-dashboard-provider + configMap: + name: {{ template "grafana.fullname" . }}-config-dashboards +{{- end }} +{{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: sc-datasources-volume + emptyDir: {} +{{- end -}} +{{- if .Values.sidecar.notifiers.enabled }} + - name: sc-notifiers-volume + emptyDir: {} +{{- end -}} +{{- range .Values.extraSecretMounts }} +{{- if .secretName }} + - name: {{ .name }} + secret: + secretName: {{ .secretName }} + defaultMode: {{ .defaultMode }} +{{- else if .projected }} + - name: {{ .name }} + projected: {{- toYaml .projected | nindent 6 }} +{{- else if .csi }} + - name: {{ .name }} + csi: {{- toYaml .csi | nindent 6 }} +{{- end }} +{{- end }} +{{- range .Values.extraVolumeMounts }} + - name: {{ .name }} + {{- if .existingClaim }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} + {{- else if .hostPath }} + hostPath: + path: {{ .hostPath }} + {{- else }} + emptyDir: {} + {{- end }} +{{- end }} +{{- range .Values.extraEmptyDirMounts }} + - name: {{ .name }} + emptyDir: {} +{{- end -}} +{{- if .Values.extraContainerVolumes }} +{{ toYaml .Values.extraContainerVolumes | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/clusterrole.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/clusterrole.yaml new file mode 100644 index 000000000..f09e06563 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/clusterrole.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }} +rules: +{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end}} +{{- with .Values.rbac.extraClusterRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end}} +{{- end}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/clusterrolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..4accbfac0 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "grafana.fullname" . }}-clusterrolebinding + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +roleRef: + kind: ClusterRole +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }}-clusterrole +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap-dashboard-provider.yaml new file mode 100644 index 000000000..65d73858e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap-dashboard-provider.yaml @@ -0,0 +1,29 @@ +{{- if .Values.sidecar.dashboards.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.fullname" . }}-config-dashboards + namespace: {{ template "grafana.namespace" . }} +data: + provider.yaml: |- + apiVersion: 1 + providers: + - name: '{{ .Values.sidecar.dashboards.provider.name }}' + orgId: {{ .Values.sidecar.dashboards.provider.orgid }} + {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + folder: '{{ .Values.sidecar.dashboards.provider.folder }}' + {{- end}} + type: {{ .Values.sidecar.dashboards.provider.type }} + disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} + allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} + updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} + options: + foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} + path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} +{{- end}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap.yaml new file mode 100644 index 000000000..c72219fb8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/configmap.yaml @@ -0,0 +1,82 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +data: +{{- if .Values.plugins }} + plugins: {{ join "," .Values.plugins }} +{{- end }} + grafana.ini: | +{{- range $key, $value := index .Values "grafana.ini" }} + [{{ $key }}] + {{- range $elem, $elemVal := $value }} + {{- if kindIs "invalid" $elemVal }} + {{ $elem }} = + {{- else if kindIs "string" $elemVal }} + {{ $elem }} = {{ tpl $elemVal $ }} + {{- else }} + {{ $elem }} = {{ $elemVal }} + {{- end }} + {{- end }} +{{- end }} + +{{- if .Values.datasources }} +{{ $root := . }} + {{- range $key, $value := .Values.datasources }} + {{ $key }}: | +{{ tpl (toYaml $value | indent 4) $root }} + {{- end -}} +{{- end -}} + +{{- if .Values.notifiers }} + {{- range $key, $value := .Values.notifiers }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{ $key }}: | +{{ toYaml $value | indent 4 }} + {{- end -}} +{{- end -}} + +{{- if .Values.dashboards }} + download_dashboards.sh: | + #!/usr/bin/env sh + set -euf + {{- if .Values.dashboardProviders }} + {{- range $key, $value := .Values.dashboardProviders }} + {{- range $value.providers }} + mkdir -p {{ .options.path }} + {{- end }} + {{- end }} + {{- end }} + + {{- range $provider, $dashboards := .Values.dashboards }} + {{- range $key, $value := $dashboards }} + {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} + curl -skf \ + --connect-timeout 60 \ + --max-time 60 \ + {{- if not $value.b64content }} + -H "Accept: application/json" \ + {{- if $value.token }} + -H "Authorization: token {{ $value.token }}" \ + {{- end }} + -H "Content-Type: application/json;charset=UTF-8" \ + {{ end }} + {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ + > "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" + {{- end -}} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/dashboards-json-configmap.yaml new file mode 100644 index 000000000..59e0be641 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/dashboards-json-configmap.yaml @@ -0,0 +1,35 @@ +{{- if .Values.dashboards }} +{{ $files := .Files }} +{{- range $provider, $dashboards := .Values.dashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} + namespace: {{ template "grafana.namespace" $ }} + labels: + {{- include "grafana.labels" $ | nindent 4 }} + dashboard-provider: {{ $provider }} +{{- if $dashboards }} +data: +{{- $dashboardFound := false }} +{{- range $key, $value := $dashboards }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} +{{- $dashboardFound = true }} +{{ print $key | indent 2 }}.json: +{{- if hasKey $value "json" }} + |- +{{ $value.json | indent 6 }} +{{- end }} +{{- if hasKey $value "file" }} +{{ toYaml ( $files.Get $value.file ) | indent 4}} +{{- end }} +{{- end }} +{{- end }} +{{- if not $dashboardFound }} + {} +{{- end }} +{{- end }} +--- +{{- end }} + +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/deployment.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/deployment.yaml new file mode 100644 index 000000000..1c9ae8638 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/deployment.yaml @@ -0,0 +1,50 @@ +{{ if (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc")) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- with .Values.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} +{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- if .Values.envRenderSecret }} + checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/headless-service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/headless-service.yaml new file mode 100644 index 000000000..2fa816e04 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/headless-service.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-headless + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + clusterIP: None + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} + type: ClusterIP +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/hpa.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/hpa.yaml new file mode 100644 index 000000000..9c186d74a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/hpa.yaml @@ -0,0 +1,20 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "grafana.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "grafana.name" . }} + helm.sh/chart: {{ template "grafana.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "grafana.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: +{{ toYaml .Values.autoscaling.metrics | indent 4 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-deployment.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-deployment.yaml new file mode 100644 index 000000000..d17b9dfed --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-deployment.yaml @@ -0,0 +1,117 @@ +{{ if .Values.imageRenderer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.labels }} +{{ toYaml .Values.imageRenderer.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.imageRenderer.replicas }} + revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} +{{- with .Values.imageRenderer.deploymentStrategy }} + strategy: +{{ toYaml . | trim | indent 4 }} +{{- end }} + template: + metadata: + labels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }} +{{- with .Values.imageRenderer.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- with .Values.imageRenderer.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + + {{- if .Values.imageRenderer.schedulerName }} + schedulerName: "{{ .Values.imageRenderer.schedulerName }}" + {{- end }} + {{- if .Values.imageRenderer.serviceAccountName }} + serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}" + {{- else }} + serviceAccountName: {{ template "grafana.serviceAccountName" . }} + {{- end }} + {{- if .Values.imageRenderer.securityContext }} + securityContext: + {{ toYaml .Values.imageRenderer.securityContext | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.hostAliases }} + hostAliases: + {{ toYaml .Values.imageRenderer.hostAliases | indent 2 }} + {{- end }} + {{- if .Values.imageRenderer.priorityClassName }} + priorityClassName: {{ .Values.imageRenderer.priorityClassName }} + {{- end }} + {{- if .Values.imageRenderer.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.imageRenderer.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: {{ .Chart.Name }}-image-renderer + {{- if .Values.imageRenderer.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} + {{- if .Values.imageRenderer.command }} + command: + {{- range .Values.imageRenderer.command }} + - {{ . }} + {{- end }} + {{- end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + containerPort: {{ .Values.imageRenderer.service.port }} + protocol: TCP + env: + - name: HTTP_PORT + value: {{ .Values.imageRenderer.service.port | quote }} + {{- range $key, $value := .Values.imageRenderer.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + securityContext: + capabilities: + drop: ['all'] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: image-renderer-tmpfs + {{- with .Values.imageRenderer.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + {{- if .Values.imageRenderer.nodeSelector }} +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.imageRenderer.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + {{- if .Values.imageRenderer.tolerations }} +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: image-renderer-tmpfs + emptyDir: {} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-network-policy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-network-policy.yaml new file mode 100644 index 000000000..f8ca73aab --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-network-policy.yaml @@ -0,0 +1,76 @@ +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-ingress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer ingress traffic from grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Ingress + ingress: + - ports: + - port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + from: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} + +{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer-egress + namespace: {{ template "grafana.namespace" . }} + annotations: + comment: Limit image-renderer egress traffic to grafana +spec: + podSelector: + matchLabels: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} + {{- if .Values.imageRenderer.podLabels }} + {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} + {{- end }} + + policyTypes: + - Egress + egress: + # allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # talk only to grafana + - ports: + - port: {{ .Values.service.port }} + protocol: TCP + to: + - namespaceSelector: + matchLabels: + name: {{ template "grafana.namespace" . }} + podSelector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 14 }} + {{- if .Values.podLabels }} + {{ toYaml .Values.podLabels | nindent 14 }} + {{- end }} +{{ end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-service.yaml new file mode 100644 index 000000000..f29586c3a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/image-renderer-service.yaml @@ -0,0 +1,30 @@ +{{ if .Values.imageRenderer.enabled }} +{{ if .Values.imageRenderer.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }}-image-renderer + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.imageRenderer.labels" . | nindent 4 }} +{{- if .Values.imageRenderer.service.labels }} +{{ toYaml .Values.imageRenderer.service.labels | indent 4 }} +{{- end }} +{{- with .Values.imageRenderer.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: ClusterIP + {{- if .Values.imageRenderer.service.clusterIP }} + clusterIP: {{ .Values.imageRenderer.service.clusterIP }} + {{end}} + ports: + - name: {{ .Values.imageRenderer.service.portName }} + port: {{ .Values.imageRenderer.service.port }} + protocol: TCP + targetPort: {{ .Values.imageRenderer.service.targetPort }} + selector: + {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} +{{ end }} +{{ end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/ingress.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/ingress.yaml new file mode 100644 index 000000000..44ebfc950 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/ingress.yaml @@ -0,0 +1,80 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "grafana.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $ingressPathType := .Values.ingress.pathType -}} +{{- $extraPaths := .Values.ingress.extraPaths -}} +{{- $newAPI := .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- if $newAPI -}} +apiVersion: networking.k8s.io/v1 +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} + {{- if .Values.ingress.annotations }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ tpl $value $ | quote }} + {{- end }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end -}} +{{- if .Values.ingress.tls }} + tls: +{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }} +{{- end }} + rules: + {{- if .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} + - host: {{ tpl . $}} + http: + paths: +{{ if $extraPaths }} +{{ toYaml $extraPaths | indent 10 }} +{{- end }} + - path: {{ $ingressPath }} + {{- if $newAPI }} + pathType: {{ $ingressPathType }} + {{- end }} + backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end }} + {{- else }} + - http: + paths: + - backend: + {{- if $newAPI }} + service: + name: {{ $fullName }} + port: + number: {{ $servicePort }} + pathType: {{ $ingressPathType }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- if $ingressPath }} + path: {{ $ingressPath }} + {{- end }} + {{- end -}} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/nginx-config.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/nginx-config.yaml new file mode 100644 index 000000000..78da96fff --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/nginx-config.yaml @@ -0,0 +1,78 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-nginx-proxy-config + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + nginx.conf: |- + worker_processes auto; + error_log /dev/stdout warn; + pid /var/cache/nginx/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; + + proxy_connect_timeout 10; + proxy_read_timeout 180; + proxy_send_timeout 5; + proxy_buffering off; + proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; + + server { + listen 8080; + access_log off; + + gzip on; + gzip_min_length 1k; + gzip_comp_level 2; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + proxy_set_header Host $host; + + location /api/dashboards { + proxy_pass http://localhost:3000; + } + + location /api/search { + proxy_pass http://localhost:3000; + + sub_filter_types application/json; + sub_filter_once off; + sub_filter '"url":"/d' '"url":"d'; + } + + location / { + proxy_cache my_zone; + proxy_cache_valid 200 302 1d; + proxy_cache_valid 301 30d; + proxy_cache_valid any 5m; + proxy_cache_bypass $http_cache_control; + add_header X-Proxy-Cache $upstream_cache_status; + add_header Cache-Control "public"; + + proxy_pass http://localhost:3000/; + + sub_filter_types text/html; + sub_filter_once off; + sub_filter '"appSubUrl":""' '"appSubUrl":"."'; + sub_filter '"url":"/' '"url":"./'; + sub_filter ':"/avatar/' ':"avatar/'; + + if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { + expires 90d; + } + + rewrite ^/k8s/clusters/.*/proxy(.*) /$1 break; + + } + } + } diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/poddisruptionbudget.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..61813a436 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/poddisruptionbudget.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.labels }} +{{ toYaml .Values.labels | indent 4 }} +{{- end }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/podsecuritypolicy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..f7c5941ab --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/podsecuritypolicy.yaml @@ -0,0 +1,46 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.rbac.pspAnnotations }} + annotations: {{ toYaml .Values.rbac.pspAnnotations | nindent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + # Default set from Docker, with DAC_OVERRIDE and CHOWN + - ALL + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'csi' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/pvc.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/pvc.yaml new file mode 100644 index 000000000..8a3ee1222 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/pvc.yaml @@ -0,0 +1,35 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.persistence.finalizers }} + finalizers: +{{ toYaml . | indent 4 }} + {{- end }} +spec: + accessModes: +{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }} +{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }} + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: {{ .Values.persistence.storageClassName }} + {{- end -}} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 6 }} + {{- end }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/role.yaml new file mode 100644 index 000000000..54c3fb0b2 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/role.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }} +rules: +{{- if .Values.rbac.pspEnabled }} +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}] +{{- end }} +{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }} +- apiGroups: [""] # "" indicates the core API group + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] +{{- end }} +{{- with .Values.rbac.extraRoleRules }} +{{ toYaml . | indent 0 }} +{{- end}} +{{- else }} +rules: [] +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/rolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/rolebinding.yaml new file mode 100644 index 000000000..34f1ad6f8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/rolebinding.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not .Values.rbac.useExistingRole) }} + name: {{ template "grafana.fullname" . }} +{{- else }} + name: {{ .Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret-env.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret-env.yaml new file mode 100644 index 000000000..5c09313e6 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret-env.yaml @@ -0,0 +1,14 @@ +{{- if .Values.envRenderSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }}-env + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +type: Opaque +data: +{{- range $key, $val := .Values.envRenderSecret }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end -}} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret.yaml new file mode 100644 index 000000000..6d06cf584 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/secret.yaml @@ -0,0 +1,26 @@ +{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +type: Opaque +data: + {{- if and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} + admin-user: {{ .Values.adminUser | b64enc | quote }} + {{- if .Values.adminPassword }} + admin-password: {{ .Values.adminPassword | b64enc | quote }} + {{- else }} + admin-password: {{ template "grafana.password" . }} + {{- end }} + {{- end }} + {{- if not .Values.ldap.existingSecret }} + ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/service.yaml new file mode 100644 index 000000000..ba84ef970 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/service.yaml @@ -0,0 +1,51 @@ +{{ if .Values.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + type: ClusterIP + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} +{{- end }} + ports: + - name: {{ .Values.service.portName }} + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.service.targetPort }} +{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + nodePort: {{.Values.service.nodePort}} +{{ end }} + {{- if .Values.extraExposePorts }} + {{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }} + {{- end }} + selector: + {{- include "grafana.selectorLabels" . | nindent 4 }} +{{ end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/serviceaccount.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/serviceaccount.yaml new file mode 100644 index 000000000..7576eeef0 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.serviceAccount.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/servicemonitor.yaml new file mode 100644 index 000000000..23288523f --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "grafana.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "grafana.labels" . | nindent 4 }} + {{- if .Values.serviceMonitor.labels }} + {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} + {{- end }} +spec: + endpoints: + - interval: {{ .Values.serviceMonitor.interval }} + {{- if .Values.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + port: {{ .Values.service.portName }} + path: {{ .Values.serviceMonitor.path }} + scheme: {{ .Values.serviceMonitor.scheme }} + {{- if .Values.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} + {{- end }} + jobLabel: "{{ .Release.Name }}" + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 8 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/statefulset.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/statefulset.yaml new file mode 100644 index 000000000..802768645 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/statefulset.yaml @@ -0,0 +1,54 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "grafana.fullname" . }} + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + {{- include "grafana.selectorLabels" . | nindent 6 }} + serviceName: {{ template "grafana.fullname" . }}-headless + template: + metadata: + labels: + {{- include "grafana.selectorLabels" . | nindent 8 }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} + checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} + {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- end }} +{{- with .Values.podAnnotations }} +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- include "grafana.pod" . | nindent 6 }} + volumeClaimTemplates: + - metadata: + name: storage + spec: +{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }} +{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }} + accessModes: {{ .Values.persistence.accessModes }} + storageClassName: {{ .Values.persistence.storageClassName }} + resources: + requests: + storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size }} + {{- with .Values.persistence.selectorLabels }} + selector: + matchLabels: +{{ toYaml . | indent 10 }} + {{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-configmap.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-configmap.yaml new file mode 100644 index 000000000..ff53aaf1b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-configmap.yaml @@ -0,0 +1,17 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +data: + run.sh: |- + @test "Test Health" { + url="http://{{ template "grafana.fullname" . }}/api/health" + + code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') + [ "$code" == "200" ] + } +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-podsecuritypolicy.yaml new file mode 100644 index 000000000..1acd65128 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-podsecuritypolicy.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +spec: + allowPrivilegeEscalation: true + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + fsGroup: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - projected + - csi + - secret +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-role.yaml new file mode 100644 index 000000000..6b10677ae --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-role.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "grafana.fullname" . }}-test] +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-rolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-rolebinding.yaml new file mode 100644 index 000000000..58fa5e78b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "grafana.fullname" . }}-test + namespace: {{ template "grafana.namespace" . }} + labels: + {{- include "grafana.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "grafana.fullname" . }}-test +subjects: +- kind: ServiceAccount + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-serviceaccount.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-serviceaccount.yaml new file mode 100644 index 000000000..5c3350733 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test-serviceaccount.yaml @@ -0,0 +1,9 @@ +{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "grafana.labels" . | nindent 4 }} + name: {{ template "grafana.serviceAccountNameTest" . }} + namespace: {{ template "grafana.namespace" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test.yaml new file mode 100644 index 000000000..cdc86e5f2 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/templates/tests/test.yaml @@ -0,0 +1,48 @@ +{{- if .Values.testFramework.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: {{ template "grafana.fullname" . }}-test + labels: + {{- include "grafana.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success + namespace: {{ template "grafana.namespace" . }} +spec: + serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} + {{- if .Values.testFramework.securityContext }} + securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} + {{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 4 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 4 }} + {{- end }} + containers: + - name: {{ .Release.Name }}-test + image: "{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" + imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}" + command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] + volumeMounts: + - mountPath: /tests + name: tests + readOnly: true + volumes: + - name: tests + configMap: + name: {{ template "grafana.fullname" . }}-test + restartPolicy: Never +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/values.yaml new file mode 100644 index 000000000..52466a9fc --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/grafana/values.yaml @@ -0,0 +1,757 @@ +global: + cattle: + systemDefaultRegistry: "" + +autoscaling: + enabled: false +rbac: + create: true + ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) + # useExistingRole: name-of-some-(cluster)role + pspEnabled: true + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + namespaced: false + extraRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] + extraClusterRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] +serviceAccount: + create: true + name: + nameTest: +# annotations: +# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + +replicas: 1 + +## Create HorizontalPodAutoscaler object for deployment type +# +autoscaling: + enabled: false +# minReplicas: 1 +# maxReplicas: 10 +# metrics: +# - type: Resource +# resource: +# name: cpu +# targetAverageUtilization: 60 +# - type: Resource +# resource: +# name: memory +# targetAverageUtilization: 60 + +## See `kubectl explain poddisruptionbudget.spec` for more +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} +# minAvailable: 1 +# maxUnavailable: 1 + +## See `kubectl explain deployment.spec.strategy` for more +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +deploymentStrategy: + type: RollingUpdate + +readinessProbe: + httpGet: + path: /api/health + port: 3000 + +livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 60 + timeoutSeconds: 30 + failureThreshold: 10 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: "default-scheduler" + +image: + repository: rancher/mirrored-grafana-grafana + tag: 7.5.8 + sha: "" + pullPolicy: IfNotPresent + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistrKeySecretName + +testFramework: + enabled: true + image: "rancher/mirrored-bats-bats" + tag: "v1.1.0" + imagePullPolicy: IfNotPresent + securityContext: + runAsNonRoot: true + runAsUser: 1000 + +securityContext: + runAsNonRoot: true + runAsUser: 472 + runAsGroup: 472 + fsGroup: 472 + +containerSecurityContext: + {} + +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # subPath: certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + + +extraEmptyDirMounts: [] + # - name: provisioning-notifiers + # mountPath: /etc/grafana/provisioning/notifiers + + +# Apply extra labels to common labels. +extraLabels: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: + +downloadDashboardsImage: + repository: rancher/mirrored-curlimages-curl + tag: 7.77.0 + sha: "" + pullPolicy: IfNotPresent + +downloadDashboards: + env: {} + envFromSecret: "" + resources: {} + +## Pod Annotations +# podAnnotations: {} + +## Pod Labels +# podLabels: {} + +podPortName: grafana + +## Deployment annotations +# annotations: {} + +## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## +service: + enabled: true + type: ClusterIP + port: 80 + targetPort: 3000 + # targetPort: 4181 To be used with a proxy extraContainer + annotations: {} + labels: {} + portName: service + +serviceMonitor: + ## If true, a ServiceMonitor CRD is created for a prometheus operator + ## https://github.com/coreos/prometheus-operator + ## + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 1m + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + relabelings: [] + +extraExposePorts: [] + # - name: keycloak + # port: 8080 + # targetPort: 8080 + # type: ClusterIP + +# overrides pod.spec.hostAliases in the grafana deployment's pods +hostAliases: [] + # - ip: "1.2.3.4" + # hostnames: + # - "my.host.com" + +ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - chart-example.local + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +# +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +extraInitContainers: [] + +## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## Volumes that can be used in init containers that will not be mounted to deployment pods +extraContainerVolumes: [] +# - name: volume-from-secret +# secret: +# secretName: secret-to-mount +# - name: empty-dir-volume +# emptyDir: {} + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + type: pvc + enabled: false + # storageClassName: default + accessModes: + - ReadWriteOnce + size: 10Gi + # annotations: {} + finalizers: + - kubernetes.io/pvc-protection + # selectorLabels: {} + # subPath: "" + # existingClaim: + + ## If persistence is not enabled, this allows to mount the + ## local storage in-memory to improve performance + ## + inMemory: + enabled: false + ## The maximum usage on memory medium EmptyDir would be + ## the minimum value between the SizeLimit specified + ## here and the sum of memory limits of all containers in a pod + ## + # sizeLimit: 300Mi + +initChownData: + ## If false, data ownership will not be reset at startup + ## This allows the prometheus-server to be run with an arbitrary user + ## + enabled: true + + ## initChownData container image + ## + image: + repository: rancher/mirrored-library-busybox + tag: "1.31.1" + sha: "" + pullPolicy: IfNotPresent + + ## initChownData resource requests and limits + ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + +# Administrator credentials when not using an existing secret (see below) +adminUser: admin +# adminPassword: strongpassword + +# Use an existing secret for the admin user. +admin: + existingSecret: "" + userKey: admin-user + passwordKey: admin-password + +## Define command to be executed at startup by grafana container +## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) +## Default is "run.sh" as defined in grafana's Dockerfile +# command: +# - "sh" +# - "/run.sh" + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Extra environment variables that will be pass onto deployment pods +## +## to provide grafana with access to CloudWatch on AWS EKS: +## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) +## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the +## same oidc eks provider as noted before (same as the existing line) +## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name +## +## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", +## +## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess +## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) +## +## env: +## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here +## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token +## AWS_REGION: us-east-1 +## +## 5. uncomment the EKS section in extraSecretMounts: below +## 6. uncomment the annotation section in the serviceAccount: above +## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn + +env: {} + +## "valueFrom" environment variable references that will be added to deployment pods +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core +## Renders in container spec as: +## env: +## ... +## - name: +## valueFrom: +## +envValueFrom: {} + +## The name of a secret in the same kubernetes namespace which contain values to be added to the environment +## This can be useful for auth tokens, etc. Value is templated. +envFromSecret: "" + +## Sensible environment variables that will be rendered as new secret object +## This can be useful for auth tokens, etc +envRenderSecret: {} + +## Additional grafana server secret mounts +# Defines additional mounts with secrets. Secrets must be manually created in the namespace. +extraSecretMounts: [] + # - name: secret-files + # mountPath: /etc/secrets + # secretName: grafana-secret-files + # readOnly: true + # subPath: "" + # + # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) + # - name: aws-iam-token + # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount + # readOnly: true + # projected: + # defaultMode: 420 + # sources: + # - serviceAccountToken: + # audience: sts.amazonaws.com + # expirationSeconds: 86400 + # path: token + # + # for CSI e.g. Azure Key Vault use the following + # - name: secrets-store-inline + # mountPath: /run/secrets + # readOnly: true + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "akv-grafana-spc" + # nodePublishSecretRef: # Only required when using service principal mode + # name: grafana-akv-creds # Only required when using service principal mode + +## Additional grafana server volume mounts +# Defines additional volume mounts. +extraVolumeMounts: [] + # - name: extra-volume-0 + # mountPath: /mnt/volume0 + # readOnly: true + # existingClaim: volume-claim + # - name: extra-volume-1 + # mountPath: /mnt/volume1 + # readOnly: true + # hostPath: /usr/shared/ + +## Pass the plugins you want installed as a list. +## +plugins: [] + # - digrich-bubblechart-panel + # - grafana-clock-panel + +## Configure grafana datasources +## ref: http://docs.grafana.org/administration/provisioning/#datasources +## +datasources: {} +# datasources.yaml: +# apiVersion: 1 +# datasources: +# - name: Prometheus +# type: prometheus +# url: http://prometheus-prometheus-server +# access: proxy +# isDefault: true +# - name: CloudWatch +# type: cloudwatch +# access: proxy +# uid: cloudwatch +# editable: false +# jsonData: +# authType: credentials +# defaultRegion: us-east-1 + +## Configure notifiers +## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels +## +notifiers: {} +# notifiers.yaml: +# notifiers: +# - name: email-notifier +# type: email +# uid: email1 +# # either: +# org_id: 1 +# # or +# org_name: Main Org. +# is_default: true +# settings: +# addresses: an_email_address@example.com +# delete_notifiers: + +## Configure grafana dashboard providers +## ref: http://docs.grafana.org/administration/provisioning/#dashboards +## +## `path` must be /var/lib/grafana/dashboards/ +## +dashboardProviders: {} +# dashboardproviders.yaml: +# apiVersion: 1 +# providers: +# - name: 'default' +# orgId: 1 +# folder: '' +# type: file +# disableDeletion: false +# editable: true +# options: +# path: /var/lib/grafana/dashboards/default + +## Configure grafana dashboard to import +## NOTE: To use dashboards you must also enable/configure dashboardProviders +## ref: https://grafana.com/dashboards +## +## dashboards per provider, use provider name as key. +## +dashboards: {} + # default: + # some-dashboard: + # json: | + # $RAW_JSON + # custom-dashboard: + # file: dashboards/custom-dashboard.json + # prometheus-stats: + # gnetId: 2 + # revision: 2 + # datasource: Prometheus + # local-dashboard: + # url: https://example.com/repository/test.json + # token: '' + # local-dashboard-base64: + # url: https://example.com/repository/test-b64.json + # token: '' + # b64content: true + +## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. +## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. +## ConfigMap data example: +## +## data: +## example-dashboard.json: | +## RAW_JSON +## +dashboardsConfigMaps: {} +# default: "" + +## Grafana's primary configuration +## NOTE: values in map will be converted to ini format +## ref: http://docs.grafana.org/installation/configuration/ +## +grafana.ini: + paths: + data: /var/lib/grafana/ + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net +## grafana Authentication can be enabled with the following values on grafana.ini + # server: + # The full public facing url you use in browser, used for redirects and emails + # root_url: + # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana + # auth.github: + # enabled: false + # allow_sign_up: false + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # api_url: https://api.github.com/user + # team_ids: + # allowed_organizations: + # client_id: + # client_secret: +## LDAP Authentication can be enabled with the following values on grafana.ini +## NOTE: Grafana will fail to start if the value for ldap.toml is invalid + # auth.ldap: + # enabled: true + # allow_sign_up: true + # config_file: /etc/grafana/ldap.toml + +## Grafana's LDAP configuration +## Templated by the template in _helpers.tpl +## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled +## ref: http://docs.grafana.org/installation/configuration/#auth-ldap +## ref: http://docs.grafana.org/installation/ldap/#configuration +ldap: + enabled: false + # `existingSecret` is a reference to an existing secret containing the ldap configuration + # for Grafana in a key `ldap-toml`. + existingSecret: "" + # `config` is the content of `ldap.toml` that will be stored in the created secret + config: "" + # config: |- + # verbose_logging = true + + # [[servers]] + # host = "my-ldap-server" + # port = 636 + # use_ssl = true + # start_tls = false + # ssl_skip_verify = false + # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" + +## Grafana's SMTP configuration +## NOTE: To enable, grafana.ini must be configured with smtp.enabled +## ref: http://docs.grafana.org/installation/configuration/#smtp +smtp: + # `existingSecret` is a reference to an existing secret containing the smtp configuration + # for Grafana. + existingSecret: "" + userKey: "user" + passwordKey: "password" + +## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders +## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards +sidecar: + image: + repository: rancher/mirrored-kiwigrid-k8s-sidecar + tag: 1.12.2 + sha: "" + imagePullPolicy: IfNotPresent + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi + # skipTlsVerify Set to true to skip tls verification for kube api calls + # skipTlsVerify: true + enableUniqueFilenames: false + dashboards: + enabled: false + SCProvider: true + # label that the configmaps with dashboards are marked with + label: grafana_dashboard + # value of label that the configmaps with dashboards are set to + labelValue: null + # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) + folder: /tmp/dashboards + # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead + defaultFolderName: null + # If specified, the sidecar will search for dashboard config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # search in configmap, secret or both + resource: both + # If specified, the sidecar will look for annotation with this name to create folder and put graph here. + # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. + folderAnnotation: null + # provider configuration that lets grafana manage the dashboards + provider: + # name of the provider, should be unique + name: sidecarProvider + # orgid as configured in grafana + orgid: 1 + # folder in which the dashboards should be imported in grafana + folder: '' + # type of the provider + type: file + # disableDelete to activate a import-only behaviour + disableDelete: false + # allow updating provisioned dashboards from the UI + allowUiUpdates: false + # allow Grafana to replicate dashboard structure from filesystem + foldersFromFilesStructure: false + datasources: + enabled: false + # label that the configmaps with datasources are marked with + label: grafana_datasource + # value of label that the configmaps with datasources are set to + labelValue: null + # If specified, the sidecar will search for datasource config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # search in configmap, secret or both + resource: both + notifiers: + enabled: false + # label that the configmaps with notifiers are marked with + label: grafana_notifier + # If specified, the sidecar will search for notifier config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # search in configmap, secret or both + resource: both + +## Override the deployment namespace +## +namespaceOverride: "" + +## Number of old ReplicaSets to retain +## +revisionHistoryLimit: 10 + +## Add a seperate remote image renderer deployment/service +imageRenderer: + # Enable the image-renderer deployment & service + enabled: false + replicas: 1 + image: + # image-renderer Image repository + repository: rancher/mirrored-grafana-grafana-image-renderer + # image-renderer Image tag + tag: 3.0.1 + # image-renderer Image sha (optional) + sha: "" + # image-renderer ImagePullPolicy + pullPolicy: Always + # extra environment variables + env: + HTTP_HOST: "0.0.0.0" + # RENDERING_ARGS: --disable-gpu,--window-size=1280x758 + # RENDERING_MODE: clustered + # image-renderer deployment serviceAccount + serviceAccountName: "" + # image-renderer deployment securityContext + securityContext: {} + # image-renderer deployment Host Aliases + hostAliases: [] + # image-renderer deployment priority class + priorityClassName: '' + service: + # Enable the image-renderer service + enabled: true + # image-renderer service port name + portName: 'http' + # image-renderer service port used by both service and deployment + port: 8081 + targetPort: 8081 + # In case a sub_path is used this needs to be added to the image renderer callback + grafanaSubPath: "" + # name of the image-renderer port on the pod + podPortName: http + # number of image-renderer replica sets to keep + revisionHistoryLimit: 10 + networkPolicy: + # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods + limitIngress: true + # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods + limitEgress: false + resources: {} +# limits: +# cpu: 100m +# memory: 100Mi +# requests: +# cpu: 50m +# memory: 50Mi diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/Chart.yaml new file mode 100644 index 000000000..5d1f3a478 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: hardenedKubelet +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedKubelet/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/Chart.yaml new file mode 100644 index 000000000..4d6899cff --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: hardenedNodeExporter +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/hardenedNodeExporter/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/Chart.yaml new file mode 100644 index 000000000..9cff4227c --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: k3sServer +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/k3sServer/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/Chart.yaml new file mode 100644 index 000000000..9e2ebba4a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/Chart.yaml @@ -0,0 +1,25 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-kube-state-metrics +apiVersion: v2 +appVersion: 2.0.0 +description: Install kube-state-metrics to generate and expose cluster-level metrics +home: https://github.com/kubernetes/kube-state-metrics/ +keywords: +- metric +- monitoring +- prometheus +- kubernetes +maintainers: +- email: tariq.ibrahim@mulesoft.com + name: tariq1890 +- email: manuel@rueg.eu + name: mrueg +name: kube-state-metrics +sources: +- https://github.com/kubernetes/kube-state-metrics/ +type: application +version: 3.2.0 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/README.md new file mode 100644 index 000000000..7c2e16918 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/README.md @@ -0,0 +1,68 @@ +# kube-state-metrics Helm Chart + +Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics + +You can upgrade in-place: + +1. [get repo info](#get-repo-info) +1. [upgrade](#upgrading-chart) your existing release name using the new chart repo + + +## Upgrading to v3.0.0 + +v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side. + +The upgraded chart now the following changes: +* Dropped support for helm v2 (helm v3 or later is required) +* collectors key was renamed to resources +* namespace key was renamed to namespaces + + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: + +```console +helm show values prometheus-community/kube-state-metrics +``` + +You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options. diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/NOTES.txt b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/NOTES.txt new file mode 100644 index 000000000..5a646e0cc --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/NOTES.txt @@ -0,0 +1,10 @@ +kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. +The exposed metrics can be found here: +https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics + +The metrics are exported on the HTTP endpoint /metrics on the listening port. +In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics + +They are served either as plaintext or protobuf depending on the Accept header. +They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. + diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/_helpers.tpl new file mode 100644 index 000000000..4f76b188b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/_helpers.tpl @@ -0,0 +1,76 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-state-metrics.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kube-state-metrics.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kube-state-metrics.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-state-metrics.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..af158c512 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/clusterrolebinding.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- if .Values.rbac.useExistingRole }} + name: {{ .Values.rbac.useExistingRole }} +{{- else }} + name: {{ template "kube-state-metrics.fullname" . }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/deployment.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/deployment.yaml new file mode 100644 index 000000000..f338308ad --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/deployment.yaml @@ -0,0 +1,224 @@ +apiVersion: apps/v1 +{{- if .Values.autosharding.enabled }} +kind: StatefulSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + app.kubernetes.io/version: "{{ .Chart.AppVersion }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + replicas: {{ .Values.replicas }} +{{- if .Values.autosharding.enabled }} + serviceName: {{ template "kube-state-metrics.fullname" . }} + volumeClaimTemplates: [] +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: "{{ .Release.Name }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 8 }} +{{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + containers: + - name: {{ .Chart.Name }} +{{- if .Values.autosharding.enabled }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + args: +{{ if .Values.extraArgs }} + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} +{{ end }} +{{ if .Values.collectors.certificatesigningrequests }} + - --resources=certificatesigningrequests +{{ end }} +{{ if .Values.collectors.configmaps }} + - --resources=configmaps +{{ end }} +{{ if .Values.collectors.cronjobs }} + - --resources=cronjobs +{{ end }} +{{ if .Values.collectors.daemonsets }} + - --resources=daemonsets +{{ end }} +{{ if .Values.collectors.deployments }} + - --resources=deployments +{{ end }} +{{ if .Values.collectors.endpoints }} + - --resources=endpoints +{{ end }} +{{ if .Values.collectors.horizontalpodautoscalers }} + - --resources=horizontalpodautoscalers +{{ end }} +{{ if .Values.collectors.ingresses }} + - --resources=ingresses +{{ end }} +{{ if .Values.collectors.jobs }} + - --resources=jobs +{{ end }} +{{ if .Values.collectors.limitranges }} + - --resources=limitranges +{{ end }} +{{ if .Values.collectors.mutatingwebhookconfigurations }} + - --resources=mutatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.namespaces }} + - --resources=namespaces +{{ end }} +{{ if .Values.collectors.networkpolicies }} + - --resources=networkpolicies +{{ end }} +{{ if .Values.collectors.nodes }} + - --resources=nodes +{{ end }} +{{ if .Values.collectors.persistentvolumeclaims }} + - --resources=persistentvolumeclaims +{{ end }} +{{ if .Values.collectors.persistentvolumes }} + - --resources=persistentvolumes +{{ end }} +{{ if .Values.collectors.poddisruptionbudgets }} + - --resources=poddisruptionbudgets +{{ end }} +{{ if .Values.collectors.pods }} + - --resources=pods +{{ end }} +{{ if .Values.collectors.replicasets }} + - --resources=replicasets +{{ end }} +{{ if .Values.collectors.replicationcontrollers }} + - --resources=replicationcontrollers +{{ end }} +{{ if .Values.collectors.resourcequotas }} + - --resources=resourcequotas +{{ end }} +{{ if .Values.collectors.secrets }} + - --resources=secrets +{{ end }} +{{ if .Values.collectors.services }} + - --resources=services +{{ end }} +{{ if .Values.collectors.statefulsets }} + - --resources=statefulsets +{{ end }} +{{ if .Values.collectors.storageclasses }} + - --resources=storageclasses +{{ end }} +{{ if .Values.collectors.validatingwebhookconfigurations }} + - --resources=validatingwebhookconfigurations +{{ end }} +{{ if .Values.collectors.verticalpodautoscalers }} + - --resources=verticalpodautoscalers +{{ end }} +{{ if .Values.collectors.volumeattachments }} + - --resources=volumeattachments +{{ end }} +{{ if .Values.namespaces }} + - --namespaces={{ tpl .Values.namespaces $ | join "," }} +{{ end }} +{{ if .Values.autosharding.enabled }} + - --pod=$(POD_NAME) + - --pod-namespace=$(POD_NAMESPACE) +{{ end }} +{{ if .Values.kubeconfig.enabled }} + - --kubeconfig=/opt/k8s/.kube/config +{{ end }} +{{ if .Values.selfMonitor.telemetryHost }} + - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} +{{ end }} + - --telemetry-port=8081 +{{- if .Values.kubeconfig.enabled }} + volumeMounts: + - name: kubeconfig + mountPath: /opt/k8s/.kube/ + readOnly: true +{{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: 8080 +{{- if .Values.selfMonitor.enabled }} + - containerPort: 8081 +{{- end }} + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 +{{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- end }} +{{- if .Values.containerSecurityContext }} + securityContext: +{{ toYaml .Values.containerSecurityContext | indent 10 }} +{{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} +{{- if .Values.kubeconfig.enabled}} + volumes: + - name: kubeconfig + secret: + secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/kubeconfig-secret.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/kubeconfig-secret.yaml new file mode 100644 index 000000000..a7800d7ad --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/kubeconfig-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.kubeconfig.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +type: Opaque +data: + config: '{{ .Values.kubeconfig.secret }}' +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/pdb.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/pdb.yaml new file mode 100644 index 000000000..d3ef8104e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/pdb.yaml @@ -0,0 +1,20 @@ +{{- if .Values.podDisruptionBudget -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} +{{ toYaml .Values.podDisruptionBudget | indent 2 }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000..e822ba0e7 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/podsecuritypolicy.yaml @@ -0,0 +1,42 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.podSecurityPolicy.annotations }} + annotations: +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + volumes: + - 'secret' +{{- if .Values.podSecurityPolicy.additionalVolumes }} +{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/psp-clusterrole.yaml new file mode 100644 index 000000000..217abc950 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/psp-clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml new file mode 100644 index 000000000..feb97f228 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: psp-{{ template "kube-state-metrics.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/role.yaml new file mode 100644 index 000000000..25c8bc893 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/role.yaml @@ -0,0 +1,190 @@ +{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} +{{- range (split "," .Values.namespaces) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq $.Values.rbac.useClusterRole false }} +kind: Role +{{- else }} +kind: ClusterRole +{{- end }} +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- if eq $.Values.rbac.useClusterRole false }} + namespace: {{ . }} +{{- end }} +rules: +{{ if $.Values.collectors.certificatesigningrequests }} +- apiGroups: ["certificates.k8s.io"] + resources: + - certificatesigningrequests + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.configmaps }} +- apiGroups: [""] + resources: + - configmaps + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.cronjobs }} +- apiGroups: ["batch"] + resources: + - cronjobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.daemonsets }} +- apiGroups: ["extensions", "apps"] + resources: + - daemonsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.deployments }} +- apiGroups: ["extensions", "apps"] + resources: + - deployments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.endpoints }} +- apiGroups: [""] + resources: + - endpoints + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.horizontalpodautoscalers }} +- apiGroups: ["autoscaling"] + resources: + - horizontalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.ingresses }} +- apiGroups: ["extensions", "networking.k8s.io"] + resources: + - ingresses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.jobs }} +- apiGroups: ["batch"] + resources: + - jobs + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.limitranges }} +- apiGroups: [""] + resources: + - limitranges + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.mutatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - mutatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.namespaces }} +- apiGroups: [""] + resources: + - namespaces + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.networkpolicies }} +- apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.nodes }} +- apiGroups: [""] + resources: + - nodes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumeclaims }} +- apiGroups: [""] + resources: + - persistentvolumeclaims + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.persistentvolumes }} +- apiGroups: [""] + resources: + - persistentvolumes + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.poddisruptionbudgets }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.pods }} +- apiGroups: [""] + resources: + - pods + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicasets }} +- apiGroups: ["extensions", "apps"] + resources: + - replicasets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.replicationcontrollers }} +- apiGroups: [""] + resources: + - replicationcontrollers + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.resourcequotas }} +- apiGroups: [""] + resources: + - resourcequotas + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.secrets }} +- apiGroups: [""] + resources: + - secrets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.services }} +- apiGroups: [""] + resources: + - services + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.statefulsets }} +- apiGroups: ["apps"] + resources: + - statefulsets + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.storageclasses }} +- apiGroups: ["storage.k8s.io"] + resources: + - storageclasses + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.validatingwebhookconfigurations }} +- apiGroups: ["admissionregistration.k8s.io"] + resources: + - validatingwebhookconfigurations + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.volumeattachments }} +- apiGroups: ["storage.k8s.io"] + resources: + - volumeattachments + verbs: ["list", "watch"] +{{ end -}} +{{ if $.Values.collectors.verticalpodautoscalers }} +- apiGroups: ["autoscaling.k8s.io"] + resources: + - verticalpodautoscalers + verbs: ["list", "watch"] +{{ end -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/rolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/rolebinding.yaml new file mode 100644 index 000000000..72a1a2e90 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/rolebinding.yaml @@ -0,0 +1,27 @@ +{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} +{{- range (split "," $.Values.namespaces) }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role +{{- if (not $.Values.rbac.useExistingRole) }} + name: {{ template "kube-state-metrics.fullname" $ }} +{{- else }} + name: {{ $.Values.rbac.useExistingRole }} +{{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" $ }} + namespace: {{ template "kube-state-metrics.namespace" $ }} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/service.yaml new file mode 100644 index 000000000..4f8e4a497 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/service.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} + annotations: + {{- if .Values.prometheusScrape }} + prometheus.io/scrape: '{{ .Values.prometheusScrape }}' + {{- end }} + {{- if .Values.service.annotations }} + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + type: "{{ .Values.service.type }}" + ports: + - name: "http" + protocol: TCP + port: {{ .Values.service.port }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: 8080 + {{ if .Values.selfMonitor.enabled }} + - name: "metrics" + protocol: TCP + port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} + targetPort: 8081 + {{ end }} +{{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" +{{- end }} + selector: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/serviceaccount.yaml new file mode 100644 index 000000000..2e8a1ee38 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/servicemonitor.yaml new file mode 100644 index 000000000..7d1cd7aa1 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/servicemonitor.yaml @@ -0,0 +1,34 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: http + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ if .Values.selfMonitor.enabled }} + - port: metrics + {{- if .Values.prometheus.monitor.honorLabels }} + honorLabels: true + {{- end }} + {{ end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/stsdiscovery-role.yaml new file mode 100644 index 000000000..9770b0498 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/stsdiscovery-role.yaml @@ -0,0 +1,29 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resourceNames: + - {{ template "kube-state-metrics.fullname" . }} + resources: + - statefulsets + verbs: + - get + - list + - watch +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml new file mode 100644 index 000000000..6a2e5bfe7 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.autosharding.enabled .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} + labels: + app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-state-metrics.fullname" . }} + namespace: {{ template "kube-state-metrics.namespace" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/values.yaml new file mode 100644 index 000000000..052e534de --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kube-state-metrics/values.yaml @@ -0,0 +1,189 @@ +global: + cattle: + systemDefaultRegistry: "" + +# Default values for kube-state-metrics. +prometheusScrape: true +image: + repository: rancher/mirrored-kube-state-metrics-kube-state-metrics + tag: v2.0.0 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +# - name: "image-pull-secret" + +# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data +# will be automatically sharded across <.Values.replicas> pods using the built-in +# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding +# This is an experimental feature and there are no stability guarantees. +autosharding: + enabled: false + +replicas: 1 + +# List of additional cli arguments to configure kube-state-metrics +# for example: --enable-gzip-encoding, --log-file, etc. +# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md +extraArgs: [] + +service: + port: 8080 + # Default to clusterIP for backward compatibility + type: ClusterIP + nodePort: 0 + loadBalancerIP: "" + annotations: {} + +customLabels: {} + +hostNetwork: false + +rbac: + # If true, create & use RBAC resources + create: true + + # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. + # useExistingRole: your-existing-role + + # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) + useClusterRole: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created, require rbac true + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + # Reference to one or more secrets to be used when pulling images + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + imagePullSecrets: [] + # ServiceAccount annotations. + # Use case: AWS EKS IAM roles for service accounts + # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html + annotations: {} + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + honorLabels: false + +## Specify if a Pod Security Policy for kube-state-metrics must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: false + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + additionalVolumes: [] + +securityContext: + enabled: true + runAsNonRoot: true + runAsGroup: 65534 + runAsUser: 65534 + fsGroup: 65534 + +## Specify security settings for a Container +## Allows overrides and additional options compared to (Pod) securityContext +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +containerSecurityContext: {} + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Affinity settings for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Annotations to be added to the pod +podAnnotations: {} + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +podDisruptionBudget: {} + +# Available collectors for kube-state-metrics. By default all available +# resources are enabled. +collectors: + certificatesigningrequests: true + configmaps: true + cronjobs: true + daemonsets: true + deployments: true + endpoints: true + horizontalpodautoscalers: true + ingresses: true + jobs: true + limitranges: true + mutatingwebhookconfigurations: true + namespaces: true + networkpolicies: true + nodes: true + persistentvolumeclaims: true + persistentvolumes: true + poddisruptionbudgets: true + pods: true + replicasets: true + replicationcontrollers: true + resourcequotas: true + secrets: true + services: true + statefulsets: true + storageclasses: true + validatingwebhookconfigurations: true + verticalpodautoscalers: false + volumeattachments: true + +# Enabling kubeconfig will pass the --kubeconfig argument to the container +kubeconfig: + enabled: false + # base64 encoded kube-config file + secret: + +# Comma-separated list of namespaces to be enabled for collecting resources. By default all namespaces are collected. +namespaces: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 10m + # memory: 32Mi + +## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. +## For example: kubeTargetVersionOverride: 1.14.9 +## +kubeTargetVersionOverride: "" + +# Enable self metrics configuration for service and Service Monitor +# Default values for telemetry configuration can be overridden +selfMonitor: + enabled: false + # telemetryHost: 0.0.0.0 + # telemetryPort: 8081 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/Chart.yaml new file mode 100644 index 000000000..cf16381b1 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmControllerManager +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmControllerManager/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/Chart.yaml new file mode 100644 index 000000000..c221ee5d3 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmEtcd +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmEtcd/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/Chart.yaml new file mode 100644 index 000000000..174b9ede2 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmProxy +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmProxy/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/Chart.yaml new file mode 100644 index 000000000..02be8ce62 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: kubeAdmScheduler +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/kubeAdmScheduler/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/Chart.yaml new file mode 100644 index 000000000..1e35ab0cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/Chart.yaml @@ -0,0 +1,26 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-prometheus-adapter +apiVersion: v1 +appVersion: v0.8.4 +description: A Helm chart for k8s prometheus adapter +home: https://github.com/DirectXMan12/k8s-prometheus-adapter +keywords: +- hpa +- metrics +- prometheus +- adapter +maintainers: +- email: mattias.gees@jetstack.io + name: mattiasgees +- name: steven-sheehy +- email: hfernandez@mesosphere.com + name: hectorj2f +name: prometheus-adapter +sources: +- https://github.com/kubernetes/charts +- https://github.com/DirectXMan12/k8s-prometheus-adapter +version: 2.14.0 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/README.md new file mode 100644 index 000000000..b6028b01a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/README.md @@ -0,0 +1,147 @@ +# Prometheus Adapter + +Installs the [Prometheus Adapter](https://github.com/DirectXMan12/k8s-prometheus-adapter) for the Custom Metrics API. Custom metrics are used in Kubernetes by [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) to scale workloads based upon your own metric pulled from an external metrics provider like Prometheus. This chart complements the [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server) chart that provides resource only metrics. + +## Prerequisites + +Kubernetes 1.14+ + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm 3 +$ helm install [RELEASE_NAME] prometheus-community/prometheus-adapter + +# Helm 2 +$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-adapter +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +# Helm 3 +$ helm uninstall [RELEASE_NAME] + +# Helm 2 +# helm delete --purge [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +# Helm 3 or 2 +$ helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +## Configuration + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +# Helm 2 +$ helm inspect values prometheus-community/prometheus-adapter + +# Helm 3 +$ helm show values prometheus-community/prometheus-adapter +``` + +### Prometheus Service Endpoint + +To use the chart, ensure the `prometheus.url` and `prometheus.port` are configured with the correct Prometheus service endpoint. If Prometheus is exposed under HTTPS the host's CA Bundle must be exposed to the container using `extraVolumes` and `extraVolumeMounts`. + +### Adapter Rules + +Additionally, the chart comes with a set of default rules out of the box but they may pull in too many metrics or not map them correctly for your needs. Therefore, it is recommended to populate `rules.custom` with a list of rules (see the [config document](https://github.com/DirectXMan12/k8s-prometheus-adapter/blob/master/docs/config.md) for the proper format). + +### Horizontal Pod Autoscaler Metrics + +Finally, to configure your Horizontal Pod Autoscaler to use the custom metric, see the custom metrics section of the [HPA walkthrough](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics). + +The Prometheus Adapter can serve three different [metrics APIs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-metrics-apis): + +### Custom Metrics + +Enabling this option will cause custom metrics to be served at `/apis/custom.metrics.k8s.io/v1beta1`. Enabled by default when `rules.default` is true, but can be customized by populating `rules.custom`: + +```yaml +rules: + custom: + - seriesQuery: '{__name__=~"^some_metric_count$"}' + resources: + template: <<.Resource>> + name: + matches: "" + as: "my_custom_metric" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) +``` + +### External Metrics + +Enabling this option will cause external metrics to be served at `/apis/external.metrics.k8s.io/v1beta1`. Can be enabled by populating `rules.external`: + +```yaml +rules: + external: + - seriesQuery: '{__name__=~"^some_metric_count$"}' + resources: + template: <<.Resource>> + name: + matches: "" + as: "my_external_metric" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) +``` + +### Resource Metrics + +Enabling this option will cause resource metrics to be served at `/apis/metrics.k8s.io/v1beta1`. Resource metrics will allow pod CPU and Memory metrics to be used in [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) as well as the `kubectl top` command. Can be enabled by populating `rules.resource`: + +```yaml +rules: + resource: + cpu: + containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, container!=""}[3m])) by (<<.GroupBy>>) + nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[3m])) by (<<.GroupBy>>) + resources: + overrides: + instance: + resource: node + namespace: + resource: namespace + pod: + resource: pod + containerLabel: container + memory: + containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>, container!=""}) by (<<.GroupBy>>) + nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>) + resources: + overrides: + instance: + resource: node + namespace: + resource: namespace + pod: + resource: pod + containerLabel: container + window: 3m +``` + +**NOTE:** Setting a value for `rules.resource` will also deploy the resource metrics API service, providing the same functionality as [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server). As such it is not possible to deploy them both in the same cluster. diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/NOTES.txt b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/NOTES.txt new file mode 100644 index 000000000..b7b9b9932 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/NOTES.txt @@ -0,0 +1,9 @@ +{{ template "k8s-prometheus-adapter.fullname" . }} has been deployed. +In a few minutes you should be able to list metrics using the following command(s): +{{ if .Values.rules.resource }} + kubectl get --raw /apis/metrics.k8s.io/v1beta1 +{{- end }} + kubectl get --raw /apis/custom.metrics.k8s.io/v1beta1 +{{ if .Values.rules.external }} + kubectl get --raw /apis/external.metrics.k8s.io/v1beta1 +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/_helpers.tpl new file mode 100644 index 000000000..35c38b621 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/_helpers.tpl @@ -0,0 +1,72 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "k8s-prometheus-adapter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "k8s-prometheus-adapter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "k8s-prometheus-adapter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "k8s-prometheus-adapter.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "k8s-prometheus-adapter.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/certmanager.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/certmanager.yaml new file mode 100644 index 000000000..7999e3c21 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/certmanager.yaml @@ -0,0 +1,48 @@ +{{- if .Values.certManager.enabled -}} +--- +# Create a selfsigned Issuer, in order to create a root CA certificate for +# signing webhook serving certificates +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer +spec: + selfSigned: {} +--- +# Generate a CA Certificate used to sign certificates for the webhook +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert +spec: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert + duration: {{ .Values.certManager.caCertDuration }} + issuerRef: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer + commonName: "ca.webhook.prometheus-adapter" + isCA: true +--- +# Create an Issuer that uses the above generated CA certificate to issue certs +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer +spec: + ca: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert +--- +# Finally, generate a serving certificate for the apiservices to use +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-cert +spec: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }} + duration: {{ .Values.certManager.certDuration }} + issuerRef: + name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer + dnsNames: + - {{ template "k8s-prometheus-adapter.fullname" . }} + - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ .Release.Namespace }} + - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ .Release.Namespace }}.svc +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml new file mode 100644 index 000000000..2bc9eb740 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-system-auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml new file mode 100644 index 000000000..ec7e5e476 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml new file mode 100644 index 000000000..319460a33 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml @@ -0,0 +1,23 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader +rules: +- apiGroups: + - "" + resources: + - namespaces + - pods + - services + - configmaps + verbs: + - get + - list + - watch +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/configmap.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/configmap.yaml new file mode 100644 index 000000000..fbc155dc8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/configmap.yaml @@ -0,0 +1,96 @@ +{{- if not .Values.rules.existing -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + config.yaml: | +{{- if or .Values.rules.default .Values.rules.custom }} + rules: +{{- if .Values.rules.default }} + - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' + seriesFilters: [] + resources: + overrides: + namespace: + resource: namespace + pod: + resource: pod + name: + matches: ^container_(.*)_seconds_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[5m])) + by (<<.GroupBy>>) + - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' + seriesFilters: + - isNot: ^container_.*_seconds_total$ + resources: + overrides: + namespace: + resource: namespace + pod: + resource: pod + name: + matches: ^container_(.*)_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[5m])) + by (<<.GroupBy>>) + - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' + seriesFilters: + - isNot: ^container_.*_total$ + resources: + overrides: + namespace: + resource: namespace + pod: + resource: pod + name: + matches: ^container_(.*)$ + as: "" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>,container!="POD"}) by (<<.GroupBy>>) + - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' + seriesFilters: + - isNot: .*_total$ + resources: + template: <<.Resource>> + name: + matches: "" + as: "" + metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) + - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' + seriesFilters: + - isNot: .*_seconds_total + resources: + template: <<.Resource>> + name: + matches: ^(.*)_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) + - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' + seriesFilters: [] + resources: + template: <<.Resource>> + name: + matches: ^(.*)_seconds_total$ + as: "" + metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) +{{- end -}} +{{- if .Values.rules.custom }} +{{ toYaml .Values.rules.custom | indent 4 }} +{{- end -}} +{{- end -}} +{{- if .Values.rules.external }} + externalRules: +{{ toYaml .Values.rules.external | indent 4 }} +{{- end -}} +{{- if .Values.rules.resource }} + resourceRules: +{{ toYaml .Values.rules.resource | indent 6 }} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml new file mode 100644 index 000000000..9bc1cbda1 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml @@ -0,0 +1,32 @@ +{{- if or .Values.rules.default .Values.rules.custom }} +{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} +apiVersion: apiregistration.k8s.io/v1 +{{- else }} +apiVersion: apiregistration.k8s.io/v1beta1 +{{- end }} +kind: APIService +metadata: +{{- if .Values.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: v1beta1.custom.metrics.k8s.io +spec: + service: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.tls.enable }} + caBundle: {{ b64enc .Values.tls.ca }} + {{- end }} + group: custom.metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml new file mode 100644 index 000000000..93ade6f8f --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml @@ -0,0 +1,23 @@ +{{- /* +This if must be aligned with custom-metrics-cluster-role.yaml +as otherwise this binding will point to not existing role. +*/ -}} +{{- if and .Values.rbac.create (or .Values.rules.default .Values.rules.custom) -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-server-resources +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml new file mode 100644 index 000000000..33daf7113 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.rbac.create (or .Values.rules.default .Values.rules.custom) -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-server-resources +rules: +- apiGroups: + - custom.metrics.k8s.io + resources: ["*"] + verbs: ["*"] +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/deployment.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/deployment.yaml new file mode 100644 index 000000000..43fb65dc8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/deployment.yaml @@ -0,0 +1,135 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "k8s-prometheus-adapter.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.podLabels }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} + name: {{ template "k8s-prometheus-adapter.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + {{- if .Values.hostNetwork.enabled }} + hostNetwork: true + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy }} + {{- end}} + containers: + - name: {{ .Chart.Name }} + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - /adapter + - --secure-port={{ .Values.listenPort }} + {{- if or .Values.tls.enable .Values.certManager.enabled }} + - --tls-cert-file=/var/run/serving-cert/tls.crt + - --tls-private-key-file=/var/run/serving-cert/tls.key + {{- end }} + - --cert-dir=/tmp/cert + - --logtostderr=true + - --prometheus-url={{ tpl .Values.prometheus.url . }}{{ if .Values.prometheus.port }}:{{ .Values.prometheus.port }}{{end}}{{ .Values.prometheus.path }} + - --metrics-relist-interval={{ .Values.metricsRelistInterval }} + - --v={{ .Values.logLevel }} + - --config=/etc/adapter/config.yaml + {{- if .Values.extraArguments }} + {{- toYaml .Values.extraArguments | trim | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.listenPort }} + name: https + livenessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + initialDelaySeconds: 30 + readinessProbe: + httpGet: + path: /healthz + port: https + scheme: HTTPS + initialDelaySeconds: 30 + {{- if .Values.resources }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- end }} + {{- with .Values.dnsConfig }} + dnsConfig: + {{ toYaml . | indent 8 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["all"] + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + volumeMounts: + {{- if .Values.extraVolumeMounts }} + {{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }} + {{ end }} + - mountPath: /etc/adapter/ + name: config + readOnly: true + - mountPath: /tmp + name: tmp + {{- if or .Values.tls.enable .Values.certManager.enabled }} + - mountPath: /var/run/serving-cert + name: volume-serving-cert + readOnly: true + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.nodeSelector | nindent 8 }} +{{- end }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + priorityClassName: {{ .Values.priorityClassName }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 8 }} +{{- end }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + volumes: + {{- if .Values.extraVolumes }} + {{ toYaml .Values.extraVolumes | trim | nindent 6 }} + {{ end }} + - name: config + configMap: + name: {{ .Values.rules.existing | default (include "k8s-prometheus-adapter.fullname" . ) }} + - name: tmp + emptyDir: {} + {{- if or .Values.tls.enable .Values.certManager.enabled }} + - name: volume-serving-cert + secret: + secretName: {{ template "k8s-prometheus-adapter.fullname" . }} + {{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml new file mode 100644 index 000000000..035f24694 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.rules.external }} +{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} +apiVersion: apiregistration.k8s.io/v1 +{{- else }} +apiVersion: apiregistration.k8s.io/v1beta1 +{{- end }} +kind: APIService +metadata: +{{- if .Values.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: v1beta1.external.metrics.k8s.io +spec: + service: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.tls.enable }} + caBundle: {{ b64enc .Values.tls.ca }} + {{- end }} + group: external.metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml new file mode 100644 index 000000000..0776029af --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.rbac.create .Values.rules.external -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller-external-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-external-metrics +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: kube-system +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml new file mode 100644 index 000000000..4adbd6537 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.rbac.create .Values.rules.external -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-external-metrics +rules: +- apiGroups: + - "external.metrics.k8s.io" + resources: + - "*" + verbs: + - list + - get + - watch +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/pdb.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/pdb.yaml new file mode 100644 index 000000000..b70309f6f --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/pdb.yaml @@ -0,0 +1,22 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: {{ template "k8s-prometheus-adapter.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/psp.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/psp.yaml new file mode 100644 index 000000000..c5ae10607 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/psp.yaml @@ -0,0 +1,71 @@ +{{- if .Values.psp.create -}} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + {{- if .Values.hostNetwork.enabled }} + hostNetwork: true + hostPorts: + - min: {{ .Values.listenPort }} + max: {{ .Values.listenPort }} + {{- end }} + fsGroup: + rule: RunAsAny + runAsGroup: + rule: RunAsAny + runAsUser: + rule: MustRunAs + ranges: + - min: 1024 + max: 65535 + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret + - emptyDir + - configMap +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-psp +rules: +- apiGroups: + - 'policy' + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "k8s-prometheus-adapter.fullname" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-psp +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-psp +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml new file mode 100644 index 000000000..ab75b2f6c --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.rules.resource}} +{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} +apiVersion: apiregistration.k8s.io/v1 +{{- else }} +apiVersion: apiregistration.k8s.io/v1beta1 +{{- end }} +kind: APIService +metadata: +{{- if .Values.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "k8s-prometheus-adapter.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: v1beta1.metrics.k8s.io +spec: + service: + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + {{- if .Values.tls.enable }} + caBundle: {{ b64enc .Values.tls.ca }} + {{- end }} + group: metrics.k8s.io + version: v1beta1 + insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} + groupPriorityMinimum: 100 + versionPriority: 100 +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml new file mode 100644 index 000000000..0534af11e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.rbac.create .Values.rules.resource -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-prometheus-adapter.name" . }}-metrics +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml new file mode 100644 index 000000000..01a307d69 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.rbac.create .Values.rules.resource -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-metrics +rules: +- apiGroups: + - "" + resources: + - pods + - nodes + - nodes/stats + verbs: + - get + - list + - watch +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml new file mode 100644 index 000000000..60f18f2b3 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.name" . }}-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/secret.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/secret.yaml new file mode 100644 index 000000000..38e7cb624 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.tls.enable -}} +apiVersion: v1 +kind: Secret +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.fullname" . }} +type: kubernetes.io/tls +data: + tls.crt: {{ b64enc .Values.tls.certificate }} + tls.key: {{ b64enc .Values.tls.key }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/service.yaml new file mode 100644 index 000000000..6bccda911 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: https + selector: + app: {{ template "k8s-prometheus-adapter.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} + diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/serviceaccount.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/serviceaccount.yaml new file mode 100644 index 000000000..c3050f052 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "k8s-prometheus-adapter.name" . }} + chart: {{ template "k8s-prometheus-adapter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +{{- end }} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/values.yaml new file mode 100644 index 000000000..3da3cf5bf --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-adapter/values.yaml @@ -0,0 +1,185 @@ +# Default values for k8s-prometheus-adapter.. +global: + cattle: + systemDefaultRegistry: "" + +affinity: {} + +image: + repository: rancher/mirrored-directxman12-k8s-prometheus-adapter + tag: v0.8.4 + pullPolicy: IfNotPresent + +logLevel: 4 + +metricsRelistInterval: 1m + +listenPort: 6443 + +nodeSelector: {} + +priorityClassName: "" + +# Url to access prometheus +prometheus: + # Value is templated + url: http://prometheus.default.svc + port: 9090 + path: "" + +replicas: 1 + +rbac: + # Specifies whether RBAC resources should be created + create: true + +psp: + # Specifies whether PSP resources should be created + create: false + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + # ServiceAccount annotations. + # Use case: AWS EKS IAM roles for service accounts + # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html + annotations: {} + +# Custom DNS configuration to be added to prometheus-adapter pods +dnsConfig: {} +# nameservers: +# - 1.2.3.4 +# searches: +# - ns1.svc.cluster-domain.example +# - my.dns.search.suffix +# options: +# - name: ndots +# value: "2" +# - name: edns0 +resources: {} + # requests: + # cpu: 100m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + +rules: + default: true + custom: [] +# - seriesQuery: '{__name__=~"^some_metric_count$"}' +# resources: +# template: <<.Resource>> +# name: +# matches: "" +# as: "my_custom_metric" +# metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) + # Mounts a configMap with pre-generated rules for use. Overrides the + # default, custom, external and resource entries + existing: + external: [] +# - seriesQuery: '{__name__=~"^some_metric_count$"}' +# resources: +# template: <<.Resource>> +# name: +# matches: "" +# as: "my_external_metric" +# metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) + resource: {} +# cpu: +# containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, container!=""}[3m])) by (<<.GroupBy>>) +# nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[3m])) by (<<.GroupBy>>) +# resources: +# overrides: +# instance: +# resource: node +# namespace: +# resource: namespace +# pod: +# resource: pod +# containerLabel: container +# memory: +# containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>, container!=""}) by (<<.GroupBy>>) +# nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>) +# resources: +# overrides: +# instance: +# resource: node +# namespace: +# resource: namespace +# pod: +# resource: pod +# containerLabel: container +# window: 3m + +service: + annotations: {} + port: 443 + type: ClusterIP + +tls: + enable: false + ca: |- + # Public CA file that signed the APIService + key: |- + # Private key of the APIService + certificate: |- + # Public key of the APIService + +# Any extra arguments +extraArguments: [] + # - --tls-private-key-file=/etc/tls/tls.key + # - --tls-cert-file=/etc/tls/tls.crt + +# Any extra volumes +extraVolumes: [] + # - name: example-name + # hostPath: + # path: /path/on/host + # type: DirectoryOrCreate + # - name: ssl-certs + # hostPath: + # path: /etc/ssl/certs/ca-bundle.crt + # type: File + +# Any extra volume mounts +extraVolumeMounts: [] + # - name: example-name + # mountPath: /path/in/container + # - name: ssl-certs + # mountPath: /etc/ssl/certs/ca-certificates.crt + # readOnly: true + +tolerations: [] + +# Labels added to the pod +podLabels: {} + +# Annotations added to the pod +podAnnotations: {} + +hostNetwork: + # Specifies if prometheus-adapter should be started in hostNetwork mode. + # + # You would require this enabled if you use alternate overlay networking for pods and + # API server unable to communicate with metrics-server. As an example, this is required + # if you use Weave network on EKS. See also dnsPolicy + enabled: false + +# When hostNetwork is enabled, you probably want to set this to ClusterFirstWithHostNet +# dnsPolicy: ClusterFirstWithHostNet + +podDisruptionBudget: + # Specifies if PodDisruptionBudget should be enabled + # When enabled, minAvailable or maxUnavailable should also be defined. + enabled: false + minAvailable: + maxUnavailable: 1 + +certManager: + enabled: false + caCertDuration: 43800h + certDuration: 8760h diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/Chart.yaml new file mode 100644 index 000000000..5bdb41147 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-node-exporter +apiVersion: v1 +appVersion: 1.1.2 +description: A Helm chart for prometheus node-exporter +home: https://github.com/prometheus/node_exporter/ +keywords: +- node-exporter +- prometheus +- exporter +maintainers: +- email: gianrubio@gmail.com + name: gianrubio +- name: vsliouniaev +- name: bismarck +name: prometheus-node-exporter +sources: +- https://github.com/prometheus/node_exporter/ +version: 1.18.1 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/README.md new file mode 100644 index 000000000..babde05e0 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/README.md @@ -0,0 +1,63 @@ +# Prometheus Node Exporter + +Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors. + +This chart bootstraps a prometheus [Node Exporter](http://github.com/prometheus/node_exporter) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Get Repo Info + +```console +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Install Chart + +```console +# Helm 3 +$ helm install [RELEASE_NAME] prometheus-community/prometheus-node-exporter + +# Helm 2 +$ helm install --name [RELEASE_NAME] prometheus-community/prometheus-node-exporter +``` + +_See [configuration](#configuration) below._ + +_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ + +## Uninstall Chart + +```console +# Helm 3 +$ helm uninstall [RELEASE_NAME] + +# Helm 2 +# helm delete --purge [RELEASE_NAME] +``` + +This removes all the Kubernetes components associated with the chart and deletes the release. + +_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ + +## Upgrading Chart + +```console +# Helm 3 or 2 +$ helm upgrade [RELEASE_NAME] [CHART] --install +``` + +_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ + +## Configuring + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: + +```console +# Helm 2 +$ helm inspect values prometheus-community/prometheus-node-exporter + +# Helm 3 +$ helm show values prometheus-community/prometheus-node-exporter +``` diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/NOTES.txt b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/NOTES.txt new file mode 100644 index 000000000..dc272fa99 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-node-exporter.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-node-exporter.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ template "prometheus-node-exporter.namespace" . }} {{ template "prometheus-node-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-node-exporter.namespace" . }} -l "app={{ template "prometheus-node-exporter.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:9100 to use your application" + kubectl port-forward --namespace {{ template "prometheus-node-exporter.namespace" . }} $POD_NAME 9100 +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/_helpers.tpl new file mode 100644 index 000000000..9fd0d600b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/_helpers.tpl @@ -0,0 +1,95 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus-node-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prometheus-node-exporter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "prometheus-node-exporter.labels" }} +app: {{ template "prometheus-node-exporter.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +chart: {{ template "prometheus-node-exporter.chart" . }} +{{- if .Values.podLabels}} +{{ toYaml .Values.podLabels }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prometheus-node-exporter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "prometheus-node-exporter.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "prometheus-node-exporter.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "prometheus-node-exporter.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/daemonset.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/daemonset.yaml new file mode 100644 index 000000000..bd64e6948 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -0,0 +1,187 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} + {{- if .Values.updateStrategy }} + updateStrategy: +{{ toYaml .Values.updateStrategy | indent 4 }} + {{- end }} + template: + metadata: + labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }} + {{- if .Values.podAnnotations }} + annotations: + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "prometheus-node-exporter.serviceAccountName" . }} +{{- if .Values.securityContext }} + securityContext: +{{ toYaml .Values.securityContext | indent 8 }} +{{- end }} +{{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} +{{- end }} + {{- if .Values.extraInitContainers }} + initContainers: + {{ toYaml .Values.extraInitContainers | nindent 6 }} + {{- end }} + containers: + - name: node-exporter + image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + {{- if .Values.hostRootFsMount }} + - --path.rootfs=/host/root + {{- end }} + - --web.listen-address=$(HOST_IP):{{ .Values.service.port }} +{{- if .Values.extraArgs }} +{{ toYaml .Values.extraArgs | indent 12 }} +{{- end }} + {{- with .Values.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 12 }} + {{- end }} + env: + - name: HOST_IP + {{- if .Values.service.listenOnAllInterfaces }} + value: 0.0.0.0 + {{- else }} + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: {{ .Values.service.port }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.service.port }} + resources: +{{ toYaml .Values.resources | indent 12 }} + volumeMounts: + - name: proc + mountPath: /host/proc + readOnly: true + - name: sys + mountPath: /host/sys + readOnly: true + {{- if .Values.hostRootFsMount }} + - name: root + mountPath: /host/root + mountPropagation: HostToContainer + readOnly: true + {{- end }} + {{- if .Values.extraHostVolumeMounts }} + {{- range $_, $mount := .Values.extraHostVolumeMounts }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: {{ $mount.readOnly }} + {{- if $mount.mountPropagation }} + mountPropagation: {{ $mount.mountPropagation }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.sidecarVolumeMount }} + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: true + {{- end }} + {{- end }} + {{- if .Values.configmaps }} + {{- range $_, $mount := .Values.configmaps }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + {{- end }} + {{- if .Values.secrets }} + {{- range $_, $mount := .Values.secrets }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + {{- end }} + {{- end }} + {{- end }} +{{- if .Values.sidecars }} +{{ toYaml .Values.sidecars | indent 8 }} + {{- if .Values.sidecarVolumeMount }} + volumeMounts: + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: {{ $mount.readOnly }} + {{- end }} + {{- end }} +{{- end }} + hostNetwork: {{ .Values.hostNetwork }} + hostPID: true +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.nodeSelector }} +{{- toYaml .Values.Selector | nindent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{- toYaml .Values.tolerations | nindent 8 }} +{{- end }} + volumes: + - name: proc + hostPath: + path: /proc + - name: sys + hostPath: + path: /sys + {{- if .Values.hostRootFsMount }} + - name: root + hostPath: + path: / + {{- end }} + {{- if .Values.extraHostVolumeMounts }} + {{- range $_, $mount := .Values.extraHostVolumeMounts }} + - name: {{ $mount.name }} + hostPath: + path: {{ $mount.hostPath }} + {{- end }} + {{- end }} + {{- if .Values.sidecarVolumeMount }} + {{- range $_, $mount := .Values.sidecarVolumeMount }} + - name: {{ $mount.name }} + emptyDir: + medium: Memory + {{- end }} + {{- end }} + {{- if .Values.configmaps }} + {{- range $_, $mount := .Values.configmaps }} + - name: {{ $mount.name }} + configMap: + name: {{ $mount.name }} + {{- end }} + {{- end }} + {{- if .Values.secrets }} + {{- range $_, $mount := .Values.secrets }} + - name: {{ $mount.name }} + secret: + secretName: {{ $mount.name }} + {{- end }} + {{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/endpoints.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/endpoints.yaml new file mode 100644 index 000000000..8daaeaaff --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/endpoints.yaml @@ -0,0 +1,18 @@ +{{- if .Values.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: +{{ include "prometheus-node-exporter.labels" . | indent 4 }} +subsets: + - addresses: + {{- range .Values.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: metrics + port: 9100 + protocol: TCP +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/monitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/monitor.yaml new file mode 100644 index 000000000..2f7b6ae9e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/monitor.yaml @@ -0,0 +1,32 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} + endpoints: + - port: metrics + scheme: {{ $.Values.prometheus.monitor.scheme }} + {{- if $.Values.prometheus.monitor.bearerTokenFile }} + bearerTokenFile: {{ $.Values.prometheus.monitor.bearerTokenFile }} + {{- end }} + {{- if $.Values.prometheus.monitor.tlsConfig }} + tlsConfig: {{ toYaml $.Values.prometheus.monitor.tlsConfig | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.monitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} + {{- end }} +{{- if .Values.prometheus.monitor.relabelings }} + relabelings: +{{ toYaml .Values.prometheus.monitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml new file mode 100644 index 000000000..cb433369c --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: psp-{{ template "prometheus-node-exporter.fullname" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "prometheus-node-exporter.fullname" . }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml new file mode 100644 index 000000000..d36d93ecf --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: psp-{{ template "prometheus-node-exporter.fullname" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "prometheus-node-exporter.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp.yaml new file mode 100644 index 000000000..ec1259e01 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/psp.yaml @@ -0,0 +1,56 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +{{- if .Values.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.rbac.pspAnnotations | indent 4 }} +{{- end}} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + - 'hostPath' + hostNetwork: true + hostIPC: false + hostPID: true + hostPorts: + - min: 0 + max: 65535 + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/service.yaml new file mode 100644 index 000000000..b0a447fe3 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: metrics + selector: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/serviceaccount.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/serviceaccount.yaml new file mode 100644 index 000000000..07e9f0d94 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create -}} +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "prometheus-node-exporter.serviceAccountName" . }} + namespace: {{ template "prometheus-node-exporter.namespace" . }} + labels: + app: {{ template "prometheus-node-exporter.name" . }} + chart: {{ template "prometheus-node-exporter.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: +{{ toYaml .Values.serviceAccount.annotations | indent 4 }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/values.yaml new file mode 100644 index 000000000..5a0e6ca35 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/prometheus-node-exporter/values.yaml @@ -0,0 +1,182 @@ +# Default values for prometheus-node-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + cattle: + systemDefaultRegistry: "" + +image: + repository: rancher/mirrored-prometheus-node-exporter + tag: v1.1.2 + pullPolicy: IfNotPresent + +service: + type: ClusterIP + port: 9100 + targetPort: 9100 + nodePort: + listenOnAllInterfaces: true + annotations: + prometheus.io/scrape: "true" + +prometheus: + monitor: + enabled: false + additionalLabels: {} + namespace: "" + scheme: http + bearerTokenFile: + tlsConfig: {} + + relabelings: [] + scrapeTimeout: 10s + +## Customize the updateStrategy if set +updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + annotations: {} + imagePullSecrets: [] + +securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + +containerSecurityContext: {} + # capabilities: + # add: + # - SYS_TIME + +rbac: + ## If true, create & use RBAC resources + ## + create: true + ## If true, create & use Pod Security Policy resources + ## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + pspEnabled: true + pspAnnotations: {} + +# for deployments that have node_exporter deployed outside of the cluster, list +# their addresses here +endpoints: [] + +# Expose the service to the host network +hostNetwork: true + +## If true, node-exporter pods mounts host / at /host/root +## +hostRootFsMount: true + +## Assign a group of affinity scheduling rules +## +affinity: {} +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchFields: +# - key: metadata.name +# operator: In +# values: +# - target-host-name + +# Annotations to be added to node exporter pods +podAnnotations: + # Fix for very slow GKE cluster upgrades + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + +# Extra labels to be added to node exporter pods +podLabels: {} + +# Custom DNS configuration to be added to prometheus-node-exporter pods +dnsConfig: {} +# nameservers: +# - 1.2.3.4 +# searches: +# - ns1.svc.cluster-domain.example +# - my.dns.search.suffix +# options: +# - name: ndots +# value: "2" +# - name: edns0 + +## Assign a nodeSelector if operating a hybrid cluster +## +nodeSelector: {} +# beta.kubernetes.io/arch: amd64 +# beta.kubernetes.io/os: linux + +tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + +## Assign a PriorityClassName to pods if set +# priorityClassName: "" + +## Additional container arguments +## +extraArgs: [] +# - --collector.diskstats.ignored-devices=^(ram|loop|fd|(h|s|v)d[a-z]|nvme\\d+n\\d+p)\\d+$ +# - --collector.textfile.directory=/run/prometheus + +## Additional mounts from the host +## +extraHostVolumeMounts: [] +# - name: +# hostPath: +# mountPath: +# readOnly: true|false +# mountPropagation: None|HostToContainer|Bidirectional + +## Additional configmaps to be mounted. +## +configmaps: [] +# - name: +# mountPath: +secrets: [] +# - name: +# mountPath: +## Override the deployment namespace +## +namespaceOverride: "" + +## Additional containers for export metrics to text file +## +sidecars: [] +## - name: nvidia-dcgm-exporter +## image: nvidia/dcgm-exporter:1.4.3 + +## Volume for sidecar containers +## +sidecarVolumeMount: [] +## - name: collector-textfiles +## mountPath: /run/prometheus +## readOnly: false + +## Additional InitContainers to initialize the pod +## +extraInitContainers: [] diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/Chart.yaml new file mode 100644 index 000000000..fc6be3941 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2ControllerManager +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2ControllerManager/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/Chart.yaml new file mode 100644 index 000000000..11a2ee23a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2Etcd +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Etcd/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/Chart.yaml new file mode 100644 index 000000000..e506f7552 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2IngressNginx +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2IngressNginx/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/Chart.yaml new file mode 100644 index 000000000..2f9a2c86e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2Proxy +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Proxy/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/Chart.yaml new file mode 100644 index 000000000..a20d2f6fd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rke2Scheduler +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rke2Scheduler/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/Chart.yaml new file mode 100644 index 000000000..76395f890 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeControllerManager +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeControllerManager/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/Chart.yaml new file mode 100644 index 000000000..a1360886d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeEtcd +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeEtcd/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/Chart.yaml new file mode 100644 index 000000000..835ee8a83 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeIngressNginx +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeIngressNginx/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/Chart.yaml new file mode 100644 index 000000000..3a5213344 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeProxy +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeProxy/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/Chart.yaml new file mode 100644 index 000000000..56021a2d9 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/Chart.yaml @@ -0,0 +1,13 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: linux + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-pushprox +apiVersion: v1 +appVersion: 0.1.0 +description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx + clients. +name: rkeScheduler +type: application +version: 0.1.4 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/README.md new file mode 100644 index 000000000..0530c56aa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/README.md @@ -0,0 +1,60 @@ +# rancher-pushprox + +A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. + +Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. + +Using an instance of this chart is suitable for the following scenarios: +- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) +- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) +- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` +- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) +- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) + +The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. + +## Configuration + +The following tables list the configurable parameters of the rancher-pushprox chart and their default values. + +### General + +#### Required +| Parameter | Description | Example | +| ----- | ----------- | ------ | +| `component` | The component that is being monitored | `kube-etcd` +| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | +| `namespaceOverride` | The namespace to install the chart | `""` + +#### Optional +| Parameter | Description | Default | +| ----- | ----------- | ------ | +| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | +| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | +| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | +| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | +| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | +| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | +| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | +| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | +| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | +| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | +| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | +| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | +| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | +| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | +| `clients.resources` | Set resource limits and requests for the client container | `{}` | +| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | +| `clients.tolerations` | Specify tolerations for clients | `[]` | +| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | +| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | +| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | +| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | +| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | + +*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/_helpers.tpl new file mode 100644 index 000000000..458ad21cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/_helpers.tpl @@ -0,0 +1,104 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# General + +{{- define "pushprox.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{- define "pushProxy.commonLabels" -}} +release: {{ .Release.Name }} +component: {{ .Values.component | quote }} +provider: kubernetes +{{- end -}} + +{{- define "pushProxy.proxyUrl" -}} +{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} +{{- if .Values.clients.proxyUrl -}} +{{ printf "%s" .Values.clients.proxyUrl }} +{{- else -}} +{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} +{{- end -}}{{- end -}} + +# Client + +{{- define "pushProxy.client.name" -}} +{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.client.labels" -}} +k8s-app: {{ template "pushProxy.client.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# Proxy + +{{- define "pushProxy.proxy.name" -}} +{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.proxy.labels" -}} +k8s-app: {{ template "pushProxy.proxy.name" . }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +# ServiceMonitor + +{{- define "pushprox.serviceMonitor.name" -}} +{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.labels" -}} +app: {{ template "pushprox.serviceMonitor.name" . }} +release: {{ .Release.Name | quote }} +{{ template "pushProxy.commonLabels" . }} +{{- end -}} + +{{- define "pushProxy.serviceMonitor.endpoints" -}} +{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} +{{- $useHTTPS := .Values.clients.https.enabled -}} +{{- $endpoints := .Values.serviceMonitor.endpoints }} +{{- range $endpoints }} +{{- $_ := set . "proxyUrl" $proxyURL }} +{{- if $useHTTPS -}} +{{- if (hasKey . "params") }} +{{- $_ := set (get . "params") "_scheme" (list "https") }} +{{- else }} +{{- $_ := set . "params" (dict "_scheme" (list "https")) }} +{{- end }} +{{- end }} +{{- end }} +{{- toYaml $endpoints }} +{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml new file mode 100644 index 000000000..f1a8e7232 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.client.name" . }} +{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +{{- if .Values.clients.rbac.additionalRules }} +{{ toYaml .Values.clients.rbac.additionalRules }} +{{- end }} +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.client.name" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.client.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: true + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + - 'emptyDir' + - 'hostPath' + allowedHostPaths: + - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + readOnly: true +{{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-clients.yaml new file mode 100644 index 000000000..3775d17b8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-clients.yaml @@ -0,0 +1,145 @@ +{{- if .Values.clients }}{{- if .Values.clients.enabled }} +apiVersion: apps/v1 +{{- if .Values.clients.deployment.enabled }} +kind: Deployment +{{- else }} +kind: DaemonSet +{{- end }} +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} + pushprox-exporter: "client" +spec: + {{- if .Values.clients.deployment.enabled }} + replicas: {{ .Values.clients.deployment.replicas }} + {{- end }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.client.labels" . | nindent 8 }} + spec: + {{- if .Values.clients.affinity }} + affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.clients.tolerations }} +{{ toYaml .Values.clients.tolerations | indent 8 }} +{{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ template "pushProxy.client.name" . }} + containers: + - name: pushprox-client + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: + {{- range .Values.clients.command }} + - {{ . | quote }} + {{- end }} + args: + - --fqdn=$(HOST_IP) + - --proxy-url=$(PROXY_URL) + - --metrics-addr=$(PORT) + - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} + {{- if .Values.clients.useLocalhost }} + - --use-localhost + {{- end }} + {{- if .Values.clients.https.enabled }} + {{- if .Values.clients.https.insecureSkipVerify }} + - --insecure-skip-verify + {{- end }} + {{- if .Values.clients.https.useServiceAccountCredentials }} + - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token + {{- end }} + {{- if .Values.clients.https.certDir }} + - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem + - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem + - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem + {{- end }} + {{- end }} + env: + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PORT + value: :{{ .Values.clients.port }} + - name: PROXY_URL + value: {{ template "pushProxy.proxyUrl" . }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + volumeMounts: + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + {{- end }} + {{- if .Values.clients.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} + {{- end }} + {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} + initContainers: + - name: copy-certs + image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} + command: + - sh + - -c + - | + echo "Searching for files to copy within the source volume" + echo "cert: ${CERT_FILE_NAME}" + echo "key: ${KEY_FILE_NAME}" + echo "cacert: ${CACERT_FILE_NAME}" + + CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) + KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) + CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) + + test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 + test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 + test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 + + echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" + cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 + chmod 444 $CERT_FILE_TARGET || exit 1 + + echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" + cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 + chmod 444 $KEY_FILE_TARGET || exit 1 + + echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" + cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 + chmod 444 $CACERT_FILE_TARGET || exit 1 + env: + - name: CERT_FILE_NAME + value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} + - name: KEY_FILE_NAME + value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} + - name: CACERT_FILE_NAME + value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} + - name: CERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy.pem + - name: KEY_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-key.pem + - name: CACERT_FILE_TARGET + value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem + securityContext: + runAsNonRoot: false + volumeMounts: + - name: metrics-cert-dir-source + mountPath: /etc/source + readOnly: true + - name: metrics-cert-dir + mountPath: /etc/ssl/push-proxy + volumes: + - name: metrics-cert-dir-source + hostPath: + path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} + - name: metrics-cert-dir + emptyDir: {} + {{- end }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml new file mode 100644 index 000000000..147eb4374 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml @@ -0,0 +1,63 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "pushProxy.proxy.name" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "pushProxy.proxy.name" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "pushProxy.proxy.name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ include "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-proxy.yaml new file mode 100644 index 000000000..571e13138 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-proxy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} + pushprox-exporter: "proxy" +spec: + selector: + matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.proxy.nodeSelector }} +{{ toYaml .Values.proxy.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.proxy.tolerations }} +{{ toYaml .Values.proxy.tolerations | indent 8 }} +{{- end }} + serviceAccountName: {{ template "pushProxy.proxy.name" . }} + containers: + - name: pushprox-proxy + image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} + command: + {{- range .Values.proxy.command }} + - {{ . | quote }} + {{- end }} + {{- if .Values.proxy.resources }} + resources: {{ toYaml .Values.proxy.resources | nindent 10 }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.proxy.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +spec: + ports: + - name: pp-proxy + port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} + protocol: TCP + targetPort: {{ .Values.proxy.port }} + selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml new file mode 100644 index 000000000..7f961d6f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pushprox.serviceMonitor.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} +spec: + endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} + jobLabel: component + podTargetLabels: + - component + - pushprox-exporter + namespaceSelector: + matchNames: + - {{ template "pushprox.namespace" . }} + selector: + matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pushProxy.client.name" . }} + namespace: {{ template "pushprox.namespace" . }} + labels: {{ include "pushProxy.client.labels" . | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} + protocol: TCP + targetPort: {{ .Values.metricsPort }} + selector: {{ include "pushProxy.client.labels" . | nindent 4 }} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/values.yaml new file mode 100644 index 000000000..6ad1eab4d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/rkeScheduler/values.yaml @@ -0,0 +1,111 @@ +# Default values for rancher-pushprox. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default image containing both the proxy and the client was generated from the following Dockerfile +# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 + +# Note: if using a cloud provider, the nodes that contain the PushProxy client must allow the node(s) that contain(s) +# the PushProxy proxy to communicate with it on port {{ .Values.clients.port }}. If you have special restrictions, +# (i.e. client should only run on etcd nodes and only control plane should have access to the port on the etcd node), +# you will need to set the clients / proxy nodeSelector and tolerations accordingly + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + +namespaceOverride: "" + +# The component that is being monitored (i.e. etcd) +component: "component" + +# The port containing the metrics that need to be scraped +metricsPort: 2739 + +# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint +serviceMonitor: + enabled: true + # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec + # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + # By default, proxyUrl and params._scheme will be overridden based on other values + endpoints: + - port: metrics + +clients: + enabled: true + # The port which the PushProx client will post PushProx metrics to + port: 9369 + # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} + # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null + proxyUrl: "" + # If set to true, the client will forward any requests from the host IP to 127.0.0.1 + # It will only allow proxy requests to the metricsPort specified + useLocalhost: false + # Configuration for accessing metrics via HTTPS + https: + # Does the client require https to access the metrics? + enabled: false + # If set to true, the client will create a service account with adequate permissions and set a flag + # on the client to use the service account token provided by it to make authorized scrape requests + useServiceAccountCredentials: false + # If set to true, the client will disable SSL security checks + insecureSkipVerify: false + # Directory on host where necessary TLS cert and key to scrape metrics can be found + certDir: "" + # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings + certFile: "" + keyFile: "" + caCertFile: "" + + rbac: + # Additional permissions to provide to the ServiceAccount bound to the client + # This can be used to provide additional permissions for the client to scrape metrics from the k8s API + # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true + additionalRules: [] + + # Resource limits + resources: {} + + # Options to select all nodes to deploy client DaemonSet on + nodeSelector: {} + tolerations: [] + affinity: {} + + image: + repository: rancher/pushprox-client + tag: v0.1.0-rancher2-client + command: ["pushprox-client"] + + copyCertsImage: + repository: rancher/mirrored-library-busybox + tag: 1.31.1 + + # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. + # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in + # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. + # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, + # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. + # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will + # be responsible for upgrading this chart accordingly to the right number of replicas. + deployment: + enabled: false + replicas: 0 + +proxy: + enabled: true + # The port through which PushProx clients will communicate to the proxy + port: 8080 + + # Resource limits + resources: {} + + # Options to select a node to run a single proxy deployment on + nodeSelector: {} + tolerations: [] + + image: + repository: rancher/pushprox-proxy + tag: v0.1.0-rancher2-proxy + command: ["pushprox-proxy"] \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/.helmignore b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/Chart.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/Chart.yaml new file mode 100644 index 000000000..f1cc32344 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/Chart.yaml @@ -0,0 +1,15 @@ +annotations: + catalog.cattle.io/hidden: "true" + catalog.cattle.io/os: windows + catalog.rancher.io/certified: rancher + catalog.rancher.io/namespace: cattle-monitoring-system + catalog.rancher.io/release-name: rancher-windows-exporter +apiVersion: v1 +appVersion: 0.0.2 +description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter +maintainers: +- email: arvind.iyengar@rancher.com + name: aiyengar2 +name: windowsExporter +type: application +version: 0.1.1 diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/README.md b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/README.md new file mode 100644 index 000000000..6115b6f25 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/README.md @@ -0,0 +1,17 @@ +# rancher-windows-exporter + +A Rancher chart based on the [prometheus-community/windows-exporter](https://github.com/prometheus-community/windows_exporter) project (previously called wmi-exporter) that sets up a DaemonSet of clients that can scrape windows-exporter metrics from Windows nodes on a Kubernetes cluster. + +A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR and PrometheusRule CR are also created by this chart to collect metrics and add some recording rules to map `windows_` series with their OS-agnostic counterparts. + +## Node Requirements + +Since Windows does not support privileged pods, this chart expects a Named Pipe (`\\.\pipe\rancher_wins`) to exist on the Windows host that allows containers to communicate with the host. This is done by deploying a [rancher/wins](https://github.com/rancher/wins) server on the host. + +The image used by the chart, [windows_exporter-package](https://github.com/rancher/windows_exporter-package), is configured to create a wins client that communicates with the wins server, alongside a running copy of a particular version of [windows-exporter](https://github.com/prometheus-community/windows_exporter). Through the wins client and wins server, the windows-exporter is able to communicate directly with the Windows host to collect metrics and expose them. + +If the cluster you are installing this chart on is a custom cluster that was created via RKE1 with Windows Support enabled, your nodes should already have the wins server running; this should have been added as part of [the bootstrapping process for adding the Windows node onto your RKE1 cluster](https://github.com/rancher/rancher/blob/master/package/windows/bootstrap.ps1). + +## Configuration + +See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for an example of how this chart can be used. diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/check-wins-version.ps1 b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/check-wins-version.ps1 new file mode 100644 index 000000000..f8452bbef --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/check-wins-version.ps1 @@ -0,0 +1,20 @@ +$ErrorActionPreference = 'Stop' + +$winsPath = "c:\Windows\wins.exe" +$minWinsVersion = [System.Version]"0.1.0" + +function Get-Wins-Version +{ + $winsAppInfo = Invoke-Expression "& $winsPath cli app info | ConvertFrom-Json" + return [System.Version]($winsAppInfo.Server.Version.substring(1)) +} + +# Wait till the wins version installed is at least v0.1.0 +$winsVersion = Get-Wins-Version +while ($winsVersion -lt $minWinsVersion) { + Write-Host $('wins on host must be at least v{0}, found v{1}. Checking again in 10 seconds...' -f $minWinsVersion, $winsVersion) + Start-Sleep -s 10 + $winsVersion = Get-Wins-Version +} + +Write-Host $('Detected wins version on host is v{0}, which is >v{1}. Continuing with installation...' -f $winsVersion, $minWinsVersion) diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/proxy-entry.ps1 b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/proxy-entry.ps1 new file mode 100644 index 000000000..9d0581b66 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/proxy-entry.ps1 @@ -0,0 +1,11 @@ +# default +$listenPort = "9796" + +if ($env:LISTEN_PORT) { + $listenPort = $env:LISTEN_PORT +} + +# format "UDP:4789 TCP:8080" +$winsPublish = $('TCP:{0}' -f $listenPort) + +wins.exe cli proxy --publish $winsPublish diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/run.ps1 b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/run.ps1 new file mode 100644 index 000000000..c2e980a3f --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/scripts/run.ps1 @@ -0,0 +1,78 @@ +$ErrorActionPreference = 'Stop' + +function Create-Directory +{ + param ( + [parameter(Mandatory = $false, ValueFromPipeline = $true)] [string]$Path + ) + + if (Test-Path -Path $Path) { + if (-not (Test-Path -Path $Path -PathType Container)) { + # clean the same path file + Remove-Item -Recurse -Force -Path $Path -ErrorAction Ignore | Out-Null + } + + return + } + + New-Item -Force -ItemType Directory -Path $Path | Out-Null +} + +function Transfer-File +{ + param ( + [parameter(Mandatory = $true)] [string]$Src, + [parameter(Mandatory = $true)] [string]$Dst + ) + + if (Test-Path -PathType leaf -Path $Dst) { + $dstHasher = Get-FileHash -Path $Dst + $srcHasher = Get-FileHash -Path $Src + if ($dstHasher.Hash -eq $srcHasher.Hash) { + return + } + } + + $null = Copy-Item -Force -Path $Src -Destination $Dst +} + +# Copy binary into host +Create-Directory -Path "c:\host\etc\windows-exporter" +Transfer-File -Src "c:\etc\windows-exporter\windows-exporter.exe" -Dst "c:\host\etc\windows-exporter\windows-exporter.exe" + +# Copy binary into prefix path, since wins expects the same path on the host and on the container +$prefixPath = 'c:\' +if ($env:CATTLE_PREFIX_PATH) { + $prefixPath = $env:CATTLE_PREFIX_PATH +} +$winsDirPath = $('{0}etc\windows-exporter' -f $prefixPath) +$winsPath = $('{0}\windows-exporter.exe' -f $winsDirPath) + +Create-Directory -Path $winsDirPath +Transfer-File -Src "c:\etc\windows-exporter\windows-exporter.exe" $winsPath + +# Run wins with defaults +$listenPort = "9796" +$enabledCollectors = "net,os,service,system,cpu,cs,logical_disk" +$maxRequests = "5" + +if ($env:LISTEN_PORT) { + $listenPort = $env:LISTEN_PORT +} + +if ($env:ENABLED_COLLECTORS) { + $enabledCollectors = $env:ENABLED_COLLECTORS +} + +if ($env:MAX_REQUESTS) { + $maxRequests = $env:MAX_REQUESTS +} + +# format "UDP:4789 TCP:8080" +$winsExposes = $('TCP:{0}' -f $listenPort) + +# format "--a=b --c=d" +$winsArgs = $('--collectors.enabled={0} --telemetry.addr=:{1} --telemetry.max-requests={2} --telemetry.path=/metrics' -f $enabledCollectors, $listenPort, $maxRequests) + + +wins.exe cli prc run --path $winsPath --exposes $winsExposes --args "$winsArgs" diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/_helpers.tpl new file mode 100644 index 000000000..16975d9d0 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/_helpers.tpl @@ -0,0 +1,113 @@ +# Rancher + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +# General + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +The components in this chart create additional resources that expand the longest created name strings. +The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26. +*/}} +{{- define "windowsExporter.name" -}} +{{ printf "%s-windows-exporter" .Release.Name }} +{{- end -}} + +{{- define "windowsExporter.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride -}} +{{- end -}} + +{{- define "windowsExporter.labels" -}} +k8s-app: {{ template "windowsExporter.name" . }} +release: {{ .Release.Name }} +component: "windows-exporter" +provider: kubernetes +{{- end -}} + +# Client + +{{- define "windowsExporter.client.nodeSelector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: windows +{{- else -}} +kubernetes.io/os: windows +{{- end -}} +{{- if .Values.clients.nodeSelector }} +{{ toYaml .Values.clients.nodeSelector }} +{{- end }} +{{- end -}} + +{{- define "windowsExporter.client.tolerations" -}} +{{- if .Values.clients.tolerations -}} +{{ toYaml .Values.clients.tolerations }} +{{- else -}} +- operator: Exists +{{- end -}} +{{- end -}} + +{{- define "windowsExporter.client.env" -}} +- name: LISTEN_PORT + value: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port | quote }} +{{- if .Values.clients.enabledCollectors }} +- name: ENABLED_COLLECTORS + value: {{ .Values.clients.enabledCollectors | quote }} +{{- end }} +{{- if .Values.clients.env }} +{{ toYaml .Values.clients.env }} +{{- end }} +{{- end -}} + +{{- define "windowsExporter.validatePathPrefix" -}} +{{- if .Values.global.cattle.rkeWindowsPathPrefix -}} +{{- $prefixPath := (.Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\") -}} +{{- if (not (hasSuffix "\\" $prefixPath)) -}} +{{- fail (printf ".Values.global.cattle.rkeWindowsPathPrefix must end in '/' or '\\', found %s" $prefixPath) -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "windowsExporter.renamedMetrics" -}} +{{- $renamed := dict -}} +{{/* v0.15.0 */}} +{{- $_ := set $renamed "windows_mssql_transactions_active_total" "windows_mssql_transactions_active" -}} +{{/* v0.16.0 */}} +{{- $_ := set $renamed "windows_adfs_ad_login_connection_failures" "windows_adfs_ad_login_connection_failures_total" -}} +{{- $_ := set $renamed "windows_adfs_certificate_authentications" "windows_adfs_certificate_authentications_total" -}} +{{- $_ := set $renamed "windows_adfs_device_authentications" "windows_adfs_device_authentications_total" -}} +{{- $_ := set $renamed "windows_adfs_extranet_account_lockouts" "windows_adfs_extranet_account_lockouts_total" -}} +{{- $_ := set $renamed "windows_adfs_federated_authentications" "windows_adfs_federated_authentications_total" -}} +{{- $_ := set $renamed "windows_adfs_passport_authentications" "windows_adfs_passport_authentications_total" -}} +{{- $_ := set $renamed "windows_adfs_password_change_failed" "windows_adfs_password_change_failed_total" -}} +{{- $_ := set $renamed "windows_adfs_password_change_succeeded" "windows_adfs_password_change_succeeded_total" -}} +{{- $_ := set $renamed "windows_adfs_token_requests" "windows_adfs_token_requests_total" -}} +{{- $_ := set $renamed "windows_adfs_windows_integrated_authentications" "windows_adfs_windows_integrated_authentications_total" -}} +{{- $_ := set $renamed "windows_net_packets_outbound_errors" "windows_net_packets_outbound_errors_total" -}} +{{- $_ := set $renamed "windows_net_packets_received_discarded" "windows_net_packets_received_discarded_total" -}} +{{- $_ := set $renamed "windows_net_packets_received_errors" "windows_net_packets_received_errors_total" -}} +{{- $_ := set $renamed "windows_net_packets_received_total" "windows_net_packets_received_total_total" -}} +{{- $_ := set $renamed "windows_net_packets_received_unknown" "windows_net_packets_received_unknown_total" -}} +{{- $_ := set $renamed "windows_dns_memory_used_bytes_total" "windows_dns_memory_used_bytes" -}} +{{- $renamed | toJson -}} +{{- end -}} + +{{- define "windowsExporter.renamedMetricsRelabeling" -}} +{{- range $original, $new := (include "windowsExporter.renamedMetrics" . | fromJson) -}} +- sourceLabels: [__name__] + regex: {{ $original }} + replacement: '{{ $new }}' + targetLabel: __name__ +{{ end -}} +{{- end -}} + +{{- define "windowsExporter.renamedMetricsRules" -}} +{{- range $original, $new := (include "windowsExporter.renamedMetrics" . | fromJson) -}} +- record: {{ $original }} + expr: {{ $new }} +{{ end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/configmap.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/configmap.yaml new file mode 100644 index 000000000..e7647a407 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/configmap.yaml @@ -0,0 +1,10 @@ +{{- if .Values.clients }}{{ if .Values.clients.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "windowsExporter.name" . }}-scripts + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +data: +{{ (.Files.Glob "scripts/*").AsConfig | indent 2 }} +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/daemonset.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/daemonset.yaml new file mode 100644 index 000000000..a64d19a3e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/daemonset.yaml @@ -0,0 +1,77 @@ +{{- if .Values.clients }}{{ if .Values.clients.enabled }} +{{ include "windowsExporter.validatePathPrefix" . }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{ include "windowsExporter.labels" . | nindent 6 }} + template: + metadata: + labels: {{ include "windowsExporter.labels" . | nindent 8 }} + spec: + nodeSelector: {{ include "windowsExporter.client.nodeSelector" . | nindent 8 }} + tolerations: {{ include "windowsExporter.client.tolerations" . | nindent 8 }} + serviceAccountName: {{ template "windowsExporter.name" . }} + containers: + - name: exporter-node-proxy + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: ["pwsh", "-f", "c:/scripts/proxy-entry.ps1"] + ports: + - name: http + containerPort: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port }} + env: {{ include "windowsExporter.client.env" . | nindent 10 }} +{{- if .Values.resources }} + resources: {{ toYaml .Values.clients.proxy.resources | nindent 10 }} +{{- end }} + volumeMounts: + - name: wins-pipe-proxy + mountPath: \\.\pipe\rancher_wins_proxy + - name: exporter-scripts + mountPath: c:/scripts/ + - name: exporter-node + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: ["pwsh", "-f", "c:/scripts/run.ps1"] +{{- if .Values.clients.args }} + args: {{ .Values.clients.args }} +{{- end }} + env: {{ include "windowsExporter.client.env" . | nindent 8 }} + - name: CATTLE_PREFIX_PATH + value: {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }} +{{- if .Values.resources }} + resources: {{ toYaml .Values.clients.resources | nindent 10 }} +{{- end }} + volumeMounts: + - name: wins-pipe + mountPath: \\.\pipe\rancher_wins + - name: binary-host-path + mountPath: c:/host/etc/windows-exporter + - name: exporter-scripts + mountPath: c:/scripts/ + initContainers: + - name: check-wins-version + image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} + command: ["pwsh", "-f", "c:/scripts/check-wins-version.ps1"] + volumeMounts: + - name: wins-pipe + mountPath: \\.\pipe\rancher_wins + - name: exporter-scripts + mountPath: c:/scripts/ + volumes: + - name: wins-pipe + hostPath: + path: \\.\pipe\rancher_wins + - name: wins-pipe-proxy + hostPath: + path: \\.\pipe\rancher_wins_proxy + - name: binary-host-path + hostPath: + path: {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "\\" "/" }}etc/windows-exporter + type: DirectoryOrCreate + - name: exporter-scripts + configMap: + name: {{ template "windowsExporter.name" . }}-scripts +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/prometheusrule.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/prometheusrule.yaml new file mode 100644 index 000000000..f31983122 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/prometheusrule.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.prometheusRule .Values.clients }}{{- if and .Values.prometheusRule.enabled .Values.clients.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + labels: {{ include "windowsExporter.labels" . | nindent 4 }} + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} +spec: + groups: + - name: windows-exporter-relabel.rules + rules: +{{- include "windowsExporter.renamedMetricsRules" . | nindent 4 -}} +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/rbac.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/rbac.yaml new file mode 100644 index 000000000..ebec8f235 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/rbac.yaml @@ -0,0 +1,78 @@ +{{- if .Values.clients }}{{ if .Values.clients.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +rules: +- apiGroups: ['authentication.k8s.io'] + resources: ['tokenreviews'] + verbs: ['create'] +- apiGroups: ['authorization.k8s.io'] + resources: ['subjectaccessreviews'] + verbs: ['create'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: ['{{ template "windowsExporter.name" . }}'] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "windowsExporter.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "windowsExporter.name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +{{- if .Values.clients.imagePullSecrets }} +imagePullSecrets: {{ toYaml .Values.clients.imagePullSecrets | nindent 2 }} +{{- end }} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 0 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' + - 'hostPath' + allowedHostPaths: + - pathPrefix: \\.\pipe\rancher_wins + - pathPrefix: \\.\pipe\rancher_wins_proxy + - pathPrefix: c:/etc/windows-exporter +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/service.yaml new file mode 100644 index 000000000..03b87faae --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/service.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.clients }}{{- if and .Values.clients.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} + labels: {{ include "windowsExporter.labels" . | nindent 4 }} +spec: + ports: + - name: windows-metrics + port: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port }} + protocol: TCP + targetPort: {{ .Values.clients.port }} + selector: {{ include "windowsExporter.labels" . | nindent 4 }} +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/servicemonitor.yaml new file mode 100644 index 000000000..26ece9b05 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/templates/servicemonitor.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.serviceMonitor .Values.clients }}{{- if and .Values.serviceMonitor.enabled .Values.clients.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: {{ include "windowsExporter.labels" . | nindent 4 }} + name: {{ template "windowsExporter.name" . }} + namespace: {{ template "windowsExporter.namespace" . }} +spec: + selector: + matchLabels: {{ include "windowsExporter.labels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ template "windowsExporter.namespace" . }} + jobLabel: component + podTargetLabels: + - component + endpoints: + - port: windows-metrics + metricRelabelings: +{{- include "windowsExporter.renamedMetricsRelabeling" . | nindent 4 -}} + - sourceLabels: [__name__] + regex: 'wmi_(.*)' + replacement: 'windows_$1' + targetLabel: __name__ + - sourceLabels: [volume, nic] + regex: (.*);(.*) + separator: '' + targetLabel: device + action: replace + replacement: $1$2 + - sourceLabels: [__name__] + regex: windows_cs_logical_processors + replacement: 'system' + targetLabel: mode + relabelings: + - separator: ':' + sourceLabels: + - __meta_kubernetes_pod_host_ip + - __meta_kubernetes_pod_container_port_number + targetLabel: instance +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/values.yaml new file mode 100644 index 000000000..aa1fd1973 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/charts/windowsExporter/values.yaml @@ -0,0 +1,50 @@ +# Default values for rancher-windows-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Configuration + +global: + cattle: + systemDefaultRegistry: "" + rkeWindowsPathPrefix: "c:\\" + +# Configure ServiceMonitor that monitors metrics +serviceMonitor: + enabled: true + +# Configure PrometheusRule that renames existing metrics +prometheusRule: + enabled: true + +## Components scraping metrics from Windows nodes +## +clients: + enabled: true + + port: 9796 + image: + repository: rancher/windows_exporter-package + tag: v0.0.2 + os: "windows" + + # Specify the IP addresses of nodes that you want to collect metrics from + endpoints: [] + + # Get more details on https://github.com/prometheus-community/windows_exporter + args: [] + env: {} + enabledCollectors: "net,os,service,system,cpu,cs,logical_disk,tcp,memory,container" + + # Resource limits + resources: {} + + # Options to select nodes to target for scraping Windows metrics + nodeSelector: {} # Note: {kubernetes.io/os: windows} is default and cannot be overridden + tolerations: [] # Note: if not specified, the default option is to use [{operator: Exists}] + + # Image Pull Secrets for the service account used by the clients + imagePullSecrets: {} + + proxy: + resources: {} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/ingress-nginx/nginx.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/ingress-nginx/nginx.json new file mode 100644 index 000000000..d4793ac67 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/ingress-nginx/nginx.json @@ -0,0 +1,1463 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "5.2.1" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "5.0.0" + }, + { + "type": "panel", + "id": "singlestat", + "name": "Singlestat", + "version": "5.0.0" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + }, + { + "datasource": "${DS_PROMETHEUS}", + "enable": true, + "expr": "sum(changes(nginx_ingress_controller_config_last_reload_successful_timestamp_seconds{instance!=\"unknown\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[30s])) by (controller_class)", + "hide": false, + "iconColor": "rgba(255, 96, 96, 1)", + "limit": 100, + "name": "Config Reloads", + "showIn": 0, + "step": "30s", + "tagKeys": "controller_class", + "tags": [], + "titleFormat": "Config Reloaded", + "type": "tags" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "iteration": 1534359654832, + "links": [], + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "format": "ops", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 0, + "y": 0 + }, + "id": 20, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m])), 0.001)", + "format": "time_series", + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Controller Request Volume", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 6, + "y": 0 + }, + "id": 82, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(avg_over_time(nginx_ingress_controller_nginx_process_connections{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",state=\"active\"}[2m]))", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Controller Connections", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 80, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": false + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 12, + "y": 0 + }, + "id": 21, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",status!~\"[4-5].*\"}[2m])) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m]))", + "format": "time_series", + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "95, 99, 99.5", + "title": "Controller Success Rate (non-4|5xx responses)", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "decimals": 0, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 18, + "y": 0 + }, + "id": 81, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "avg(irate(nginx_ingress_controller_success{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[1m])) * 60", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Config Reloads", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "total" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "${DS_PROMETHEUS}", + "decimals": 0, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 21, + "y": 0 + }, + "id": 83, + "interval": null, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": true, + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "count(nginx_ingress_controller_config_last_reload_successful{controller_pod=~\"$controller\",controller_namespace=~\"$namespace\"} == 0)", + "format": "time_series", + "instant": true, + "intervalFactor": 1, + "refId": "A", + "step": 4 + } + ], + "thresholds": "", + "title": "Last Config Failed", + "transparent": false, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": true, + "error": false, + "fill": 1, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 3 + }, + "height": "200px", + "id": 86, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideEmpty": false, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 300, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "repeatDirection": "h", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "metric": "network", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Ingress Request Volume", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "max - istio-proxy": "#890f02", + "max - master": "#bf1b00", + "max - prometheus": "#bf1b00" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": false, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 3 + }, + "id": 87, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideEmpty": true, + "hideZero": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": 300, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "format": "time_series", + "instant": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "metric": "container_memory_usage:sort_desc", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Ingress Success Rate (non-4|5xx responses)", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 1, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": true, + "error": false, + "fill": 1, + "grid": {}, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 10 + }, + "height": "200px", + "id": 32, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": 200, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (irate (nginx_ingress_controller_request_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", + "format": "time_series", + "instant": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "Received", + "metric": "network", + "refId": "A", + "step": 10 + }, + { + "expr": "- sum (irate (nginx_ingress_controller_response_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", + "format": "time_series", + "hide": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "Sent", + "metric": "network", + "refId": "B", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Network I/O pressure", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "max - istio-proxy": "#890f02", + "max - master": "#bf1b00", + "max - prometheus": "#bf1b00" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 2, + "editable": false, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 10 + }, + "id": 77, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": 200, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg(nginx_ingress_controller_nginx_process_resident_memory_bytes{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}) ", + "format": "time_series", + "instant": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "nginx", + "metric": "container_memory_usage:sort_desc", + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Average Memory Usage", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "max - istio-proxy": "#890f02", + "max - master": "#bf1b00" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "decimals": 3, + "editable": false, + "error": false, + "fill": 0, + "grid": {}, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 10 + }, + "height": "", + "id": 79, + "isNew": true, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sort": null, + "sortDesc": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg (rate (nginx_ingress_controller_nginx_process_cpu_seconds_total{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m])) ", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "nginx", + "metric": "container_cpu", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Average CPU Usage", + "tooltip": { + "msResolution": true, + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "transparent": false, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "none", + "label": "cores", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "columns": [], + "datasource": "${DS_PROMETHEUS}", + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 16 + }, + "hideTimeOverride": false, + "id": 75, + "links": [], + "pageSize": 7, + "repeat": null, + "repeatDirection": "h", + "scroll": true, + "showHeader": true, + "sort": { + "col": 1, + "desc": true + }, + "styles": [ + { + "alias": "Ingress", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "ingress", + "preserveFormat": false, + "sanitize": false, + "thresholds": [], + "type": "string", + "unit": "short" + }, + { + "alias": "Requests", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Value #A", + "thresholds": [ + "" + ], + "type": "number", + "unit": "ops" + }, + { + "alias": "Errors", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Value #B", + "thresholds": [], + "type": "number", + "unit": "ops" + }, + { + "alias": "P50 Latency", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "pattern": "Value #C", + "thresholds": [], + "type": "number", + "unit": "dtdurations" + }, + { + "alias": "P90 Latency", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "pattern": "Value #D", + "thresholds": [], + "type": "number", + "unit": "dtdurations" + }, + { + "alias": "P99 Latency", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "pattern": "Value #E", + "thresholds": [], + "type": "number", + "unit": "dtdurations" + }, + { + "alias": "IN", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Value #F", + "thresholds": [ + "" + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "Time", + "thresholds": [], + "type": "hidden", + "unit": "short" + }, + { + "alias": "OUT", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "mappingType": 1, + "pattern": "Value #G", + "thresholds": [], + "type": "number", + "unit": "Bps" + } + ], + "targets": [ + { + "expr": "histogram_quantile(0.50, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "format": "table", + "hide": false, + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "C" + }, + { + "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "format": "table", + "hide": false, + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "D" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", + "format": "table", + "hide": false, + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ destination_service }}", + "refId": "E" + }, + { + "expr": "sum(irate(nginx_ingress_controller_request_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "F" + }, + { + "expr": "sum(irate(nginx_ingress_controller_response_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", + "format": "table", + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{ ingress }}", + "refId": "G" + } + ], + "timeFrom": null, + "title": "Ingress Percentile Response Times and Transfer Rates", + "transform": "table", + "transparent": false, + "type": "table" + }, + { + "columns": [ + { + "text": "Current", + "value": "current" + } + ], + "datasource": "${DS_PROMETHEUS}", + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 24 + }, + "height": "1024", + "id": 85, + "links": [], + "pageSize": 7, + "scroll": true, + "showHeader": true, + "sort": { + "col": 1, + "desc": false + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "TTL", + "colorMode": "cell", + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "pattern": "Current", + "thresholds": [ + "0", + "691200" + ], + "type": "number", + "unit": "s" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "avg(nginx_ingress_controller_ssl_expire_time_seconds{kubernetes_pod_name=~\"$controller\",namespace=~\"$namespace\",ingress=~\"$ingress\"}) by (host) - time()", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ host }}", + "metric": "gke_letsencrypt_cert_expiration", + "refId": "A", + "step": 1 + } + ], + "title": "Ingress Certificate Expiry", + "transform": "timeseries_aggregations", + "type": "table" + } + ], + "refresh": "5s", + "schemaVersion": 16, + "style": "dark", + "tags": [ + "nginx" + ], + "templating": { + "list": [ + { + "hide": 0, + "label": "datasource", + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": "label_values(nginx_ingress_controller_config_hash, controller_namespace)", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Controller Class", + "multi": false, + "name": "controller_class", + "options": [], + "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\"}, controller_class) ", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Controller", + "multi": false, + "name": "controller", + "options": [], + "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\",controller_class=~\"$controller_class\"}, controller_pod) ", + "refresh": 1, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".*", + "current": { + "tags": [], + "text": "All", + "value": "$__all" + }, + "datasource": "${DS_PROMETHEUS}", + "hide": 0, + "includeAll": true, + "label": "Ingress", + "multi": false, + "name": "ingress", + "options": [], + "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller_pod=~\"$controller\"}, ingress) ", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "2m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "NGINX / Ingress Controller", + "uid": "nginx", + "version": 1 +} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/ingress-nginx/request-handling-performance.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/ingress-nginx/request-handling-performance.json new file mode 100644 index 000000000..d0125f0ac --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/ingress-nginx/request-handling-performance.json @@ -0,0 +1,981 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "6.6.0" + }, + { + "type": "panel", + "id": "graph", + "name": "Graph", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "gnetId": 9614, + "graphTooltip": 1, + "id": null, + "iteration": 1582146566338, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "Total time taken for nginx and upstream servers to process a request and send a response", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 91, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".5", + "refId": "D" + }, + { + "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".95", + "refId": "B" + }, + { + "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".99", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Total request handling time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "The time spent on receiving the response from the upstream server", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "hiddenSeries": false, + "id": 94, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": ".5", + "refId": "D" + }, + { + "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".95", + "refId": "B" + }, + { + "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "legendFormat": ".99", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Upstream response time", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "hiddenSeries": false, + "id": 93, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": " sum by (path)(\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Request volume by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "For each path observed, its median upstream response time", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "hiddenSeries": false, + "id": 98, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(\n .5,\n sum by (le, path)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Median upstream response time by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "Percentage of 4xx and 5xx responses among all responses.", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 16 + }, + "hiddenSeries": false, + "id": 100, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null as zero", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~ \"[4-5].*\"\n}[1m])) / sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n}[1m]))", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Response error rate by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "description": "For each path observed, the sum of upstream request time", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 16 + }, + "hiddenSeries": false, + "id": 102, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (path) (rate(nginx_ingress_controller_response_duration_seconds_sum{ingress =~ \"$ingress\"}[1m]))", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Upstream time consumed by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 24 + }, + "hiddenSeries": false, + "id": 101, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": " sum (\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~\"[4-5].*\",\n }[1m]\n )\n ) by(path, status)\n", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }} {{ status }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Response error volume by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 24 + }, + "hiddenSeries": false, + "id": 99, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (\n rate (\n nginx_ingress_controller_response_size_sum {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path) / sum (\n rate(\n nginx_ingress_controller_response_size_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path)\n", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ path }}", + "refId": "D" + }, + { + "expr": " sum (rate(nginx_ingress_controller_response_size_bucket{\n ingress =~ \"$ingress\",\n }[1m])) by (le)\n", + "hide": true, + "legendFormat": "{{le}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Average response size by Path", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "${DS_PROMETHEUS}", + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 32 + }, + "hiddenSeries": false, + "id": 96, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_sum {\n ingress =~ \"$ingress\",\n }[1m]\n)) / sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n)\n", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "average", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Upstream service latency", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "30s", + "schemaVersion": 22, + "style": "dark", + "tags": [ + "nginx" + ], + "templating": { + "list": [ + { + "hide": 0, + "label": "datasource", + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": ".*", + "current": {}, + "datasource": "${DS_PROMETHEUS}", + "definition": "label_values(nginx_ingress_controller_requests, ingress) ", + "hide": 0, + "includeAll": true, + "label": "Service Ingress", + "multi": false, + "name": "ingress", + "options": [], + "query": "label_values(nginx_ingress_controller_requests, ingress) ", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "2m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "NGINX / Request Handling Performance", + "uid": "4GFbkOsZk", + "version": 1 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/cluster/rancher-cluster-nodes.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/cluster/rancher-cluster-nodes.json new file mode 100644 index 000000000..b33895a05 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/cluster/rancher-cluster-nodes.json @@ -0,0 +1,776 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m] ({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5 OR avg_over_time(windows_system_processor_queue_length[5m])) by (instance)", + "interval": "", + "legendFormat": "Load[5m] ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(node_load1 OR avg_over_time(windows_system_processor_queue_length[1m])) by (instance)", + "interval": "", + "legendFormat": "Load[1m] ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(node_load15 OR avg_over_time(windows_system_processor_queue_length[15m])) by (instance)", + "interval": "", + "legendFormat": "Load[15m] ({{instance}})", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes OR windows_os_physical_memory_free_bytes) by (instance) / sum(node_memory_MemTotal_bytes OR windows_cs_physical_memory_bytes) by (instance) ", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance))", + "interval": "", + "legendFormat": "{{instance}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Read ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Write ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Errors ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Total ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Errors ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Dropped ({{instance}})", + "refId": "D" + }, + { + "expr": "sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Dropped ({{instance}})", + "refId": "E" + }, + { + "expr": "sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Total ({{instance}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Transmit Total ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Receive Total ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Cluster (Nodes)", + "uid": "rancher-cluster-nodes-1", + "version": 3 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/cluster/rancher-cluster.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/cluster/rancher-cluster.json new file mode 100644 index 000000000..8fccbc24c --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/cluster/rancher-cluster.json @@ -0,0 +1,759 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval]))", + "legendFormat": "Total", + "interval": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5 OR avg_over_time(windows_system_processor_queue_length[5m]))", + "interval": "", + "legendFormat": "Load[5m]", + "refId": "A" + }, + { + "expr": "sum(node_load1 OR avg_over_time(windows_system_processor_queue_length[1m]))", + "interval": "", + "legendFormat": "Load[1m]", + "refId": "B" + }, + { + "expr": "sum(node_load15 OR avg_over_time(windows_system_processor_queue_length[15m]))", + "interval": "", + "legendFormat": "Load[15m]", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes OR windows_os_physical_memory_free_bytes) / sum(node_memory_MemTotal_bytes OR windows_cs_physical_memory_bytes)", + "legendFormat": "Total", + "interval": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}))", + "legendFormat": "Total", + "interval": "", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "A" + }, + { + "expr": "(sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + }, + { + "expr": "(sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "C" + }, + { + "expr": "(sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "D" + }, + { + "expr": "(sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "E" + }, + { + "expr": "(sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Cluster", + "uid": "rancher-cluster-1", + "version": 3 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/home/rancher-default-home.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/home/rancher-default-home.json new file mode 100644 index 000000000..13b153cf8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/home/rancher-default-home.json @@ -0,0 +1,1273 @@ +{ + "annotations": { + "list": [] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [ + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 1, + "title": "", + "type": "welcome" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 4 + }, + "height": "180px", + "id": 6, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])))) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "CPU Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 4 + }, + "height": "180px", + "id": 4, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"})) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Memory Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 16, + "y": 4 + }, + "height": "180px", + "id": 7, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(1 - (((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))) / ((sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))))) * 100", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "metric": "", + "refId": "A", + "step": 10 + } + ], + "thresholds": "65, 90", + "title": "Disk Utilization", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 9 + }, + "height": "1px", + "id": 11, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode!=\"idle\"}[5m]))", + "format": "time_series", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "CPU Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 9 + }, + "height": "1px", + "id": 12, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": " cores", + "postfixFontSize": "30%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_node_status_allocatable_cpu_cores{}) OR sum(kube_node_status_allocatable{resource=\"cpu\",unit=\"core\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "CPU Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 9 + }, + "height": "1px", + "id": 9, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "20%", + "prefix": "", + "prefixFontSize": "20%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Memory Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 9 + }, + "height": "1px", + "id": 10, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kube_node_status_allocatable_memory_bytes{}) OR sum(kube_node_status_allocatable{resource=\"memory\", unit=\"byte\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Memory Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 9 + }, + "height": "1px", + "id": 13, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) - sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Disk Used", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "Prometheus", + "decimals": 2, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "format": "bytes", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 9 + }, + "height": "1px", + "id": 14, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "thresholds": "", + "title": "Disk Total", + "type": "singlestat", + "valueFontSize": "50%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 12 + }, + "hiddenSeries": false, + "id": 2051, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval])))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", mode=\"idle\"}[$__rate_interval])) by (instance)", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ instance }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percentunit", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 8, + "y": 12 + }, + "hiddenSeries": false, + "id": 2052, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}))", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "100 * (1- sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) by (instance) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) by (instance))", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "{{ instance }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 8, + "x": 16, + "y": 12 + }, + "hiddenSeries": false, + "id": 2053, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(1 - ((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"} OR on() vector(0)))) / ((sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0)))) * 100", + "legendFormat": "Cluster", + "refId": "A" + }, + { + "expr": "(1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) * 100", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "B" + }, + { + "expr": "(1 - (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) * 100", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percent", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "folderId": 0, + "gridPos": { + "h": 15, + "w": 12, + "x": 0, + "y": 18 + }, + "headings": true, + "id": 3, + "limit": 30, + "links": [], + "query": "", + "recent": true, + "search": true, + "starred": false, + "tags": [], + "title": "Dashboards", + "type": "dashlist" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 2055, + "options": { + "content": "## About Rancher Monitoring\n\nRancher Monitoring is a Helm chart developed by Rancher that is powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). It is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Helm chart maintained by the Prometheus community.\n\nBy default, the chart deploys Grafana alongside a set of Grafana dashboards curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.\n\nFor more information on how Rancher Monitoring differs from [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), please view the CHANGELOG.md of the rancher-monitoring chart located in the [rancher/charts](https://github.com/rancher/charts) repository.\n\nFor more information about how to configure Rancher Monitoring, please view the [Rancher docs](https://rancher.com/docs/rancher/v2.x/en/).\n\n", + "mode": "markdown" + }, + "pluginVersion": "7.1.0", + "timeFrom": null, + "timeShift": null, + "title": "", + "type": "text" + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "hidden": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ], + "type": "timepicker" + }, + "timezone": "browser", + "title": "Home", + "uid": "rancher-home-1", + "version": 5 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-etcd-nodes.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-etcd-nodes.json new file mode 100644 index 000000000..300b61276 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-etcd-nodes.json @@ -0,0 +1,670 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 32, + "links": [], + "panels": [ + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Client Traffic In ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Client Traffic Out ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GRPC Client Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(etcd_debugging_mvcc_db_total_size_in_bytes) by (instance)", + "interval": "", + "legendFormat": "DB Size ({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "DB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance)", + "interval": "", + "legendFormat": "Watch Streams ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance)", + "interval": "", + "legendFormat": "Lease Watch Stream ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_committed_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Proposal Committed ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Proposal Applied ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(rate(etcd_server_proposals_failed_total[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "Proposal Failed ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(etcd_server_proposals_pending) by (instance)", + "interval": "", + "legendFormat": "Proposal Pending ({{instance}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "RPC Rate ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[$__rate_interval])) by (instance)", + "interval": "", + "legendFormat": "RPC Failure Rate ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "WAL fsync ({{instance}})", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "DB fsync ({{instance}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / etcd (Nodes)", + "uid": "rancher-etcd-nodes-1", + "version": 5 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-etcd.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-etcd.json new file mode 100644 index 000000000..d58e23bce --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-etcd.json @@ -0,0 +1,652 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 33, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "Prometheus", + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Client Traffic In", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Client Traffic Out", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "GRPC Client Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(etcd_debugging_mvcc_db_total_size_in_bytes)", + "interval": "", + "legendFormat": "DB Size", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "DB Size", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", + "interval": "", + "legendFormat": "Watch Streams", + "refId": "A" + }, + { + "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", + "interval": "", + "legendFormat": "Lease Watch Stream", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_committed_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Proposal Committed", + "refId": "A" + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Proposal Applied", + "refId": "B" + }, + { + "expr": "sum(rate(etcd_server_proposals_failed_total[$__rate_interval]))", + "interval": "", + "legendFormat": "Proposal Failed", + "refId": "C" + }, + { + "expr": "sum(etcd_server_proposals_pending)", + "interval": "", + "legendFormat": "Proposal Pending", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "RPC Rate", + "refId": "A" + }, + { + "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "RPC Failure Rate", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "WAL fsync", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[$__rate_interval])) by (instance, le))", + "interval": "", + "legendFormat": "DB fsync", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 2, + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / etcd", + "uid": "rancher-etcd-1", + "version": 4 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-k8s-components-nodes.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-k8s-components-nodes.json new file mode 100644 index 000000000..9de59be49 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-k8s-components-nodes.json @@ -0,0 +1,510 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 30, + "links": [], + "panels": [ + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(apiserver_request_total[$__rate_interval])) by (instance, code)", + "interval": "", + "legendFormat": "{{code}}({{instance}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Server Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (instance, name)", + "interval": "", + "legendFormat": "Deployment Depth ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (instance, name)", + "interval": "", + "legendFormat": "Volumes Depth ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (instance, name)", + "interval": "", + "legendFormat": "ReplicaSet Depth ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (instance, name)", + "interval": "", + "legendFormat": "Service Depth ({{instance}})", + "refId": "D" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (instance, name)", + "interval": "", + "legendFormat": "ServiceAccount Depth ({{instance}})", + "refId": "E" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (instance, name)", + "interval": "", + "legendFormat": "Endpoint Depth ({{instance}})", + "refId": "F" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (instance, name)", + "interval": "", + "legendFormat": "DaemonSet Depth ({{instance}})", + "refId": "G" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (instance, name)", + "interval": "", + "legendFormat": "StatefulSet Depth ({{instance}})", + "refId": "H" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (instance, name)", + "interval": "", + "legendFormat": "ReplicationManager Depth ({{instance}})", + "refId": "I" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Controller Manager Queue Depth", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", + "interval": "", + "legendFormat": "Failed To Schedule", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Pod Scheduling Status", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{instance}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"}) by (instance)", + "interval": "", + "legendFormat": "Reading ({{instance}})", + "refId": "A" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"}) by (instance)", + "interval": "", + "legendFormat": "Waiting ({{instance}})", + "refId": "B" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"}) by (instance)", + "interval": "", + "legendFormat": "Writing ({{instance}})", + "refId": "C" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[$__rate_interval]))) by (instance)", + "interval": "", + "legendFormat": "Accepted ({{instance}})", + "refId": "D" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[$__rate_interval]))) by (instance)", + "interval": "", + "legendFormat": "Handled ({{instance}})", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Ingress Controller Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Kubernetes Components (Nodes)", + "uid": "rancher-k8s-components-nodes-1", + "version": 5 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-k8s-components.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-k8s-components.json new file mode 100644 index 000000000..ddb0caca5 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/k8s/rancher-k8s-components.json @@ -0,0 +1,502 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 31, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(apiserver_request_total[$__rate_interval])) by (code)", + "interval": "", + "legendFormat": "{{code}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "API Server Request Rate", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 0, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]({{instance}})" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (name)", + "interval": "", + "legendFormat": "Deployment Depth", + "refId": "A" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (name)", + "interval": "", + "legendFormat": "Volumes Depth", + "refId": "B" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (name)", + "interval": "", + "legendFormat": "Replicaset Depth", + "refId": "C" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (name)", + "interval": "", + "legendFormat": "Service Depth", + "refId": "D" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (name)", + "interval": "", + "legendFormat": "ServiceAccount Depth", + "refId": "E" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (name)", + "interval": "", + "legendFormat": "Endpoint Depth", + "refId": "F" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (name)", + "interval": "", + "legendFormat": "DaemonSet Depth", + "refId": "G" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (name)", + "interval": "", + "legendFormat": "StatefulSet Depth", + "refId": "H" + }, + { + "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (name)", + "interval": "", + "legendFormat": "ReplicationManager Depth", + "refId": "I" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Controller Manager Queue Depth", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", + "interval": "", + "legendFormat": "Failed To Schedule", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Pod Scheduling Status", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"})", + "interval": "", + "legendFormat": "Reading", + "refId": "A" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"})", + "interval": "", + "legendFormat": "Waiting", + "refId": "B" + }, + { + "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"})", + "interval": "", + "legendFormat": "Writing", + "refId": "C" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[$__rate_interval])))", + "interval": "", + "legendFormat": "Accepted", + "refId": "D" + }, + { + "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[$__rate_interval])))", + "interval": "", + "legendFormat": "Handled", + "refId": "E" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Ingress Controller Connections", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Kubernetes Components", + "uid": "rancher-k8s-components-1", + "version": 5 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/nodes/rancher-node-detail.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/nodes/rancher-node-detail.json new file mode 100644 index 000000000..d71bc02b7 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/nodes/rancher-node-detail.json @@ -0,0 +1,789 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": { + "{{mode}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", instance=\"$instance\"}[$__rate_interval])) by (mode)", + "interval": "", + "legendFormat": "{{mode}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[5m]))", + "interval": "", + "legendFormat": "Load[5m]", + "refId": "A" + }, + { + "expr": "sum(node_load1{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[1m]))", + "interval": "", + "legendFormat": "Load[1m]", + "refId": "B" + }, + { + "expr": "sum(node_load15{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[15m]))", + "interval": "", + "legendFormat": "Load[15m]", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (node_memory_MemAvailable_bytes{instance=~\"$instance\"} OR windows_os_physical_memory_free_bytes{instance=~\"$instance\"}) / (node_memory_MemTotal_bytes{instance=~\"$instance\"} OR windows_cs_physical_memory_bytes{instance=~\"$instance\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) by (device) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) by (device))", + "interval": "", + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Read ({{device}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total{instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Write ({{device}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Errors ({{device}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Total ({{device}})", + "refId": "B" + }, + { + "expr": "sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Errors ({{device}})", + "refId": "C" + }, + { + "expr": "sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Dropped ({{device}})", + "refId": "D" + }, + { + "expr": "sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Dropped ({{device}})", + "refId": "E" + }, + { + "expr": "sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Total ({{device}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{device}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Transmit Total ({{device}})", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", + "interval": "", + "legendFormat": "Receive Total ({{device}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "query": "label_values({__name__=~\"node_exporter_build_info|windows_exporter_build_info\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Node (Detail)", + "uid": "rancher-node-detail-1", + "version": 3 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/nodes/rancher-node.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/nodes/rancher-node.json new file mode 100644 index 000000000..c4b77db64 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/nodes/rancher-node.json @@ -0,0 +1,776 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", instance=\"$instance\", mode=\"idle\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Load[5m]" + }, + "properties": [] + } + ] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_load5{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[5m]))", + "interval": "", + "legendFormat": "Load[5m]", + "refId": "A" + }, + { + "expr": "sum(node_load1{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[1m]))", + "interval": "", + "legendFormat": "Load[1m]", + "refId": "B" + }, + { + "expr": "sum(node_load15{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[15m]))", + "interval": "", + "legendFormat": "Load[15m]", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(node_memory_MemAvailable_bytes{instance=~\"$instance\"} OR windows_os_physical_memory_free_bytes{instance=~\"$instance\"}) / sum(node_memory_MemTotal_bytes{instance=~\"$instance\"} OR windows_cs_physical_memory_bytes{instance=~\"$instance\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}))", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "A" + }, + { + "expr": "sum(rate(node_disk_written_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total{instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 7 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "A" + }, + { + "expr": "(sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + }, + { + "expr": "(sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "C" + }, + { + "expr": "(sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "D" + }, + { + "expr": "(sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "E" + }, + { + "expr": "(sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "A" + }, + { + "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "query": "label_values({__name__=~\"node_exporter_build_info|windows_exporter_build_info\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Node", + "uid": "rancher-node-1", + "version": 3 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/pods/rancher-pod-containers.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/pods/rancher-pod-containers.json new file mode 100644 index 000000000..a625a552d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/pods/rancher-pod-containers.json @@ -0,0 +1,620 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "CFS throttled ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_cpu_system_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "System ({{container}})", + "refId": "B" + }, + { + "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Total ({{container}})", + "refId": "C" + }, + { + "expr": "sum(rate(container_cpu_user_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_usermode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "User ({{container}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"} OR windows_container_memory_usage_commit_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}) by (container)", + "interval": "", + "legendFormat": "({{container}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Total ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Total ({{container}})", + "refId": "B" + }, + { + "expr": "sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Dropped ({{container}})", + "refId": "C" + }, + { + "expr": "sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Errors ({{container}})", + "refId": "D" + }, + { + "expr": "sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Errors ({{container}})", + "refId": "E" + }, + { + "expr": "sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Dropped ({{container}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Receive Total ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Transmit Total ({{container}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{container}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Write ({{container}})", + "refId": "A" + }, + { + "expr": "sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", + "interval": "", + "legendFormat": "Read ({{container}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace!=\"\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace=\"$namespace\", pod!=\"\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Pod (Containers)", + "uid": "rancher-pod-containers-1", + "version": 8 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/pods/rancher-pod.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/pods/rancher-pod.json new file mode 100644 index 000000000..914a712e8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/pods/rancher-pod.json @@ -0,0 +1,620 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "CFS throttled", + "refId": "A" + }, + { + "expr": "sum(rate(container_cpu_system_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "System", + "refId": "B" + }, + { + "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Total", + "refId": "C" + }, + { + "expr": "sum(rate(container_cpu_user_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_usermode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "User", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"} OR windows_container_memory_usage_commit_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + }, + { + "expr": "sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "C" + }, + { + "expr": "sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "D" + }, + { + "expr": "sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "E" + }, + { + "expr": "sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Write", + "refId": "A" + }, + { + "expr": "sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", + "interval": "", + "legendFormat": "Read", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace!=\"\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace=\"$namespace\", pod!=\"\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Pod", + "uid": "rancher-pod-1", + "version": 8 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/workloads/rancher-workload-pods.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/workloads/rancher-workload-pods.json new file mode 100644 index 000000000..b6471576b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/workloads/rancher-workload-pods.json @@ -0,0 +1,636 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "CFS throttled ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_cpu_system_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "System ({{pod}})", + "refId": "B" + }, + { + "expr": "(sum(rate(container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Total ({{pod}})", + "refId": "C" + }, + { + "expr": "(sum(rate(container_cpu_user_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_usermode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "User ({{pod}})", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(container_memory_working_set_bytes{namespace=~\"$namespace\"} OR windows_container_memory_usage_commit_bytes{namespace=~\"$namespace\"}) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "({{pod}})", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Total ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Total ({{pod}})", + "refId": "B" + }, + { + "expr": "(sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Dropped ({{pod}})", + "refId": "C" + }, + { + "expr": "(sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Errors ({{pod}})", + "refId": "D" + }, + { + "expr": "(sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Errors ({{pod}})", + "refId": "E" + }, + { + "expr": "(sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Dropped ({{pod}})", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Receive Total ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Transmit Total ({{pod}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Write ({{pod}})", + "refId": "A" + }, + { + "expr": "(sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", + "interval": "", + "legendFormat": "Read ({{pod}})", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "query_result(kube_pod_info{namespace!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*namespace=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "kind", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_kind=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind=\"$kind\", created_by_name!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_name=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Workload (Pods)", + "uid": "rancher-workload-pods-1", + "version": 8 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/workloads/rancher-workload.json b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/workloads/rancher-workload.json new file mode 100644 index 000000000..ed352a34b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/files/rancher/workloads/rancher-workload.json @@ -0,0 +1,636 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 28, + "iteration": 1618265214337, + "links": [], + "panels": [ + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "CFS throttled", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_cpu_system_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "System", + "refId": "B" + }, + { + "expr": "sum((sum(rate(container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Total", + "refId": "C" + }, + { + "expr": "sum((sum(rate(container_cpu_user_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_usermode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "User", + "refId": "D" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "cpu", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(container_memory_working_set_bytes{namespace=~\"$namespace\"} OR windows_container_memory_usage_commit_bytes{namespace=~\"$namespace\"}) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Total", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Utilization", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + }, + { + "expr": "sum((sum(rate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Dropped", + "refId": "C" + }, + { + "expr": "sum((sum(rate(container_network_receive_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Errors", + "refId": "D" + }, + { + "expr": "sum((sum(rate(container_network_transmit_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Errors", + "refId": "E" + }, + { + "expr": "sum((sum(rate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Dropped", + "refId": "F" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network Traffic", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Receive Total", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Transmit Total", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Network I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": { + "{{pod}}": "#3797d5" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fieldConfig": { + "defaults": { + "custom": {} + }, + "overrides": [] + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 7 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "percentage": false, + "pluginVersion": "7.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum((sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Write", + "refId": "A" + }, + { + "expr": "sum((sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", + "interval": "", + "legendFormat": "Read", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": 1, + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 26, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "query": "query_result(kube_pod_info{namespace!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*namespace=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "kind", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_kind=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind=\"$kind\", created_by_name!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", + "refresh": 2, + "regex": "/.*created_by_name=\"([^\"]*)\"/", + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Rancher / Workload", + "uid": "rancher-workload-1", + "version": 8 +} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/NOTES.txt b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/NOTES.txt new file mode 100644 index 000000000..371f3ae39 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/NOTES.txt @@ -0,0 +1,4 @@ +{{ $.Chart.Name }} has been installed. Check its status by running: + kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pods -l "release={{ $.Release.Name }}" + +Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator. diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/_helpers.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/_helpers.tpl new file mode 100644 index 000000000..b47ae096c --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/_helpers.tpl @@ -0,0 +1,251 @@ +# Rancher +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- end -}} +{{- end -}} + +{{/* +https://github.com/helm/helm/issues/4535#issuecomment-477778391 +Usage: {{ include "call-nested" (list . "SUBCHART_NAME" "TEMPLATE") }} +e.g. {{ include "call-nested" (list . "grafana" "grafana.fullname") }} +*/}} +{{- define "call-nested" }} +{{- $dot := index . 0 }} +{{- $subchart := index . 1 | splitList "." }} +{{- $template := index . 2 }} +{{- $values := $dot.Values }} +{{- range $subchart }} +{{- $values = index $values . }} +{{- end }} +{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} +{{- end }} + +# Special Exporters +{{- define "exporter.kubeEtcd.enabled" -}} +{{- if or .Values.kubeEtcd.enabled .Values.rkeEtcd.enabled .Values.kubeAdmEtcd.enabled .Values.rke2Etcd.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeControllerManager.enabled" -}} +{{- if or .Values.kubeControllerManager.enabled .Values.rkeControllerManager.enabled .Values.k3sServer.enabled .Values.kubeAdmControllerManager.enabled .Values.rke2ControllerManager.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeScheduler.enabled" -}} +{{- if or .Values.kubeScheduler.enabled .Values.rkeScheduler.enabled .Values.k3sServer.enabled .Values.kubeAdmScheduler.enabled .Values.rke2Scheduler.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeProxy.enabled" -}} +{{- if or .Values.kubeProxy.enabled .Values.rkeProxy.enabled .Values.k3sServer.enabled .Values.kubeAdmProxy.enabled .Values.rke2Proxy.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubelet.enabled" -}} +{{- if or .Values.kubelet.enabled .Values.hardenedKubelet.enabled .Values.k3sServer.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeletService.enabled" -}} +{{- if or .Values.hardenedKubelet.enabled .Values.prometheusOperator.kubeletService.enabled .Values.k3sServer.enabled -}} +"true" +{{- end -}} +{{- end }} + +{{- define "exporter.kubeControllerManager.jobName" -}} +{{- if .Values.k3sServer.enabled -}} +k3s-server +{{- else -}} +kube-controller-manager +{{- end -}} +{{- end }} + +{{- define "exporter.kubeScheduler.jobName" -}} +{{- if .Values.k3sServer.enabled -}} +k3s-server +{{- else -}} +kube-scheduler +{{- end -}} +{{- end }} + +{{- define "exporter.kubeProxy.jobName" -}} +{{- if .Values.k3sServer.enabled -}} +k3s-server +{{- else -}} +kube-proxy +{{- end -}} +{{- end }} + +{{- define "exporter.kubelet.jobName" -}} +{{- if .Values.k3sServer.enabled -}} +k3s-server +{{- else -}} +kubelet +{{- end -}} +{{- end }} + +{{- define "kubelet.serviceMonitor.resourcePath" -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if not (eq .Values.kubelet.serviceMonitor.resourcePath "/metrics/resource/v1alpha1") -}} +{{ .Values.kubelet.serviceMonitor.resourcePath }} +{{- else if semverCompare ">=1.20.0-0" $kubeTargetVersion -}} +/metrics/resource +{{- else -}} +/metrics/resource/v1alpha1 +{{- end -}} +{{- end }} + +# Windows Support + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} + +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +beta.kubernetes.io/os: linux +{{- else -}} +kubernetes.io/os: linux +{{- end -}} +{{- end -}} + +# Prometheus Operator + +{{/* vim: set filetype=mustache: */}} +{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}} +{{- define "kube-prometheus-stack.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +The components in this chart create additional resources that expand the longest created name strings. +The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26. +*/}} +{{- define "kube-prometheus-stack.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 26 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Fullname suffixed with operator */}} +{{- define "kube-prometheus-stack.operator.fullname" -}} +{{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}} +{{- end }} + +{{/* Fullname suffixed with prometheus */}} +{{- define "kube-prometheus-stack.prometheus.fullname" -}} +{{- printf "%s-prometheus" (include "kube-prometheus-stack.fullname" .) -}} +{{- end }} + +{{/* Fullname suffixed with alertmanager */}} +{{- define "kube-prometheus-stack.alertmanager.fullname" -}} +{{- printf "%s-alertmanager" (include "kube-prometheus-stack.fullname" .) -}} +{{- end }} + +{{/* Create chart name and version as used by the chart label. */}} +{{- define "kube-prometheus-stack.chartref" -}} +{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} +{{- end }} + +{{/* Generate basic labels */}} +{{- define "kube-prometheus-stack.labels" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" +app.kubernetes.io/part-of: {{ template "kube-prometheus-stack.name" . }} +chart: {{ template "kube-prometheus-stack.chartref" . }} +release: {{ $.Release.Name | quote }} +heritage: {{ $.Release.Service | quote }} +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} +{{- end }} + +{{/* Create the name of kube-prometheus-stack service account to use */}} +{{- define "kube-prometheus-stack.operator.serviceAccountName" -}} +{{- if .Values.prometheusOperator.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.operator.fullname" .) .Values.prometheusOperator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheusOperator.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* Create the name of prometheus service account to use */}} +{{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}} +{{- if .Values.prometheus.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* Create the name of alertmanager service account to use */}} +{{- define "kube-prometheus-stack.alertmanager.serviceAccountName" -}} +{{- if .Values.alertmanager.serviceAccount.create -}} + {{ default (include "kube-prometheus-stack.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.alertmanager.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-prometheus-stack.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* Allow KubeVersion to be overridden. */}} +{{- define "kube-prometheus-stack.ingress.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}} +{{- end -}} + +{{/* Get Ingress API Version */}} +{{- define "kube-prometheus-stack.ingress.apiVersion" -}} + {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19.x" (include "kube-prometheus-stack.ingress.kubeVersion" .)) -}} + {{- print "networking.k8s.io/v1" -}} + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "extensions/v1beta1" -}} + {{- end -}} +{{- end -}} + +{{/* Check Ingress stability */}} +{{- define "kube-prometheus-stack.ingress.isStable" -}} + {{- eq (include "kube-prometheus-stack.ingress.apiVersion" .) "networking.k8s.io/v1" -}} +{{- end -}} + +{{/* Check Ingress supports pathType */}} +{{/* pathType was added to networking.k8s.io/v1beta1 in Kubernetes 1.18 */}} +{{- define "kube-prometheus-stack.ingress.supportsPathType" -}} + {{- or (eq (include "kube-prometheus-stack.ingress.isStable" .) "true") (and (eq (include "kube-prometheus-stack.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "kube-prometheus-stack.ingress.kubeVersion" .))) -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/alertmanager.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/alertmanager.yaml new file mode 100644 index 000000000..43d9954ca --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/alertmanager.yaml @@ -0,0 +1,151 @@ +{{- if .Values.alertmanager.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: Alertmanager +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.alertmanager.annotations }} + annotations: +{{ toYaml .Values.alertmanager.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.alertmanager.alertmanagerSpec.image }} + image: {{ template "system_default_registry" . }}{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }} + version: {{ .Values.alertmanager.alertmanagerSpec.image.tag }} + {{- if .Values.alertmanager.alertmanagerSpec.image.sha }} + sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }} + {{- end }} +{{- end }} + replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }} + listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }} + serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} +{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }} + externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}" +{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }} + externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" +{{- else if not (or (kindIs "invalid" .Values.global.cattle.url) (kindIs "invalid" .Values.global.cattle.clusterId)) }} + externalUrl: "{{ .Values.global.cattle.url }}/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Values.namespaceOverride }}/services/http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}/proxy" +{{- else }} + externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} +{{- if .Values.alertmanager.alertmanagerSpec.nodeSelector }} +{{ toYaml .Values.alertmanager.alertmanagerSpec.nodeSelector | indent 4 }} +{{- end }} + paused: {{ .Values.alertmanager.alertmanagerSpec.paused }} + logFormat: {{ .Values.alertmanager.alertmanagerSpec.logFormat | quote }} + logLevel: {{ .Values.alertmanager.alertmanagerSpec.logLevel | quote }} + retention: {{ .Values.alertmanager.alertmanagerSpec.retention | quote }} +{{- if .Values.alertmanager.alertmanagerSpec.secrets }} + secrets: +{{ toYaml .Values.alertmanager.alertmanagerSpec.secrets | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.configSecret }} + configSecret: {{ .Values.alertmanager.alertmanagerSpec.configSecret }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.configMaps }} + configMaps: +{{ toYaml .Values.alertmanager.alertmanagerSpec.configMaps | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }} + alertmanagerConfigSelector: +{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4}} +{{ else }} + alertmanagerConfigSelector: {} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector }} + alertmanagerConfigNamespaceSelector: +{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4}} +{{ else }} + alertmanagerConfigNamespaceSelector: {} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.resources }} + resources: +{{ toYaml .Values.alertmanager.alertmanagerSpec.resources | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.routePrefix }} + routePrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.securityContext }} + securityContext: +{{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.storage }} + storage: +{{ toYaml .Values.alertmanager.alertmanagerSpec.storage | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.podMetadata }} + podMetadata: +{{ toYaml .Values.alertmanager.alertmanagerSpec.podMetadata | indent 4 }} +{{- end }} +{{- if or .Values.alertmanager.alertmanagerSpec.podAntiAffinity .Values.alertmanager.alertmanagerSpec.affinity }} + affinity: +{{- if .Values.alertmanager.alertmanagerSpec.affinity }} +{{ toYaml .Values.alertmanager.alertmanagerSpec.affinity | indent 4 }} +{{- end }} +{{- if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app, operator: In, values: [alertmanager]} + - {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]} +{{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app, operator: In, values: [alertmanager]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-alertmanager]} +{{- end }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} +{{- if .Values.alertmanager.alertmanagerSpec.tolerations }} +{{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.containers }} + containers: +{{ toYaml .Values.alertmanager.alertmanagerSpec.containers | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.initContainers }} + initContainers: +{{ toYaml .Values.alertmanager.alertmanagerSpec.initContainers | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.priorityClassName }} + priorityClassName: {{.Values.alertmanager.alertmanagerSpec.priorityClassName }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.additionalPeers }} + additionalPeers: +{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalPeers | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.volumes }} + volumes: +{{ toYaml .Values.alertmanager.alertmanagerSpec.volumes | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.volumeMounts }} + volumeMounts: +{{ toYaml .Values.alertmanager.alertmanagerSpec.volumeMounts | indent 4 }} +{{- end }} + portName: {{ .Values.alertmanager.alertmanagerSpec.portName }} +{{- if .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }} + clusterAdvertiseAddress: {{ .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }} +{{- end }} +{{- if .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }} + forceEnableClusterMode: {{ .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/ingress.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/ingress.yaml new file mode 100644 index 000000000..f337502e9 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/ingress.yaml @@ -0,0 +1,77 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }} +{{- $pathType := .Values.alertmanager.ingress.pathType | default "" }} +{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} +{{- $servicePort := .Values.alertmanager.service.port -}} +{{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }} +{{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}} +{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} +apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $serviceName }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.alertmanager.ingress.annotations }} + annotations: +{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{- if .Values.alertmanager.ingress.labels }} +{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if $apiIsStable }} + {{- if .Values.alertmanager.ingress.ingressClassName }} + ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.alertmanager.ingress.hosts }} + {{- range $host := .Values.alertmanager.ingress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if and $pathType $ingressSupportsPathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if $apiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if and $pathType $ingressSupportsPathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if $apiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- if .Values.alertmanager.ingress.tls }} + tls: +{{ tpl (toYaml .Values.alertmanager.ingress.tls | indent 4) . }} + {{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/ingressperreplica.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/ingressperreplica.yaml new file mode 100644 index 000000000..f21bf9616 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/ingressperreplica.yaml @@ -0,0 +1,67 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }} +{{- $pathType := .Values.alertmanager.ingressPerReplica.pathType | default "" }} +{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}} +{{- $servicePort := .Values.alertmanager.service.port -}} +{{- $ingressValues := .Values.alertmanager.ingressPerReplica -}} +{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-ingressperreplica + namespace: {{ template "kube-prometheus-stack.namespace" . }} +items: +{{ range $i, $e := until $count }} + - kind: Ingress + apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" $ }} + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager + {{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $ingressValues.labels }} +{{ toYaml $ingressValues.labels | indent 8 }} + {{- end }} + {{- if $ingressValues.annotations }} + annotations: +{{ toYaml $ingressValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if $apiIsStable }} + {{- if $ingressValues.ingressClassName }} + ingressClassName: {{ $ingressValues.ingressClassName }} + {{- end }} + {{- end }} + rules: + - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + http: + paths: + {{- range $p := $ingressValues.paths }} + - path: {{ tpl $p $ }} + {{- if and $pathType $ingressSupportsPathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if $apiIsStable }} + service: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }} + tls: + - hosts: + - {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + {{- if $ingressValues.tlsSecretPerReplica.enabled }} + secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }} + {{- else }} + secretName: {{ $ingressValues.tlsSecretName }} + {{- end }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/podDisruptionBudget.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/podDisruptionBudget.yaml new file mode 100644 index 000000000..1dbe809cd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/podDisruptionBudget.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if .Values.alertmanager.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.alertmanager.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.alertmanager.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: alertmanager + alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp-role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp-role.yaml new file mode 100644 index 000000000..d64d1f813 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp-role.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp-rolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp-rolebinding.yaml new file mode 100644 index 000000000..9248cc8dd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp-rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp.yaml new file mode 100644 index 000000000..6fa445009 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/psp.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} + diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/secret.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/secret.yaml new file mode 100644 index 000000000..d10a27921 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/secret.yaml @@ -0,0 +1,29 @@ +{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }} +{{/* This file is applied when the operation is helm install and the target secret does not exist. */}} +{{- $secretName := (printf "alertmanager-%s-alertmanager" (include "kube-prometheus-stack.fullname" .)) }} +{{- if (not (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName)) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "3" + "helm.sh/resource-policy": keep +{{- if .Values.alertmanager.secret.annotations }} +{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: +{{- if .Values.alertmanager.tplConfig }} + alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }} +{{- else }} + alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }} +{{- end}} +{{- range $key, $val := .Values.alertmanager.templateFiles }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end }} +{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/service.yaml new file mode 100644 index 000000000..bbcc60f2b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/service.yaml @@ -0,0 +1,50 @@ +{{- if .Values.alertmanager.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + self-monitor: {{ .Values.alertmanager.serviceMonitor.selfMonitor | quote }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.alertmanager.service.labels }} +{{ toYaml .Values.alertmanager.service.labels | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.service.annotations }} + annotations: +{{ toYaml .Values.alertmanager.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.alertmanager.service.clusterIP }} + clusterIP: {{ .Values.alertmanager.service.clusterIP }} +{{- end }} +{{- if .Values.alertmanager.service.externalIPs }} + externalIPs: +{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.alertmanager.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }} +{{- end }} +{{- if .Values.alertmanager.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: {{ .Values.alertmanager.alertmanagerSpec.portName }} + {{- if eq .Values.alertmanager.service.type "NodePort" }} + nodePort: {{ .Values.alertmanager.service.nodePort }} + {{- end }} + port: {{ .Values.alertmanager.service.port }} + targetPort: {{ .Values.alertmanager.service.targetPort }} + protocol: TCP +{{- if .Values.alertmanager.service.additionalPorts }} +{{ toYaml .Values.alertmanager.service.additionalPorts | indent 2 }} +{{- end }} + selector: + app: alertmanager + alertmanager: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + type: "{{ .Values.alertmanager.service.type }}" +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/serviceaccount.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/serviceaccount.yaml new file mode 100644 index 000000000..066c7fc89 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/serviceaccount.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-alertmanager + app.kubernetes.io/component: alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.alertmanager.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/servicemonitor.yaml new file mode 100644 index 000000000..2dc9b8684 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/servicemonitor.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-alertmanager + release: {{ $.Release.Name | quote }} + self-monitor: "true" + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} + endpoints: + - port: {{ .Values.alertmanager.alertmanagerSpec.portName }} + {{- if .Values.alertmanager.serviceMonitor.interval }} + interval: {{ .Values.alertmanager.serviceMonitor.interval }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.scheme }} + scheme: {{ .Values.alertmanager.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.alertmanager.serviceMonitor.bearerTokenFile }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.tlsConfig }} + tlsConfig: {{ toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + path: "{{ trimSuffix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}/metrics" +{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.alertmanager.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.alertmanager.serviceMonitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/serviceperreplica.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/serviceperreplica.yaml new file mode 100644 index 000000000..0f12ae879 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/alertmanager/serviceperreplica.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled }} +{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}} +{{- $serviceValues := .Values.alertmanager.servicePerReplica -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-serviceperreplica + namespace: {{ template "kube-prometheus-stack.namespace" . }} +items: +{{- range $i, $e := until $count }} + - apiVersion: v1 + kind: Service + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $serviceValues.annotations }} + annotations: +{{ toYaml $serviceValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if $serviceValues.clusterIP }} + clusterIP: {{ $serviceValues.clusterIP }} + {{- end }} + {{- if $serviceValues.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := $serviceValues.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + ports: + - name: {{ $.Values.alertmanager.alertmanagerSpec.portName }} + {{- if eq $serviceValues.type "NodePort" }} + nodePort: {{ $serviceValues.nodePort }} + {{- end }} + port: {{ $serviceValues.port }} + targetPort: {{ $serviceValues.targetPort }} + selector: + app: alertmanager + alertmanager: {{ template "kube-prometheus-stack.fullname" $ }}-alertmanager + statefulset.kubernetes.io/pod-name: alertmanager-{{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} + type: "{{ $serviceValues.type }}" +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/core-dns/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/core-dns/service.yaml new file mode 100644 index 000000000..f77db4199 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/core-dns/service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.coreDns.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-coredns + labels: + app: {{ template "kube-prometheus-stack.name" . }}-coredns + jobLabel: coredns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.coreDns.service.port }} + protocol: TCP + targetPort: {{ .Values.coreDns.service.targetPort }} + selector: + {{- if .Values.coreDns.service.selector }} +{{ toYaml .Values.coreDns.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-dns + {{- end}} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/core-dns/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/core-dns/servicemonitor.yaml new file mode 100644 index 000000000..041707f02 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/core-dns/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if .Values.coreDns.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-coredns + namespace: "kube-system" + labels: + app: {{ template "kube-prometheus-stack.name" . }}-coredns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-coredns + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.coreDns.serviceMonitor.interval}} + interval: {{ .Values.coreDns.serviceMonitor.interval }} + {{- end }} + {{- if .Values.coreDns.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.coreDns.serviceMonitor.proxyUrl}} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.coreDns.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.coreDns.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.coreDns.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.coreDns.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-api-server/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-api-server/servicemonitor.yaml new file mode 100644 index 000000000..df28b970f --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-api-server/servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.kubeApiServer.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-apiserver + namespace: default + labels: + app: {{ template "kube-prometheus-stack.name" . }}-apiserver +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeApiServer.serviceMonitor.interval }} + interval: {{ .Values.kubeApiServer.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubeApiServer.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubeApiServer.serviceMonitor.proxyUrl}} + {{- end }} + port: https + scheme: https +{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.kubeApiServer.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeApiServer.serviceMonitor.relabelings | indent 6 }} +{{- end }} + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: {{ .Values.kubeApiServer.tlsConfig.serverName }} + insecureSkipVerify: {{ .Values.kubeApiServer.tlsConfig.insecureSkipVerify }} + jobLabel: {{ .Values.kubeApiServer.serviceMonitor.jobLabel }} + namespaceSelector: + matchNames: + - default + selector: +{{ toYaml .Values.kubeApiServer.serviceMonitor.selector | indent 4 }} +{{- end}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/endpoints.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/endpoints.yaml new file mode 100644 index 000000000..413193028 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager + k8s-app: kube-controller-manager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeControllerManager.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/service.yaml new file mode 100644 index 000000000..d55ca2a10 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager + jobLabel: kube-controller-manager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeControllerManager.service.targetPort }} +{{- if .Values.kubeControllerManager.endpoints }}{{- else }} + selector: + {{- if .Values.kubeControllerManager.service.selector }} +{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }} + {{- else}} + component: kube-controller-manager + {{- end}} +{{- end }} + type: ClusterIP +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/servicemonitor.yaml new file mode 100644 index 000000000..689dc0e31 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-controller-manager/servicemonitor.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager + namespace: "kube-system" + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeControllerManager.serviceMonitor.interval }} + interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeControllerManager.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubeControllerManager.serviceMonitor.proxyUrl}} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.serverName }} + serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }} + {{- end }} + {{- end }} +{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeControllerManager.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-dns/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-dns/service.yaml new file mode 100644 index 000000000..c7bf142d5 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-dns/service.yaml @@ -0,0 +1,28 @@ +{{- if .Values.kubeDns.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-dns + jobLabel: kube-dns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics-dnsmasq + port: {{ .Values.kubeDns.service.dnsmasq.port }} + protocol: TCP + targetPort: {{ .Values.kubeDns.service.dnsmasq.targetPort }} + - name: http-metrics-skydns + port: {{ .Values.kubeDns.service.skydns.port }} + protocol: TCP + targetPort: {{ .Values.kubeDns.service.skydns.targetPort }} + selector: + {{- if .Values.kubeDns.service.selector }} +{{ toYaml .Values.kubeDns.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-dns + {{- end}} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-dns/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-dns/servicemonitor.yaml new file mode 100644 index 000000000..923a5bcfa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-dns/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- if .Values.kubeDns.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns + namespace: "kube-system" + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-dns +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-dns + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics-dnsmasq + {{- if .Values.kubeDns.serviceMonitor.interval }} + interval: {{ .Values.kubeDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeDns.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubeDns.serviceMonitor.proxyUrl}} + {{- end }} +{{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeDns.serviceMonitor.dnsmasqRelabelings }} + relabelings: +{{ toYaml .Values.kubeDns.serviceMonitor.dnsmasqRelabelings | indent 4 }} +{{- end }} + - port: http-metrics-skydns + {{- if .Values.kubeDns.serviceMonitor.interval }} + interval: {{ .Values.kubeDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubeDns.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeDns.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeDns.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeDns.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/endpoints.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/endpoints.yaml new file mode 100644 index 000000000..8f07a5cc2 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd + k8s-app: etcd-server +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeEtcd.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeEtcd.service.port }} + protocol: TCP +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/service.yaml new file mode 100644 index 000000000..b2677e280 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd + jobLabel: kube-etcd +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeEtcd.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeEtcd.service.targetPort }} +{{- if .Values.kubeEtcd.endpoints }}{{- else }} + selector: + {{- if .Values.kubeEtcd.service.selector }} +{{ toYaml .Values.kubeEtcd.service.selector | indent 4 }} + {{- else}} + component: etcd + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/servicemonitor.yaml new file mode 100644 index 000000000..689e1fdc9 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-etcd/servicemonitor.yaml @@ -0,0 +1,53 @@ +{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeEtcd.serviceMonitor.interval }} + interval: {{ .Values.kubeEtcd.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeEtcd.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubeEtcd.serviceMonitor.proxyUrl}} + {{- end }} + {{- if eq .Values.kubeEtcd.serviceMonitor.scheme "https" }} + scheme: https + tlsConfig: + {{- if .Values.kubeEtcd.serviceMonitor.serverName }} + serverName: {{ .Values.kubeEtcd.serviceMonitor.serverName }} + {{- end }} + {{- if .Values.kubeEtcd.serviceMonitor.caFile }} + caFile: {{ .Values.kubeEtcd.serviceMonitor.caFile }} + {{- end }} + {{- if .Values.kubeEtcd.serviceMonitor.certFile }} + certFile: {{ .Values.kubeEtcd.serviceMonitor.certFile }} + {{- end }} + {{- if .Values.kubeEtcd.serviceMonitor.keyFile }} + keyFile: {{ .Values.kubeEtcd.serviceMonitor.keyFile }} + {{- end}} + insecureSkipVerify: {{ .Values.kubeEtcd.serviceMonitor.insecureSkipVerify }} + {{- end }} +{{- if .Values.kubeEtcd.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeEtcd.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeEtcd.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/endpoints.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/endpoints.yaml new file mode 100644 index 000000000..2cb756d15 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy + k8s-app: kube-proxy +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeProxy.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeProxy.service.port }} + protocol: TCP +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/service.yaml new file mode 100644 index 000000000..6a93319ef --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy + jobLabel: kube-proxy +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeProxy.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeProxy.service.targetPort }} +{{- if .Values.kubeProxy.endpoints }}{{- else }} + selector: + {{- if .Values.kubeProxy.service.selector }} +{{ toYaml .Values.kubeProxy.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-proxy + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/servicemonitor.yaml new file mode 100644 index 000000000..bc3b7be1d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-proxy/servicemonitor.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeProxy.serviceMonitor.interval }} + interval: {{ .Values.kubeProxy.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeProxy.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubeProxy.serviceMonitor.proxyUrl}} + {{- end }} + {{- if .Values.kubeProxy.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- end}} +{{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4 }} +{{- end }} +{{- if .Values.kubeProxy.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeProxy.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/endpoints.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/endpoints.yaml new file mode 100644 index 000000000..f4ad60fd6 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/endpoints.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler + k8s-app: kube-scheduler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +subsets: + - addresses: + {{- range .Values.kubeScheduler.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port }} + protocol: TCP +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/service.yaml new file mode 100644 index 000000000..7a9c53da0 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/service.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler + jobLabel: kube-scheduler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: kube-system +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port}} + protocol: TCP + targetPort: {{ .Values.kubeScheduler.service.targetPort}} +{{- if .Values.kubeScheduler.endpoints }}{{- else }} + selector: + {{- if .Values.kubeScheduler.service.selector }} +{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }} + {{- else}} + component: kube-scheduler + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/servicemonitor.yaml new file mode 100644 index 000000000..a9a454bc4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-scheduler/servicemonitor.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - "kube-system" + endpoints: + - port: http-metrics + {{- if .Values.kubeScheduler.serviceMonitor.interval }} + interval: {{ .Values.kubeScheduler.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeScheduler.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubeScheduler.serviceMonitor.proxyUrl}} + {{- end }} + {{- if .Values.kubeScheduler.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + {{- end}} + {{- if .Values.kubeScheduler.serviceMonitor.serverName }} + serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }} + {{- end}} + {{- end}} +{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeScheduler.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeScheduler.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-state-metrics/serviceMonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-state-metrics/serviceMonitor.yaml new file mode 100644 index 000000000..caeaa1e44 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kube-state-metrics/serviceMonitor.yaml @@ -0,0 +1,42 @@ +{{- if .Values.kubeStateMetrics.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kube-state-metrics + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kube-state-metrics +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: app.kubernetes.io/name + endpoints: + - port: http + {{- if .Values.kubeStateMetrics.serviceMonitor.interval }} + interval: {{ .Values.kubeStateMetrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubeStateMetrics.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubeStateMetrics.serviceMonitor.proxyUrl}} + {{- end }} + honorLabels: true +{{- if .Values.kubeStateMetrics.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubeStateMetrics.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubeStateMetrics.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubeStateMetrics.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- if .Values.kubeStateMetrics.serviceMonitor.namespaceOverride }} + namespaceSelector: + matchNames: + - {{ .Values.kubeStateMetrics.serviceMonitor.namespaceOverride }} +{{- end }} + selector: + matchLabels: +{{- if .Values.kubeStateMetrics.serviceMonitor.selectorOverride }} +{{ toYaml .Values.kubeStateMetrics.serviceMonitor.selectorOverride | indent 6 }} +{{ else }} + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/instance: "{{ $.Release.Name }}" +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kubelet/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kubelet/servicemonitor.yaml new file mode 100644 index 000000000..9d707a552 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/kubelet/servicemonitor.yaml @@ -0,0 +1,176 @@ +{{- if (and (not .Values.kubelet.enabled) .Values.hardenedKubelet.enabled) }} +{{ required "Cannot set .Values.hardenedKubelet.enabled=true when .Values.kubelet.enabled=false" "" }} +{{- end }} +{{- if (and .Values.kubelet.enabled (not .Values.hardenedKubelet.enabled) (not .Values.k3sServer.enabled)) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-kubelet + namespace: {{ .Values.kubelet.namespace }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-kubelet +{{- include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + endpoints: + {{- if .Values.kubelet.serviceMonitor.https }} + - port: https-metrics + scheme: https + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} + {{- end }} + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisor }} + - port: https-metrics + scheme: https + path: /metrics/cadvisor + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: true + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.probes }} + - port: https-metrics + scheme: https + path: /metrics/probes + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} + {{- end }} + honorLabels: true + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.probesRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resource }} + - port: https-metrics + scheme: https + path: {{ include "kubelet.serviceMonitor.resourcePath" . }} + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} + {{- end }} + honorLabels: true + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4 }} +{{- end }} +{{- end }} + {{- else }} + - port: http-metrics + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} + {{- end }} + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisor }} + - port: http-metrics + path: /metrics/cadvisor + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} + {{- end }} + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4 }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resource }} + - port: http-metrics + path: {{ include "kubelet.serviceMonitor.resourcePath" . }} + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} + {{- end }} + honorLabels: true +{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }} + relabelings: +{{ toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4 }} +{{- end }} +{{- end }} +{{- end }} + {{- end }} + jobLabel: k8s-app + namespaceSelector: + matchNames: + - {{ .Values.kubelet.namespace }} + selector: + matchLabels: + app.kubernetes.io/managed-by: prometheus-operator + k8s-app: kubelet +{{- end}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/node-exporter/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/node-exporter/servicemonitor.yaml new file mode 100644 index 000000000..09b6edf7b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/exporters/node-exporter/servicemonitor.yaml @@ -0,0 +1,43 @@ +{{- if (and (not .Values.nodeExporter.enabled) .Values.hardenedNodeExporter.enabled) }} +{{ required "Cannot set .Values.hardenedNodeExporter.enabled=true when .Values.nodeExporter.enabled=false" "" }} +{{- end }} +{{- if (and .Values.nodeExporter.enabled (not .Values.hardenedNodeExporter.enabled)) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-node-exporter + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-node-exporter +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: {{ .Values.nodeExporter.jobLabel }} + selector: + matchLabels: + app: prometheus-node-exporter + release: {{ $.Release.Name }} + {{- if (index .Values "prometheus-node-exporter" "namespaceOverride") }} + namespaceSelector: + matchNames: + - {{ index .Values "prometheus-node-exporter" "namespaceOverride" }} + {{- end }} + endpoints: + - port: metrics + {{- if .Values.nodeExporter.serviceMonitor.interval }} + interval: {{ .Values.nodeExporter.serviceMonitor.interval }} + {{- end }} + {{- if .Values.nodeExporter.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.nodeExporter.serviceMonitor.proxyUrl}} + {{- end }} + {{- if .Values.nodeExporter.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.nodeExporter.serviceMonitor.scrapeTimeout }} + {{- end }} +{{- if .Values.nodeExporter.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.nodeExporter.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.nodeExporter.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.nodeExporter.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/configmap-dashboards.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/configmap-dashboards.yaml new file mode 100644 index 000000000..c455f5365 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/configmap-dashboards.yaml @@ -0,0 +1,24 @@ +{{- if or (and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled) .Values.grafana.forceDeployDashboards }} +{{- $files := .Files.Glob "dashboards-1.14/*.json" }} +{{- if $files }} +apiVersion: v1 +kind: ConfigMapList +items: +{{- range $path, $fileContents := $files }} +{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} +- apiVersion: v1 + kind: ConfigMap + metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) $dashboardName | trunc 63 | trimSuffix "-" }} + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 6 }} + data: + {{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/configmaps-datasources.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/configmaps-datasources.yaml new file mode 100644 index 000000000..dc74664fa --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/configmaps-datasources.yaml @@ -0,0 +1,47 @@ +{{- if or (and .Values.grafana.enabled .Values.grafana.sidecar.datasources.enabled) .Values.grafana.forceDeployDatasources }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-grafana-datasource + namespace: {{ default .Values.grafana.sidecar.datasources.searchNamespace (include "kube-prometheus-stack.namespace" .) }} +{{- if .Values.grafana.sidecar.datasources.annotations }} + annotations: +{{ toYaml .Values.grafana.sidecar.datasources.annotations | indent 4 }} +{{- end }} + labels: + {{ $.Values.grafana.sidecar.datasources.label }}: "1" + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + datasource.yaml: |- + apiVersion: 1 + datasources: +{{- $scrapeInterval := .Values.grafana.sidecar.datasources.defaultDatasourceScrapeInterval | default .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }} +{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} + - name: Prometheus + type: prometheus + {{- if .Values.grafana.sidecar.datasources.url }} + url: {{ .Values.grafana.sidecar.datasources.url }} + {{- else }} + url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }} + {{- end }} + access: proxy + isDefault: true + jsonData: + timeInterval: {{ $scrapeInterval }} +{{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }} +{{- range until (int .Values.prometheus.prometheusSpec.replicas) }} + - name: Prometheus-{{ . }} + type: prometheus + url: http://prometheus-{{ template "kube-prometheus-stack.fullname" $ }}-prometheus-{{ . }}.prometheus-operated:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }} + access: proxy + isDefault: false + jsonData: + timeInterval: {{ $scrapeInterval }} +{{- end }} +{{- end }} +{{- end }} +{{- if .Values.grafana.additionalDataSources }} +{{ tpl (toYaml .Values.grafana.additionalDataSources | indent 4) . }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/apiserver.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/apiserver.yaml new file mode 100644 index 000000000..0e8c7bab6 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/apiserver.yaml @@ -0,0 +1,1747 @@ +{{- /* +Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeApiServer.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "apiserver" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + apiserver.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "content": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.", + "datasource": null, + "description": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.", + "gridPos": { + "h": 2, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "mode": "markdown", + "span": 12, + "title": "Notice", + "type": "text" + } + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 3, + "description": "How many percent of requests (both read and write) in 30 days have been answered successfully and fast enough?", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Availability (30d) > 99.000%", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": 3, + "description": "How much error budget is left looking at our 0.990% availability guarantees?", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "100 * (apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"} - 0.990000)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "errorbudget", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ErrorBudget (30d) > 99.000%", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "decimals": 3, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "decimals": 3, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 3, + "description": "How many percent of read requests (LIST,GET) in 30 days have been answered successfully and fast enough?", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "apiserver_request:availability30d{verb=\"read\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Read Availability (30d)", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many read requests (LIST,GET) per second do the apiservers get by code?", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/2../i", + "color": "#56A64B" + }, + { + "alias": "/3../i", + "color": "#F2CC0C" + }, + { + "alias": "/4../i", + "color": "#3274D9" + }, + { + "alias": "/5../i", + "color": "#E02F44" + } + ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} code {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Read SLI - Requests", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many percent of read requests (LIST,GET) per second are returned with errors (5xx)?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Read SLI - Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many seconds is the 99th percentile for reading (LIST|GET) a given resource?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "cluster_quantile:apiserver_request_duration_seconds:histogram_quantile{verb=\"read\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Read SLI - Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 3, + "description": "How many percent of write requests (POST|PUT|PATCH|DELETE) in 30 days have been answered successfully and fast enough?", + "format": "percentunit", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 9, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "apiserver_request:availability30d{verb=\"write\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Write Availability (30d)", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many write requests (POST|PUT|PATCH|DELETE) per second do the apiservers get by code?", + "fill": 10, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/2../i", + "color": "#56A64B" + }, + { + "alias": "/3../i", + "color": "#F2CC0C" + }, + { + "alias": "/4../i", + "color": "#3274D9" + }, + { + "alias": "/5../i", + "color": "#E02F44" + } + ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} code {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Write SLI - Requests", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "reqps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many percent of write requests (POST|PUT|PATCH|DELETE) per second are returned with errors (5xx)?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Write SLI - Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "How many seconds is the 99th percentile for writing (POST|PUT|PATCH|DELETE) a given resource?", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "cluster_quantile:apiserver_request_duration_seconds:histogram_quantile{verb=\"write\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}} resource {{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Write SLI - Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_adds_total{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Add Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_depth{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Depth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 15, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[5m])) by (instance, name, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Latency", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 17, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 18, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(apiserver_request_total, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(apiserver_request_total{job=\"apiserver\", cluster=\"$cluster\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / API server", + "uid": "09ec8aa1e996d6ffcd6817bbaff4db1b", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/cluster-total.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/cluster-total.yaml new file mode 100644 index 000000000..e446089a6 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/cluster-total.yaml @@ -0,0 +1,1882 @@ +{{- /* +Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "cluster-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + cluster-total.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "columns": [ + { + "text": "Time", + "value": "Time" + }, + { + "text": "Value #A", + "value": "Value #A" + }, + { + "text": "Value #B", + "value": "Value #B" + }, + { + "text": "Value #C", + "value": "Value #C" + }, + { + "text": "Value #D", + "value": "Value #D" + }, + { + "text": "Value #E", + "value": "Value #E" + }, + { + "text": "Value #F", + "value": "Value #F" + }, + { + "text": "Value #G", + "value": "Value #G" + }, + { + "text": "Value #H", + "value": "Value #H" + }, + { + "text": "namespace", + "value": "namespace" + } + ], + "datasource": "$datasource", + "fill": 1, + "fontSize": "90%", + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null as zero", + "renderer": "flot", + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": false + }, + "spaceLength": 10, + "span": 24, + "styles": [ + { + "alias": "Time", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Time", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Current Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "d/8b7a8b326d7a6f1f04244066368c67af/kubernetes-networking-namespace-pods?orgId=1&refresh=30s&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Status", + "type": "table" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 6, + "panels": [ + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 11 + }, + "id": 9, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth History", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 12 + }, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 11, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 12, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 13, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 15, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 50 + }, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 59 + }, + "id": 17, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 59 + }, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "targetBlank": true, + "title": "What is TCP Retransmit?", + "url": "https://accedian.com/enterprises/blog/network-packet-loss-retransmissions-and-duplicate-acknowledgements/" + } + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of TCP Retransmits out of all sent segments", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 59 + }, + "id": 19, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "targetBlank": true, + "title": "Why monitor SYN retransmits?", + "url": "https://github.com/prometheus/node_exporter/issues/1023#issuecomment-408128365" + } + ], + "minSpan": 24, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of TCP SYN Retransmits out of all retransmits", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Cluster", + "uid": "ff635a025bcfea7bc3dd4f508990a3e9", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/controller-manager.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/controller-manager.yaml new file mode 100644 index 000000000..ec7d03b7d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/controller-manager.yaml @@ -0,0 +1,1183 @@ +{{- /* +Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeControllerManager.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "controller-manager" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + controller-manager.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + {{- if .Values.k3sServer.enabled }} + "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", metrics_path=\"/metrics\"})", + {{- else }} + "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"})", + {{- end }} + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Add Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, name)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Depth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, name, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Work Queue Latency", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Kube API Request Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Post Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Get Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Controller Manager", + "uid": "72e0e05bef5099e5f049b05fdc429ed4", + "version": 0 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/etcd.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/etcd.yaml new file mode 100644 index 000000000..282cadafe --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/etcd.yaml @@ -0,0 +1,1118 @@ +{{- /* +Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/website/master/content/en/docs/v3.4/op-guide/grafana.json +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeEtcd.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + etcd.json: |- + { + "annotations": { + "list": [] + }, + "description": "etcd sample Grafana dashboard with Prometheus", + "editable": true, + "gnetId": null, + "hideControls": false, + "id": 6, + "links": [], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": "$datasource", + "editable": true, + "error": false, + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "id": 28, + "interval": null, + "isNew": true, + "links": [], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "targets": [ + { + "expr": "sum(etcd_server_has_leader{job=\"$cluster\"})", + "intervalFactor": 2, + "legendFormat": "", + "metric": "etcd_server_has_leader", + "refId": "A", + "step": 20 + } + ], + "thresholds": "", + "title": "Up", + "type": "singlestat", + "valueFontSize": "200%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "avg" + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 23, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(grpc_server_started_total{job=\"$cluster\",grpc_type=\"unary\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RPC Rate", + "metric": "grpc_server_started_total", + "refId": "A", + "step": 2 + }, + { + "expr": "sum(rate(grpc_server_handled_total{job=\"$cluster\",grpc_type=\"unary\",grpc_code!=\"OK\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "RPC Failed Rate", + "metric": "grpc_server_handled_total", + "refId": "B", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 41, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", + "intervalFactor": 2, + "legendFormat": "Watch Streams", + "metric": "grpc_server_handled_total", + "refId": "A", + "step": 4 + }, + { + "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", + "intervalFactor": 2, + "legendFormat": "Lease Streams", + "metric": "grpc_server_handled_total", + "refId": "B", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Active Streams", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "showTitle": false, + "title": "Row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": null, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "etcd_mvcc_db_total_size_in_bytes{job=\"$cluster\"}", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} DB Size", + "metric": "", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "DB Size", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 1, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": true, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} WAL fsync", + "metric": "etcd_disk_wal_fsync_duration_seconds_bucket", + "refId": "A", + "step": 4 + }, + { + "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=\"$cluster\"}[5m])) by (instance, le))", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} DB fsync", + "metric": "etcd_disk_backend_commit_duration_seconds_bucket", + "refId": "B", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Disk Sync Duration", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 29, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{job=\"$cluster\"}", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Resident Memory", + "metric": "process_resident_memory_bytes", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 5, + "id": 22, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(etcd_network_client_grpc_received_bytes_total{job=\"$cluster\"}[5m])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic In", + "metric": "etcd_network_client_grpc_received_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Client Traffic In", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 5, + "id": 21, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(etcd_network_client_grpc_sent_bytes_total{job=\"$cluster\"}[5m])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic Out", + "metric": "etcd_network_client_grpc_sent_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Client Traffic Out", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 20, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_peer_received_bytes_total{job=\"$cluster\"}[5m])) by (instance)", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic In", + "metric": "etcd_network_peer_received_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Peer Traffic In", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": null, + "editable": true, + "error": false, + "fill": 0, + "grid": {}, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_network_peer_sent_bytes_total{job=\"$cluster\"}[5m])) by (instance)", + "hide": false, + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic Out", + "metric": "etcd_network_peer_sent_bytes_total", + "refId": "A", + "step": 4 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Peer Traffic Out", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + }, + { + "collapse": false, + "editable": true, + "height": "250px", + "panels": [ + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fill": 0, + "id": 40, + "isNew": true, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(etcd_server_proposals_failed_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Failure Rate", + "metric": "etcd_server_proposals_failed_total", + "refId": "A", + "step": 2 + }, + { + "expr": "sum(etcd_server_proposals_pending{job=\"$cluster\"})", + "intervalFactor": 2, + "legendFormat": "Proposal Pending Total", + "metric": "etcd_server_proposals_pending", + "refId": "B", + "step": 2 + }, + { + "expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Commit Rate", + "metric": "etcd_server_proposals_committed_total", + "refId": "C", + "step": 2 + }, + { + "expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$cluster\"}[5m]))", + "intervalFactor": 2, + "legendFormat": "Proposal Apply Rate", + "refId": "D", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Raft Proposals", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": {}, + "bars": false, + "datasource": "$datasource", + "decimals": 0, + "editable": true, + "error": false, + "fill": 0, + "id": 19, + "isNew": true, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "changes(etcd_server_leader_changes_seen_total{job=\"$cluster\"}[1d])", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Total Leader Elections Per Day", + "metric": "etcd_server_leader_changes_seen_total", + "refId": "A", + "step": 2 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Total Leader Elections Per Day", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "title": "New row" + } + ], + "schemaVersion": 13, + "sharedCrosshair": false, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [], + "query": "label_values(etcd_server_has_leader, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": { + "now": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "etcd", + "version": 215 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-coredns.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-coredns.yaml new file mode 100644 index 000000000..def05e216 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-coredns.yaml @@ -0,0 +1,1531 @@ +{{- /* Added manually, can be changed in-place. */ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-coredns.json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "A dashboard for the CoreDNS DNS server with updated metrics for version 1.7.0+. Based on the CoreDNS dashboard by buhay.", + "editable": true, + "gnetId": 12539, + "graphTooltip": 0, + "iteration": 1603798405693, + "links": [ + { + "icon": "external link", + "tags": [], + "targetBlank": true, + "title": "CoreDNS.io", + "type": "link", + "url": "https://coredns.io" + } + ], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) by (proto) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (proto)", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}", + "refId": "A", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (total)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 0 + }, + "hiddenSeries": false, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + }, + { + "alias": "other", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_type_count_total{instance=~\"$instance\"}[5m])) by (type) or \nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (type)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{type}}"}}", + "refId": "A", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (by qtype)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 0 + }, + "hiddenSeries": false, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) by (zone) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m])) by (zone)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{zone}}"}}", + "refId": "A", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (by zone)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 7 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "total", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_request_do_count_total{instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_do_requests_total{instance=~\"$instance\"}[5m]))", + "interval": "", + "intervalFactor": 2, + "legendFormat": "DO", + "refId": "A", + "step": 40 + }, + { + "expr": "sum(rate(coredns_dns_request_count_total{instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_requests_total{instance=~\"$instance\"}[5m]))", + "interval": "", + "intervalFactor": 2, + "legendFormat": "total", + "refId": "B", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (DO bit)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 7 + }, + "hiddenSeries": false, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "tcp:90", + "yaxis": 2 + }, + { + "alias": "tcp:99 ", + "yaxis": 2 + }, + { + "alias": "tcp:50", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99 ", + "refId": "A", + "step": 60 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90", + "refId": "B", + "step": 60 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50", + "refId": "C", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (size, udp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 7 + }, + "hiddenSeries": false, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "tcp:90", + "yaxis": 1 + }, + { + "alias": "tcp:99 ", + "yaxis": 1 + }, + { + "alias": "tcp:50", + "yaxis": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99 ", + "refId": "A", + "step": 60 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90", + "refId": "B", + "step": 60 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50", + "refId": "C", + "step": 60 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Requests (size,tcp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_dns_response_rcode_count_total{instance=~\"$instance\"}[5m])) by (rcode) or\nsum(rate(coredns_dns_responses_total{instance=~\"$instance\"}[5m])) by (rcode)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{rcode}}"}}", + "refId": "A", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (by rcode)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 14 + }, + "hiddenSeries": false, + "id": 32, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le, job))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "99%", + "refId": "A", + "step": 40 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "90%", + "refId": "B", + "step": 40 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_duration_seconds_bucket{instance=~\"$instance\"}[5m])) by (le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "50%", + "refId": "C", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (duration)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "s", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 21 + }, + "hiddenSeries": false, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "udp:50%", + "yaxis": 1 + }, + { + "alias": "tcp:50%", + "yaxis": 2 + }, + { + "alias": "tcp:90%", + "yaxis": 2 + }, + { + "alias": "tcp:99%", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99%", + "refId": "A", + "step": 40 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90%", + "refId": "B", + "step": 40 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50%", + "metric": "", + "refId": "C", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (size, udp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 21 + }, + "hiddenSeries": false, + "id": 20, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "udp:50%", + "yaxis": 1 + }, + { + "alias": "tcp:50%", + "yaxis": 1 + }, + { + "alias": "tcp:90%", + "yaxis": 1 + }, + { + "alias": "tcp:99%", + "yaxis": 1 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:99%", + "refId": "A", + "step": 40 + }, + { + "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:90%", + "refId": "B", + "step": 40 + }, + { + "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le, proto)) ", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{"{{proto}}"}}:50%", + "metric": "", + "refId": "C", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Responses (size, tcp)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 28 + }, + "hiddenSeries": false, + "id": 22, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(coredns_cache_size{instance=~\"$instance\"}) by (type) or\nsum(coredns_cache_entries{instance=~\"$instance\"}) by (type)", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{"{{type}}"}}", + "refId": "A", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cache (size)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "decbytes", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "links": [] + }, + "overrides": [] + }, + "fill": 1, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 28 + }, + "hiddenSeries": false, + "id": 24, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "connected", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "7.2.0", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "misses", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(coredns_cache_hits_total{instance=~\"$instance\"}[5m])) by (type)", + "hide": false, + "intervalFactor": 2, + "legendFormat": "hits:{{"{{type}}"}}", + "refId": "A", + "step": 40 + }, + { + "expr": "sum(rate(coredns_cache_misses_total{instance=~\"$instance\"}[5m])) by (type)", + "hide": false, + "intervalFactor": 2, + "legendFormat": "misses", + "refId": "B", + "step": 40 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Cache (hitrate)", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": "10s", + "schemaVersion": 26, + "style": "dark", + "tags": [ + "dns", + "coredns" + ], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "default", + "value": "default" + }, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "definition": "label_values(up{job=\"coredns\"}, instance)", + "hide": 0, + "includeAll": true, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": "label_values(up{job=\"coredns\"}, instance)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 3, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "utc", + "title": "CoreDNS", + "uid": "vkQ0UHxik", + "version": 2 + } +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml new file mode 100644 index 000000000..526fb5872 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml @@ -0,0 +1,3024 @@ +{{- /* +Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-cluster.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "100px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 1, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - avg(rate(node_cpu_seconds_total{mode=\"idle\", cluster=\"$cluster\"}[$__rate_interval]))", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Requests Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) / sum(kube_node_status_allocatable{resource=\"cpu\",cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Limits Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Requests Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 2, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) / sum(kube_node_status_allocatable{resource=\"memory\",cluster=\"$cluster\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Limits Commitment", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Headlines", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workloads", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to workloads", + "linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(kube_pod_owner{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\"}) by (namespace) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"cpu\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workloads", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to workloads", + "linkUrl": "./d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(kube_pod_owner{cluster=\"$cluster\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", resource=\"memory\"}) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Requests by Namespace", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Requests", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 11, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Network Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Namespace: Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Namespace: Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Container Bandwidth by Namespace", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 17, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rate of Packets", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 19, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rate of Packets Dropped", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 20, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS(Reads+Writes)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 21, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}namespace{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut(Read+Write)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 22, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "sort": { + "col": 4, + "desc": true + }, + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "IOPS(Reads)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Reads + Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Throughput(Read)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Read + Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Namespace", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", + "pattern": "namespace", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Storage IO", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(node_cpu_seconds_total, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Cluster", + "uid": "efa86fd1d0c121a26444b636a3f509a8", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml new file mode 100644 index 000000000..1c02a40bf --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml @@ -0,0 +1,2744 @@ +{{- /* +Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-namespace.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "100px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation (from requests)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation (from limits)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation (from requests)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "format": "percentunit", + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})", + "format": "time_series", + "instant": true, + "intervalFactor": 2, + "refId": "A" + } + ], + "thresholds": "70,80", + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation (from limits)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "singlestat", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Headlines", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hiddenSeries": true, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hiddenSeries": true, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hiddenSeries": true, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hiddenSeries": true, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 9, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Network Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rate of Packets", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rate of Packets Dropped", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS(Reads+Writes)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 17, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut(Read+Write)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "sort": { + "col": 4, + "desc": true + }, + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "IOPS(Reads)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Reads + Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Throughput(Read)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Read + Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Storage IO", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Namespace (Pods)", + "uid": "85a562078cdf77779eaa1add43ccec1e", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-node.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-node.yaml new file mode 100644 index 000000000..cd4eca510 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-node.yaml @@ -0,0 +1,978 @@ +{{- /* +Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-node" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-node.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\", container!=\"\"}) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (w/o cache)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_cache{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_memory_swap{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": true, + "name": "node", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, node)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Node (Pods)", + "uid": "200ac8fdbfbb74b39aff88118e4d1c2c", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml new file mode 100644 index 000000000..88ac3d5c0 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml @@ -0,0 +1,2427 @@ +{{- /* +Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-pod.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "requests", + "color": "#F2495C", + "fill": 0, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + }, + { + "alias": "limits", + "color": "#FF9830", + "fill": 0, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}) by (container)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": true, + "max": true, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(increase(container_cpu_cfs_throttled_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container) /sum(increase(container_cpu_cfs_periods_total{namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[5m])) by (container)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 0.25, + "yaxis": "left" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Throttling", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Throttling", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + }, + { + "alias": "limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage (WSS)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage (WSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Usage (RSS)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Cache)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Usage (Swap)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(container_memory_rss{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sum(container_memory_cache{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sum(container_memory_swap{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rate of Packets", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rate of Packets Dropped", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Reads", + "legendLink": null, + "step": 10 + }, + { + "expr": "ceil(sum by(pod) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Writes", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Reads", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by(pod) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Writes", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution(Pod - Read & Writes)", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "decimals": -1, + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "ceil(sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "IOPS(Reads+Writes)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}container{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "ThroughPut(Read+Write)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution(Containers)", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "sort": { + "col": 4, + "desc": true + }, + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "IOPS(Reads)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "IOPS(Reads + Writes)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": -1, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Throughput(Read)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Throughput(Read + Write)", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Container", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "container", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_reads_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum by(container) (rate(container_fs_reads_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]) + rate(container_fs_writes_bytes_total{container!=\"\", cluster=\"$cluster\",namespace=~\"$namespace\", pod=\"$pod\"}[5m]))", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Storage IO", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage IO - Distribution", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\", namespace=\"$namespace\"}, pod)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Pod", + "uid": "6581e46e4e5c7ba40a07646395ef7b23", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml new file mode 100644 index 000000000..1b1bb7e99 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml @@ -0,0 +1,1986 @@ +{{- /* +Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-workload.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Network Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Pod: Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Pod: Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Container Bandwidth by Pod", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rate of Packets", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rate of Packets Dropped", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\"}, workload_type)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Workload", + "uid": "a164a7f0339f99e89cea5cb47e9be617", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml new file mode 100644 index 000000000..fe33c10c8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml @@ -0,0 +1,2151 @@ +{{- /* +Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + k8s-resources-workloads-namespace.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hiddenSeries": true, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hiddenSeries": true, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Running Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "quota - requests", + "color": "#F2495C", + "dashes": true, + "fill": 0, + "hiddenSeries": true, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + }, + { + "alias": "quota - limits", + "color": "#FF9830", + "dashes": true, + "fill": 0, + "hiddenSeries": true, + "hideTooltip": true, + "legend": true, + "linewidth": 2, + "stack": false + } + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "legendLink": null, + "step": 10 + }, + { + "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Running Pods", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 0, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory Quota", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "interval": "1m", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Current Receive Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Transmit Bandwidth", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTargetBlank": false, + "linkTooltip": "Drill down to pods", + "linkUrl": "./d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$type", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Workload Type", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "workload_type", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Network Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Network Usage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Workload: Received", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Container Bandwidth by Workload: Transmitted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Container Bandwidth by Workload", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rate of Packets", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=~\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rate of Packets Dropped", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Compute Resources / Namespace (Workloads)", + "uid": "a87fb0d919ec0ea5f6543124e16c42a5", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/kubelet.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/kubelet.yaml new file mode 100644 index 000000000..b70e71919 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/kubelet.yaml @@ -0,0 +1,2535 @@ +{{- /* +Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubelet.enabled" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "kubelet" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + kubelet.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kubelet_node_name{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Running Kubelets", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Running Pods", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Running Container", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Actual Volume Count", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 6, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Desired Volume Count", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 7, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": "", + "title": "Config Error Count", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (operation_type, instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation Error Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_type, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Operation duration 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} pod", + "refId": "A" + }, + { + "expr": "sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} worker", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pod Start Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} pod", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} worker", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pod Start Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 13, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Error Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 15, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_name, volume_plugin, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Storage Operation Duration 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 16, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Cgroup manager operation rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 17, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, operation_type, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Cgroup manager 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Pod lifecycle event generator", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 18, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 19, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist interval", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 20, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "PLEG relist duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 21, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "RPC Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 22, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[5m])) by (instance, verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Request duration 99th quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 23, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 24, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 25, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(kubelet_runtime_operations_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Kubelet", + "uid": "3138fa155d5915769fbded898ac09fd9", + "version": 0 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/namespace-by-pod.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/namespace-by-pod.yaml new file mode 100644 index 000000000..e7ba03056 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/namespace-by-pod.yaml @@ -0,0 +1,1464 @@ +{{- /* +Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-pod" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + namespace-by-pod.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "height": 9, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "height": 9, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "columns": [ + { + "text": "Time", + "value": "Time" + }, + { + "text": "Value #A", + "value": "Value #A" + }, + { + "text": "Value #B", + "value": "Value #B" + }, + { + "text": "Value #C", + "value": "Value #C" + }, + { + "text": "Value #D", + "value": "Value #D" + }, + { + "text": "Value #E", + "value": "Value #E" + }, + { + "text": "Value #F", + "value": "Value #F" + }, + { + "text": "pod", + "value": "pod" + } + ], + "datasource": "$datasource", + "fill": 1, + "fontSize": "100%", + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null as zero", + "renderer": "flot", + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": false + }, + "spaceLength": 10, + "span": 24, + "styles": [ + { + "alias": "Time", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Time", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "d/7a18067ce943a40ae25454675c19ff5c/kubernetes-networking-pod?orgId=1&refresh=30s&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Status", + "type": "table" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 6, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 20 + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 20 + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 9, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 30 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 30 + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 12, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 40 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 40 + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Namespace (Pods)", + "uid": "8b7a8b326d7a6f1f04244066368c67af", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/namespace-by-workload.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/namespace-by-workload.yaml new file mode 100644 index 000000000..00b8fc73e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/namespace-by-workload.yaml @@ -0,0 +1,1736 @@ +{{- /* +Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-workload" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + namespace-by-workload.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "columns": [ + { + "text": "Time", + "value": "Time" + }, + { + "text": "Value #A", + "value": "Value #A" + }, + { + "text": "Value #B", + "value": "Value #B" + }, + { + "text": "Value #C", + "value": "Value #C" + }, + { + "text": "Value #D", + "value": "Value #D" + }, + { + "text": "Value #E", + "value": "Value #E" + }, + { + "text": "Value #F", + "value": "Value #F" + }, + { + "text": "Value #G", + "value": "Value #G" + }, + { + "text": "Value #H", + "value": "Value #H" + }, + { + "text": "workload", + "value": "workload" + } + ], + "datasource": "$datasource", + "fill": 1, + "fontSize": "90%", + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null as zero", + "renderer": "flot", + "scroll": true, + "showHeader": true, + "sort": { + "col": 0, + "desc": false + }, + "spaceLength": 10, + "span": 24, + "styles": [ + { + "alias": "Time", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Time", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Current Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Current Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Received", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Average Bandwidth Transmitted", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [ + + ], + "type": "number", + "unit": "Bps" + }, + { + "alias": "Rate of Received Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #F", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Received Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #G", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Rate of Transmitted Packets Dropped", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #H", + "thresholds": [ + + ], + "type": "number", + "unit": "pps" + }, + { + "alias": "Workload", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "d/728bf77cc1166d2f3133bf25846876cc/kubernetes-networking-workload?orgId=1&refresh=30s&var-namespace=$namespace&var-type=$type&var-workload=$__cell", + "pattern": "workload", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "F", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "G", + "step": 10 + }, + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "H", + "step": 10 + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Status", + "type": "table" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 6, + "panels": [ + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 20 + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 20 + }, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} workload {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 9, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth HIstory", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 38 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 38 + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 39 + }, + "id": 12, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 40 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 40 + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 15, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 41 + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 41 + }, + "id": 17, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}workload{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\".+\"}, workload_type)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Namespace (Workload)", + "uid": "bbb2a765a623ae38130206c7d94a160f", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml new file mode 100644 index 000000000..4d4d80725 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml @@ -0,0 +1,964 @@ +{{- /* +Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + node-cluster-rsrc-use.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n instance:node_cpu_utilisation:rate5m{job=\"node-exporter\"}\n*\n instance:node_num_cpu:sum{job=\"node-exporter\"}\n)\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\"}\n/ scalar(count(instance:node_load1_per_cpu:ratio{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (load1 per CPU)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\"}\n/ scalar(count(instance:node_memory_utilisation:ratio{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Major Page Faults)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "rps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/ Receive/", + "stack": "A" + }, + { + "alias": "/ Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Receive", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + }, + { + "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Utilisation (Bytes Receive/Transmit)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/ Receive/", + "stack": "A" + }, + { + "alias": "/ Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Receive", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + }, + { + "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Saturation (Drops Receive/Transmit)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "rps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Network", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\"}\n/ scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\"}))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum without (device) (\n max without (fstype, mountpoint) (\n node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\"} - node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\"}\n )\n) \n/ scalar(sum(max without (fstype, mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\"})))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "legendLink": "/dashboard/file/node-rsrc-use.json", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk Space", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "USE Method / Cluster", + "uid": "", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/node-rsrc-use.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/node-rsrc-use.yaml new file mode 100644 index 000000000..ddf651652 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/node-rsrc-use.yaml @@ -0,0 +1,991 @@ +{{- /* +Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-rsrc-use" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + node-rsrc-use.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Utilisation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Saturation", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Saturation (Load1 per CPU)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "CPU", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\", job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Memory", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Major page faults", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Saturation (Major Page Faults)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Memory", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Receive/", + "stack": "A" + }, + { + "alias": "/Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Receive", + "legendLink": null, + "step": 10 + }, + { + "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Transmit", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Utilisation (Bytes Receive/Transmit)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Receive/", + "stack": "A" + }, + { + "alias": "/Transmit/", + "stack": "B", + "transform": "negative-Y" + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Receive drops", + "legendLink": null, + "step": 10 + }, + { + "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Transmit drops", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Net Saturation (Drops Receive/Transmit)", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "rps", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Net", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk IO Saturation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk IO", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": false, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "1 -\n(\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\"})\n/\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\"})\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Utilisation", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Disk Space", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": "prod", + "value": "prod" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "instance", + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(up{job=\"node-exporter\"}, instance)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "USE Method / Node", + "uid": "", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/nodes.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/nodes.yaml new file mode 100644 index 000000000..571b5dae7 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/nodes.yaml @@ -0,0 +1,991 @@ +{{- /* +Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + nodes.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n (1 - rate(node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"}[$__rate_interval]))\n/ ignoring(cpu) group_left\n count without (cpu)( node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n", + "format": "time_series", + "intervalFactor": 5, + "legendFormat": "{{`{{`}}cpu{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + }, + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": 1, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "node_load1{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "1m load average", + "refId": "A" + }, + { + "expr": "node_load5{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5m load average", + "refId": "B" + }, + { + "expr": "node_load15{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "15m load average", + "refId": "C" + }, + { + "expr": "count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "logical cores", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Load Average", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory used", + "refId": "A" + }, + { + "expr": "node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory buffers", + "refId": "B" + }, + { + "expr": "node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory cached", + "refId": "C" + }, + { + "expr": "node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "memory free", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "100 -\n(\n avg(node_memory_MemAvailable_bytes{job=\"node-exporter\", instance=\"$instance\"})\n/\n avg(node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"})\n* 100\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Memory Usage", + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "/ read| written/", + "yaxis": 1 + }, + { + "alias": "/ io time/", + "yaxis": 2 + } + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__rate_interval])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}} read", + "refId": "A" + }, + { + "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__rate_interval])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}} written", + "refId": "B" + }, + { + "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+\"}[$__rate_interval])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}} io time", + "refId": "C" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk I/O", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + { + "alias": "used", + "color": "#E0B400" + }, + { + "alias": "available", + "color": "#73BF69" + } + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n max by (device) (\n node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n -\n node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n )\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "used", + "refId": "A" + }, + { + "expr": "sum(\n max by (device) (\n node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"}\n )\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "available", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Disk Space Usage", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Received", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}device{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Transmitted", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(node_exporter_build_info{job=\"node-exporter\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Nodes", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml new file mode 100644 index 000000000..191e5a860 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml @@ -0,0 +1,577 @@ +{{- /* +Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + persistentvolumesusage.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Used Space", + "refId": "A" + }, + { + "expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Free Space", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Volume Space Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max without(instance,node) (\n(\n topk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n topk(1, kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n/\ntopk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Volume Space Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": true, + "current": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 9, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "Used inodes", + "refId": "A" + }, + { + "expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": " Free inodes", + "refId": "B" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Volume inodes Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "rgba(50, 172, 45, 0.97)", + "rgba(237, 129, 40, 0.89)", + "rgba(245, 54, 54, 0.9)" + ], + "datasource": "$datasource", + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": true, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max without(instance,node) (\ntopk(1, kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n/\ntopk(1, kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "80, 90", + "title": "Volume inodes Usage", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "PersistentVolumeClaim", + "multi": false, + "name": "volume", + "options": [ + + ], + "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\"}, persistentvolumeclaim)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Persistent Volumes", + "uid": "919b92a8e8041bd567af9edab12c840c", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/pod-total.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/pod-total.yaml new file mode 100644 index 000000000..bf992338f --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/pod-total.yaml @@ -0,0 +1,1228 @@ +{{- /* +Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pod-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + pod-total.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "height": 9, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace: $pod", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "decimals": 0, + "format": "time_series", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "height": 9, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "minSpan": 12, + "nullPointMode": "connected", + "nullText": null, + "options": { + "fieldOptions": { + "calcs": [ + "last" + ], + "defaults": { + "max": 10000000000, + "min": 0, + "title": "$namespace: $pod", + "unit": "Bps" + }, + "mappings": [ + + ], + "override": { + + }, + "thresholds": [ + { + "color": "dark-green", + "index": 0, + "value": null + }, + { + "color": "dark-yellow", + "index": 1, + "value": 5000000000 + }, + { + "color": "dark-red", + "index": 2, + "value": 7000000000 + } + ], + "values": false + } + }, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 12, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", + "format": "time_series", + "instant": null, + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "type": "gauge", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "current" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 20 + }, + "id": 8, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 21 + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 21 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 11, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 32 + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 32 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "pod", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Pod", + "uid": "7a18067ce943a40ae25454675c19ff5c", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml new file mode 100644 index 000000000..da3343683 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml @@ -0,0 +1,1670 @@ +{{- /* +Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.prometheus.prometheusSpec.remoteWriteDashboards }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus-remote-write" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + prometheus-remote-write.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "60s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 2, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) (prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} != 0)\n)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Highest Timestamp In vs. Highest Timestamp Sent", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "clamp_min(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n, 0)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate[5m]", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Timestamps", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n- \n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate, in vs. succeeded or dropped [5m]", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Samples", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "minSpan": 6, + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards_max{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Max Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards_min{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Min Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shards_desired{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Desired Shards", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Shards", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_shard_capacity{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Shard Capacity", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Pending Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Shard Details", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_wal_segment_current{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "TSDB Current Segment", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_wal_watcher_current_segment{cluster=~\"$cluster\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}consumer{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Remote Write Current Segment", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "none", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Segments", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Dropped Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 14, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Failed Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 15, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Retried Samples", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_remote_storage_enqueue_retries_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Enqueue Retries", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Misc. Rates", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "prometheus-mixin" + ], + "templating": { + "list": [ + { + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + "text": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "value": { + "selected": true, + "text": "All", + "value": "$__all" + } + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(prometheus_build_info, instance)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "value": { + "selected": true, + "text": "All", + "value": "$__all" + } + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": true, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_container_info{image=~\".*prometheus.*\"}, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "url", + "options": [ + + ], + "query": "label_values(prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}, url)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Prometheus / Remote Write", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/prometheus.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/prometheus.yaml new file mode 100644 index 000000000..e2cdd50b7 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/prometheus.yaml @@ -0,0 +1,1227 @@ +{{- /* +Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + prometheus.json: |- + { + "annotations": { + "list": [ + + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ + + ], + "refresh": "60s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Count", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [ + + ], + "type": "hidden", + "unit": "short" + }, + { + "alias": "Uptime", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Instance", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "instance", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Job", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "job", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "Version", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTargetBlank": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "version", + "thresholds": [ + + ], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + + ], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [ + + ], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "count by (job, instance, version) (prometheus_build_info{job=~\"$job\", instance=~\"$instance\"})", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "max by (job, instance) (time() - process_start_time_seconds{job=~\"$job\", instance=~\"$instance\"})", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Prometheus Stats", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Prometheus Stats", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(prometheus_target_sync_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m])) by (scrape_job) * 1e3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}scrape_job{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Target Sync", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum(prometheus_sd_discovered_targets{job=~\"$job\",instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Targets", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Targets", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Discovery", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_target_interval_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m]) / rate(prometheus_target_interval_length_seconds_count{job=~\"$job\",instance=~\"$instance\"}[5m]) * 1e3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}interval{{`}}`}} configured", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Scrape Interval Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_sample_limit_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "exceeded sample limit: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "duplicate timestamp: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_bounds_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "out of bounds: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_order_total[1m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "out of order: {{`{{`}}job{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Scrape failures", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_tsdb_head_samples_appended_total{job=~\"$job\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Appended Samples", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Retrieval", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_head_series{job=~\"$job\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head series", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Head Series", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "prometheus_tsdb_head_chunks{job=~\"$job\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head chunks", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Head Chunks", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Storage", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "rate(prometheus_engine_query_duration_seconds_count{job=~\"$job\",instance=~\"$instance\",slice=\"inner_eval\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Query Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "max by (slice) (prometheus_engine_query_duration_seconds{quantile=\"0.9\",job=~\"$job\",instance=~\"$instance\"}) * 1e3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}slice{{`}}`}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Stage Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ms", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Query", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "prometheus-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": ".+", + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "job", + "multi": true, + "name": "job", + "options": [ + + ], + "query": "label_values(prometheus_build_info, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "instance", + "multi": true, + "name": "instance", + "options": [ + + ], + "query": "label_values(prometheus_build_info, instance)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "Prometheus / Overview", + "uid": "", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/proxy.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/proxy.yaml new file mode 100644 index 000000000..074103aa6 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/proxy.yaml @@ -0,0 +1,1262 @@ +{{- /* +Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeProxy.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "proxy" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + proxy.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + {{- if .Values.k3sServer.enabled }} + "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", metrics_path=\"/metrics\"})", + {{- else }} + "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\"})", + {{- end }} + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "rate", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rules Sync Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rule Sync Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "rate", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Programming Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Network Programming Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Kube API Request Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\",verb=\"POST\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Post Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Get Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 11, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Proxy", + "uid": "632e265de029684c40b21cb76bca4f94", + "version": 0 + } +{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/scheduler.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/scheduler.yaml new file mode 100644 index 000000000..4fe743253 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/scheduler.yaml @@ -0,0 +1,1106 @@ +{{- /* +Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "scheduler" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + scheduler.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 2, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + {{- if .Values.k3sServer.enabled }} + "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", metrics_path=\"/metrics\"})", + {{- else }} + "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\"})", + {{- end }} + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Up", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "N/A", + "value": "null" + } + ], + "valueName": "min" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} e2e", + "refId": "A" + }, + { + "expr": "sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} binding", + "refId": "B" + }, + { + "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} scheduling algorithm", + "refId": "C" + }, + { + "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])) by (instance)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} volume", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Scheduling Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 5, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} e2e", + "refId": "A" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} binding", + "refId": "B" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} scheduling algorithm", + "refId": "C" + }, + { + "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[5m])) by (instance, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}} volume", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Scheduling latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 5, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "2xx", + "refId": "A" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "3xx", + "refId": "B" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "4xx", + "refId": "C" + }, + { + "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[5m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "5xx", + "refId": "D" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Kube API Request Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "ops", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 6, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 8, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\", verb=\"POST\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Post Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[5m])) by (verb, url, le))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Get Request Latency 99th Quantile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 8, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Memory", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[5m])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "CPU usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{`{{`}}instance{{`}}`}}", + "refId": "A" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "instance", + "options": [ + + ], + "query": "label_values(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\"}, instance)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Scheduler", + "uid": "2e6b6a3b4bddf1427b3a55aa1311c656", + "version": 0 + } +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/statefulset.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/statefulset.yaml new file mode 100644 index 000000000..edc722d21 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/statefulset.yaml @@ -0,0 +1,928 @@ +{{- /* +Generated from 'statefulset' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "statefulset" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + statefulset.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + + ] + }, + "editable": false, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "refresh": "", + "rows": [ + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 2, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "cores", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(container_cpu_usage_seconds_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "CPU", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 3, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "GB", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(container_memory_usage_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}) / 1024^3", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Memory", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 4, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "Bps", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 4, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "lineColor": "rgb(31, 120, 193)", + "show": true + }, + "tableColumn": "", + "targets": [ + { + "expr": "sum(rate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$statefulset.*\"}[3m])) + sum(rate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",pod=~\"$statefulset.*\"}[3m]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Network", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "height": "100px", + "panels": [ + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 5, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Desired Replicas", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 6, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Replicas of current version", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 7, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_status_observed_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", statefulset=\"$statefulset\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Observed Generation", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + }, + { + "cacheTimeout": null, + "colorBackground": false, + "colorValue": false, + "colors": [ + "#299c46", + "rgba(237, 129, 40, 0.89)", + "#d44a3a" + ], + "datasource": "$datasource", + "format": "none", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + + }, + "id": 8, + "interval": null, + "links": [ + + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "nullText": null, + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "50%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "span": 3, + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "show": false + }, + "tableColumn": "", + "targets": [ + { + "expr": "max(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "thresholds": "", + "title": "Metadata Generation", + "tooltip": { + "shared": false + }, + "type": "singlestat", + "valueFontSize": "80%", + "valueMaps": [ + { + "op": "=", + "text": "0", + "value": "null" + } + ], + "valueName": "current" + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fillGradient": 0, + "gridPos": { + + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + + ], + "nullPointMode": "null", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max(kube_statefulset_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas specified", + "refId": "A" + }, + { + "expr": "max(kube_statefulset_status_replicas{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas created", + "refId": "B" + }, + { + "expr": "min(kube_statefulset_status_replicas_ready{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "ready", + "refId": "C" + }, + { + "expr": "min(kube_statefulset_status_replicas_current{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "replicas of current version", + "refId": "D" + }, + { + "expr": "min(kube_statefulset_status_replicas_updated{job=\"kube-state-metrics\", statefulset=\"$statefulset\", cluster=\"$cluster\", namespace=\"$namespace\"}) without (instance, pod)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "updated", + "refId": "E" + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Replicas", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": false, + "title": "Dashboard Row", + "titleSize": "h6", + "type": "row" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation, cluster)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": "Name", + "multi": false, + "name": "statefulset", + "options": [ + + ], + "query": "label_values(kube_statefulset_metadata_generation{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, statefulset)", + "refresh": 2, + "regex": "", + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / StatefulSets", + "uid": "a31c1f46e6f727cb37c0d731a7245005", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/workload-total.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/workload-total.yaml new file mode 100644 index 000000000..5d57a2b46 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/dashboards-1.14/workload-total.yaml @@ -0,0 +1,1438 @@ +{{- /* +Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/grafana-dashboardDefinitions.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "workload-total" | trunc 63 | trimSuffix "-" }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: + workload-total.json: |- + { + "__inputs": [ + + ], + "__requires": [ + + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "id": null, + "links": [ + + ], + "panels": [ + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Current Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 3, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 4, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Current Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "panels": [ + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 6, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Received", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 7, + "legend": { + "alignAsTable": true, + "avg": false, + "current": true, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "sideWidth": null, + "sort": "current", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 1, + "links": [ + + ], + "minSpan": 24, + "nullPointMode": "null", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 24, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}} pod {{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Average Rate of Bytes Transmitted", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "series", + "name": null, + "show": false, + "values": [ + "current" + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Average Bandwidth", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": false, + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 11 + }, + "id": 8, + "panels": [ + + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bandwidth HIstory", + "titleSize": "h6", + "type": "row" + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 12 + }, + "id": 9, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Receive Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 12 + }, + "id": 10, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Transmit Bandwidth", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "Bps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 11, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 22 + }, + "id": 12, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 22 + }, + "id": 13, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Packets", + "titleSize": "h6", + "type": "row" + }, + { + "collapse": true, + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 22 + }, + "id": 14, + "panels": [ + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 23 + }, + "id": 15, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Received Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + }, + { + "aliasColors": { + + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 2, + "fillGradient": 0, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 23 + }, + "id": 16, + "legend": { + "alignAsTable": false, + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "rightSide": false, + "show": true, + "sideWidth": null, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 2, + "links": [ + + ], + "minSpan": 12, + "nullPointMode": "connected", + "paceLength": 10, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "repeat": null, + "seriesOverrides": [ + + ], + "spaceLength": 10, + "span": 12, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{`{{`}}pod{{`}}`}}", + "refId": "A", + "step": 10 + } + ], + "thresholds": [ + + ], + "timeFrom": null, + "timeShift": null, + "title": "Rate of Transmitted Packets Dropped", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ + + ] + }, + "yaxes": [ + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "pps", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Errors", + "titleSize": "h6", + "type": "row" + } + ], + "refresh": "10s", + "rows": [ + + ], + "schemaVersion": 18, + "style": "dark", + "tags": [ + "kubernetes-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ + + ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "allValue": null, + "current": { + + }, + "datasource": "$datasource", + "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster }}0{{ else }}2{{ end }}, + "includeAll": false, + "label": null, + "multi": false, + "name": "cluster", + "options": [ + + ], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 2, + "regex": "", + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": ".+", + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "hide": 0, + "includeAll": true, + "label": null, + "multi": false, + "name": "namespace", + "options": [ + + ], + "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "", + "value": "" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "workload", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "deployment", + "value": "deployment" + }, + "datasource": "$datasource", + "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "type", + "options": [ + + ], + "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "resolution", + "options": [ + { + "selected": false, + "text": "30s", + "value": "30s" + }, + { + "selected": true, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + } + ], + "query": "30s,5m,1h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [ + + ], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Kubernetes / Networking / Workload", + "uid": "728bf77cc1166d2f3133bf25846876cc", + "version": 0 + } +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/namespaces.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/namespaces.yaml new file mode 100644 index 000000000..39ed210ed --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/namespaces.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled (not .Values.grafana.defaultDashboards.useExistingNamespace) }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.grafana.defaultDashboards.namespace }} + labels: + name: {{ .Values.grafana.defaultDashboards.namespace }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + annotations: +{{- if not .Values.grafana.defaultDashboards.cleanupOnUninstall }} + helm.sh/resource-policy: "keep" +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/servicemonitor.yaml new file mode 100644 index 000000000..1e839d707 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/grafana/servicemonitor.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.grafana.enabled .Values.grafana.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-grafana + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-grafana +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: grafana + app.kubernetes.io/instance: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} + endpoints: + - port: {{ .Values.grafana.service.portName }} + {{- if .Values.grafana.serviceMonitor.interval }} + interval: {{ .Values.grafana.serviceMonitor.interval }} + {{- end }} + path: {{ .Values.grafana.serviceMonitor.path | quote }} +{{- if .Values.grafana.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.grafana.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.grafana.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.grafana.serviceMonitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml new file mode 100644 index 000000000..249af770a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - update +{{- if .Values.global.rbac.pspEnabled }} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} + - apiGroups: ['policy'] +{{- else }} + - apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml new file mode 100644 index 000000000..31fd2def0 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml new file mode 100644 index 000000000..5f886c617 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml @@ -0,0 +1,65 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-create +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +spec: + {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 + ttlSecondsAfterFinished: 0 + {{- end }} + template: + metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create +{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-create +{{- include "kube-prometheus-stack.labels" $ | indent 8 }} + spec: + {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + {{- end }} + containers: + - name: create + {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + {{- else }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }} + {{- end }} + imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }} + args: + - create + - --host={{ template "kube-prometheus-stack.operator.fullname" . }},{{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc + - --namespace={{ template "kube-prometheus-stack.namespace" . }} + - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission + resources: +{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }} + restartPolicy: OnFailure + serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} +{{ toYaml . | indent 8 }} + {{- end }} +{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }} + securityContext: +{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml new file mode 100644 index 000000000..93f5cdb66 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml @@ -0,0 +1,66 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +spec: + {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} + # Alpha feature since k8s 1.12 + ttlSecondsAfterFinished: 0 + {{- end }} + template: + metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch +{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch +{{- include "kube-prometheus-stack.labels" $ | indent 8 }} + spec: + {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} + {{- end }} + containers: + - name: patch + {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} + {{- else }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }} + {{- end }} + imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }} + args: + - patch + - --webhook-name={{ template "kube-prometheus-stack.fullname" . }}-admission + - --namespace={{ template "kube-prometheus-stack.namespace" . }} + - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission + - --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + resources: +{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }} + restartPolicy: OnFailure + serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} +{{ toYaml . | indent 8 }} + {{- end }} +{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }} + securityContext: +{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml new file mode 100644 index 000000000..5834c483c --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml @@ -0,0 +1,54 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" . }}-admission +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml new file mode 100644 index 000000000..d229f76ef --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml new file mode 100644 index 000000000..f4b1fbf0e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml new file mode 100644 index 000000000..a91889b90 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml new file mode 100644 index 000000000..f42e33e0d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +webhooks: + - name: prometheusrulemutate.monitoring.coreos.com + {{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} + failurePolicy: Ignore + {{- else }} + failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + {{- end }} + rules: + - apiGroups: + - monitoring.coreos.com + apiVersions: + - "*" + resources: + - prometheusrules + operations: + - CREATE + - UPDATE + clientConfig: + service: + namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.operator.fullname" $ }} + path: /admission-prometheusrules/mutate + {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} + caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} + {{- end }} + admissionReviewVersions: ["v1", "v1beta1"] + sideEffects: None +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml new file mode 100644 index 000000000..1439ed54e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.prometheusOperator.admissionWebhooks.enabled }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }} + annotations: + certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} + cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-admission +{{- include "kube-prometheus-stack.labels" $ | indent 4 }} +webhooks: + - name: prometheusrulemutate.monitoring.coreos.com + {{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} + failurePolicy: Ignore + {{- else }} + failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} + {{- end }} + rules: + - apiGroups: + - monitoring.coreos.com + apiVersions: + - "*" + resources: + - prometheusrules + operations: + - CREATE + - UPDATE + clientConfig: + service: + namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.operator.fullname" $ }} + path: /admission-prometheusrules/validate + {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} + caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} + {{- end }} + admissionReviewVersions: ["v1", "v1beta1"] + sideEffects: None +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/certmanager.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/certmanager.yaml new file mode 100644 index 000000000..cfd516556 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/certmanager.yaml @@ -0,0 +1,57 @@ +{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}} +{{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}} +# Create a selfsigned Issuer, in order to create a root CA certificate for +# signing webhook serving certificates +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + selfSigned: {} +--- +# Generate a CA Certificate used to sign certificates for the webhook +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert + duration: 43800h0m0s # 5y + issuerRef: + name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer + commonName: "ca.webhook.kube-prometheus-stack" + isCA: true +--- +# Create an Issuer that uses the above generated CA certificate to issue certs +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + ca: + secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert +{{- end }} +--- +# generate a serving certificate for the apiservices to use +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + namespace: {{ template "kube-prometheus-stack.namespace" . }} +spec: + secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission + duration: 8760h0m0s # 1y + issuerRef: + {{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }} + {{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }} + {{- else }} + name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer + {{- end }} + dnsNames: + - {{ template "kube-prometheus-stack.operator.fullname" . }} + - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }} + - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/clusterrole.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/clusterrole.yaml new file mode 100644 index 000000000..e5568534c --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/clusterrole.yaml @@ -0,0 +1,80 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - alertmanagers/finalizers + - alertmanagerconfigs + - prometheuses + - prometheuses/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - probes + - prometheusrules + verbs: + - '*' +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - delete +- apiGroups: + - "" + resources: + - services + - services/finalizers + - endpoints + verbs: + - get + - create + - update + - delete +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/clusterrolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/clusterrolebinding.yaml new file mode 100644 index 000000000..c9ab0ab87 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-operator +subjects: +- kind: ServiceAccount + name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/deployment.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/deployment.yaml new file mode 100644 index 000000000..6e72acfa0 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/deployment.yaml @@ -0,0 +1,145 @@ +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +{{- if .Values.prometheusOperator.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-operator + release: {{ $.Release.Name | quote }} + template: + metadata: + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 8 }} +{{- if .Values.prometheusOperator.podLabels }} +{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }} +{{- end }} +{{- if .Values.prometheusOperator.podAnnotations }} + annotations: +{{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }} +{{- end }} + spec: + {{- if .Values.prometheusOperator.priorityClassName }} + priorityClassName: {{ .Values.prometheusOperator.priorityClassName }} + {{- end }} + containers: + - name: {{ template "kube-prometheus-stack.name" . }} + {{- if .Values.prometheusOperator.image.sha }} + image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}@sha256:{{ .Values.prometheusOperator.image.sha }}" + {{- else }} + image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}" + {{- end }} + imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}" + args: + {{- if .Values.prometheusOperator.kubeletService.enabled }} + - --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ template "kube-prometheus-stack.fullname" . }}-kubelet + {{- end }} + {{- if .Values.prometheusOperator.logFormat }} + - --log-format={{ .Values.prometheusOperator.logFormat }} + {{- end }} + {{- if .Values.prometheusOperator.logLevel }} + - --log-level={{ .Values.prometheusOperator.logLevel }} + {{- end }} + {{- if .Values.prometheusOperator.denyNamespaces }} + - --deny-namespaces={{ .Values.prometheusOperator.denyNamespaces | join "," }} + {{- end }} + {{- with $.Values.prometheusOperator.namespaces }} + {{ $ns := .additional }} + {{- if .releaseNamespace }} + {{- $ns = append $ns $namespace }} + {{- end }} + - --namespaces={{ $ns | join "," }} + {{- end }} + - --localhost=127.0.0.1 + {{- if .Values.prometheusOperator.prometheusDefaultBaseImage }} + - --prometheus-default-base-image={{ .Values.prometheusOperator.prometheusDefaultBaseImage }} + {{- end }} + {{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }} + - --alertmanager-default-base-image={{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }} + {{- end }} + {{- if .Values.prometheusOperator.prometheusConfigReloaderImage.sha }} + - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.sha }} + {{- else }} + - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }} + {{- end }} + - --config-reloader-cpu={{ .Values.prometheusOperator.configReloaderCpu }} + - --config-reloader-memory={{ .Values.prometheusOperator.configReloaderMemory }} + {{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }} + - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }} + {{- end }} + {{- if .Values.prometheusOperator.prometheusInstanceNamespaces }} + - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }} + {{- end }} + {{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }} + - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }} + {{- end }} + {{- if .Values.prometheusOperator.secretFieldSelector }} + - --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }} + {{- end }} + {{- if .Values.prometheusOperator.clusterDomain }} + - --cluster-domain={{ .Values.prometheusOperator.clusterDomain }} + {{- end }} + {{- if .Values.prometheusOperator.tls.enabled }} + - --web.enable-tls=true + - --web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }} + - --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }} + - --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }} + - --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }} + ports: + - containerPort: {{ .Values.prometheusOperator.tls.internalPort }} + name: https + {{- else }} + ports: + - containerPort: 8080 + name: http + {{- end }} + resources: +{{ toYaml .Values.prometheusOperator.resources | indent 12 }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true +{{- if .Values.prometheusOperator.tls.enabled }} + volumeMounts: + - name: tls-secret + mountPath: /cert + readOnly: true + volumes: + - name: tls-secret + secret: + defaultMode: 420 + secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission +{{- end }} + {{- with .Values.prometheusOperator.dnsConfig }} + dnsConfig: +{{ toYaml . | indent 8 }} + {{- end }} +{{- if .Values.prometheusOperator.securityContext }} + securityContext: +{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }} +{{- end }} + serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} +{{- if .Values.prometheusOperator.hostNetwork }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- with .Values.prometheusOperator.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + {{- with .Values.prometheusOperator.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- with .Values.prometheusOperator.tolerations }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp-clusterrole.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp-clusterrole.yaml new file mode 100644 index 000000000..d667d6275 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp-clusterrole.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-operator +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp-clusterrolebinding.yaml new file mode 100644 index 000000000..c538cd173 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp.yaml new file mode 100644 index 000000000..18d1d37df --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/psp.yaml @@ -0,0 +1,51 @@ +{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + hostNetwork: {{ .Values.prometheusOperator.hostNetwork }} + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/service.yaml new file mode 100644 index 000000000..8ccb2bb2d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/service.yaml @@ -0,0 +1,55 @@ +{{- if .Values.prometheusOperator.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheusOperator.service.labels }} +{{ toYaml .Values.prometheusOperator.service.labels | indent 4 }} +{{- end }} +{{- if .Values.prometheusOperator.service.annotations }} + annotations: +{{ toYaml .Values.prometheusOperator.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.prometheusOperator.service.clusterIP }} + clusterIP: {{ .Values.prometheusOperator.service.clusterIP }} +{{- end }} +{{- if .Values.prometheusOperator.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheusOperator.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheusOperator.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheusOperator.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheusOperator.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheusOperator.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + {{- if not .Values.prometheusOperator.tls.enabled }} + - name: http + {{- if eq .Values.prometheusOperator.service.type "NodePort" }} + nodePort: {{ .Values.prometheusOperator.service.nodePort }} + {{- end }} + port: 8080 + targetPort: http + {{- end }} + {{- if .Values.prometheusOperator.tls.enabled }} + - name: https + {{- if eq .Values.prometheusOperator.service.type "NodePort"}} + nodePort: {{ .Values.prometheusOperator.service.nodePortTls }} + {{- end }} + port: 443 + targetPort: https + {{- end }} + selector: + app: {{ template "kube-prometheus-stack.name" . }}-operator + release: {{ $.Release.Name | quote }} + type: "{{ .Values.prometheusOperator.service.type }}" +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/serviceaccount.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/serviceaccount.yaml new file mode 100644 index 000000000..650f53c99 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator + app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator + app.kubernetes.io/component: prometheus-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/servicemonitor.yaml new file mode 100644 index 000000000..b7bd952bb --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus-operator/servicemonitor.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-operator + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-operator +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + endpoints: + {{- if .Values.prometheusOperator.tls.enabled }} + - port: https + scheme: https + tlsConfig: + serverName: {{ template "kube-prometheus-stack.operator.fullname" . }} + ca: + secret: + name: {{ template "kube-prometheus-stack.fullname" . }}-admission + key: {{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}ca.crt{{ else }}ca{{ end }} + optional: false + {{- else }} + - port: http + {{- end }} + honorLabels: true + {{- if .Values.prometheusOperator.serviceMonitor.interval }} + interval: {{ .Values.prometheusOperator.serviceMonitor.interval }} + {{- end }} +{{- if .Values.prometheusOperator.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.prometheusOperator.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.prometheusOperator.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.prometheusOperator.serviceMonitor.relabelings | indent 6 }} +{{- end }} + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-operator + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/_rules.tpl b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/_rules.tpl new file mode 100644 index 000000000..0e33d65e4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/_rules.tpl @@ -0,0 +1,38 @@ +{{- /* +Generated file. Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- define "rules.names" }} +rules: + - "alertmanager.rules" + - "general.rules" + - "k8s.rules" + - "kube-apiserver.rules" + - "kube-apiserver-availability.rules" + - "kube-apiserver-error" + - "kube-apiserver-slos" + - "kube-prometheus-general.rules" + - "kube-prometheus-node-alerting.rules" + - "kube-prometheus-node-recording.rules" + - "kube-scheduler.rules" + - "kube-state-metrics" + - "kubelet.rules" + - "kubernetes-absent" + - "kubernetes-resources" + - "kubernetes-storage" + - "kubernetes-system" + - "kubernetes-system-apiserver" + - "kubernetes-system-kubelet" + - "kubernetes-system-controller-manager" + - "kubernetes-system-scheduler" + - "node-exporter.rules" + - "node-exporter" + - "node.rules" + - "node-network" + - "node-time" + - "prometheus-operator" + - "prometheus.rules" + - "prometheus" + - "kubernetes-apps" + - "etcd" +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalAlertRelabelConfigs.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalAlertRelabelConfigs.yaml new file mode 100644 index 000000000..bff930981 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalAlertRelabelConfigs.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} + annotations: +{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-relabel-confg +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: + additional-alert-relabel-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs | b64enc | quote }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalAlertmanagerConfigs.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalAlertmanagerConfigs.yaml new file mode 100644 index 000000000..8aebc96c3 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalAlertmanagerConfigs.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} + annotations: +{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-confg +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: + additional-alertmanager-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs | b64enc | quote }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalPrometheusRules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalPrometheusRules.yaml new file mode 100644 index 000000000..cb4aabaa7 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalPrometheusRules.yaml @@ -0,0 +1,43 @@ +{{- if or .Values.additionalPrometheusRules .Values.additionalPrometheusRulesMap}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-additional-prometheus-rules + namespace: {{ template "kube-prometheus-stack.namespace" . }} +items: +{{- if .Values.additionalPrometheusRulesMap }} +{{- range $prometheusRuleName, $prometheusRule := .Values.additionalPrometheusRulesMap }} + - apiVersion: monitoring.coreos.com/v1 + kind: PrometheusRule + metadata: + name: {{ template "kube-prometheus-stack.name" $ }}-{{ $prometheusRuleName }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }} +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $prometheusRule.additionalLabels }} +{{ toYaml $prometheusRule.additionalLabels | indent 8 }} + {{- end }} + spec: + groups: +{{ toYaml $prometheusRule.groups| indent 8 }} +{{- end }} +{{- else }} +{{- range .Values.additionalPrometheusRules }} + - apiVersion: monitoring.coreos.com/v1 + kind: PrometheusRule + metadata: + name: {{ template "kube-prometheus-stack.name" $ }}-{{ .name }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }} +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + groups: +{{ toYaml .groups| indent 8 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalScrapeConfigs.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalScrapeConfigs.yaml new file mode 100644 index 000000000..21d9429d8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/additionalScrapeConfigs.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalScrapeConfigs }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} + annotations: +{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} +{{- end }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus-scrape-confg +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +data: + additional-scrape-configs.yaml: {{ tpl (toYaml .Values.prometheus.prometheusSpec.additionalScrapeConfigs) $ | b64enc | quote }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/clusterrole.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/clusterrole.yaml new file mode 100644 index 000000000..3585b5db1 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/clusterrole.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +# This permission are not in the kube-prometheus repo +# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml +- apiGroups: [""] + resources: + - nodes + - nodes/metrics + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: + - "networking.k8s.io" + resources: + - ingresses + verbs: ["get", "list", "watch"] +- nonResourceURLs: ["/metrics", "/metrics/cadvisor"] + verbs: ["get"] +{{- if .Values.prometheus.additionalRulesForClusterRole }} +{{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/clusterrolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/clusterrolebinding.yaml new file mode 100644 index 000000000..9fc4f65da --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} + diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingress.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingress.yaml new file mode 100644 index 000000000..3992789ba --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingress.yaml @@ -0,0 +1,77 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled -}} + {{- $pathType := .Values.prometheus.ingress.pathType | default "" -}} + {{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" -}} + {{- $servicePort := .Values.prometheus.service.port -}} + {{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix -}} + {{- $paths := .Values.prometheus.ingress.paths | default $routePrefix -}} + {{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} + {{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} +apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} +kind: Ingress +metadata: +{{- if .Values.prometheus.ingress.annotations }} + annotations: +{{ toYaml .Values.prometheus.ingress.annotations | indent 4 }} +{{- end }} + name: {{ $serviceName }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.ingress.labels }} +{{ toYaml .Values.prometheus.ingress.labels | indent 4 }} +{{- end }} +spec: + {{- if $apiIsStable }} + {{- if .Values.prometheus.ingress.ingressClassName }} + ingressClassName: {{ .Values.prometheus.ingress.ingressClassName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.prometheus.ingress.hosts }} + {{- range $host := .Values.prometheus.ingress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if and $pathType $ingressSupportsPathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if $apiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if and $pathType $ingressSupportsPathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if $apiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- if .Values.prometheus.ingress.tls }} + tls: +{{ tpl (toYaml .Values.prometheus.ingress.tls | indent 4) . }} + {{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingressThanosSidecar.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingressThanosSidecar.yaml new file mode 100644 index 000000000..ace405867 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingressThanosSidecar.yaml @@ -0,0 +1,76 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.thanosIngress.enabled }} +{{- $pathType := .Values.prometheus.thanosIngress.pathType | default "" }} +{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $thanosPort := .Values.prometheus.thanosIngress.servicePort -}} +{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }} +{{- $paths := .Values.prometheus.thanosIngress.paths | default $routePrefix -}} +{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} +apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} +kind: Ingress +metadata: +{{- if .Values.prometheus.thanosIngress.annotations }} + annotations: +{{ toYaml .Values.prometheus.thanosIngress.annotations | indent 4 }} +{{- end }} + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-gateway + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.thanosIngress.labels }} +{{ toYaml .Values.prometheus.thanosIngress.labels | indent 4 }} +{{- end }} +spec: + {{- if $apiIsStable }} + {{- if .Values.prometheus.thanosIngress.ingressClassName }} + ingressClassName: {{ .Values.prometheus.thanosIngress.ingressClassName }} + {{- end }} + {{- end }} + rules: + {{- if .Values.prometheus.thanosIngress.hosts }} + {{- range $host := .Values.prometheus.thanosIngress.hosts }} + - host: {{ tpl $host $ }} + http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if and $pathType $ingressSupportsPathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if $apiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $thanosPort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $thanosPort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- else }} + - http: + paths: + {{- range $p := $paths }} + - path: {{ tpl $p $ }} + {{- if and $pathType $ingressSupportsPathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if $apiIsStable }} + service: + name: {{ $serviceName }} + port: + number: {{ $thanosPort }} + {{- else }} + serviceName: {{ $serviceName }} + servicePort: {{ $thanosPort }} + {{- end }} + {{- end -}} + {{- end -}} + {{- if .Values.prometheus.thanosIngress.tls }} + tls: +{{ toYaml .Values.prometheus.thanosIngress.tls | indent 4 }} + {{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingressperreplica.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingressperreplica.yaml new file mode 100644 index 000000000..df631993b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/ingressperreplica.yaml @@ -0,0 +1,67 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled .Values.prometheus.ingressPerReplica.enabled }} +{{- $pathType := .Values.prometheus.ingressPerReplica.pathType | default "" }} +{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} +{{- $servicePort := .Values.prometheus.servicePerReplica.port -}} +{{- $ingressValues := .Values.prometheus.ingressPerReplica -}} +{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-ingressperreplica + namespace: {{ template "kube-prometheus-stack.namespace" $ }} +items: +{{ range $i, $e := until $count }} + - kind: Ingress + apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" $ }} + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-prometheus + {{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $ingressValues.labels }} +{{ toYaml $ingressValues.labels | indent 8 }} + {{- end }} + {{- if $ingressValues.annotations }} + annotations: +{{ toYaml $ingressValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if $apiIsStable }} + {{- if $ingressValues.ingressClassName }} + ingressClassName: {{ $ingressValues.ingressClassName }} + {{- end }} + {{- end }} + rules: + - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + http: + paths: + {{- range $p := $ingressValues.paths }} + - path: {{ tpl $p $ }} + {{- if and $pathType $ingressSupportsPathType }} + pathType: {{ $pathType }} + {{- end }} + backend: + {{- if $apiIsStable }} + service: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + port: + number: {{ $servicePort }} + {{- else }} + serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + servicePort: {{ $servicePort }} + {{- end }} + {{- end -}} + {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }} + tls: + - hosts: + - {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} + {{- if $ingressValues.tlsSecretPerReplica.enabled }} + secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }} + {{- else }} + secretName: {{ $ingressValues.tlsSecretName }} + {{- end }} + {{- end }} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/nginx-config.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/nginx-config.yaml new file mode 100644 index 000000000..7f5ef368a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/nginx-config.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: prometheus-nginx-proxy-config + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.annotations }} + annotations: +{{ toYaml .Values.prometheus.annotations | indent 4 }} +{{- end }} +data: + nginx.conf: |- + worker_processes auto; + error_log /dev/stdout warn; + pid /var/cache/nginx/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; + + proxy_connect_timeout 10; + proxy_read_timeout 180; + proxy_send_timeout 5; + proxy_buffering off; + proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; + + server { + listen 8081; + access_log off; + + gzip on; + gzip_min_length 1k; + gzip_comp_level 2; + gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; + gzip_vary on; + gzip_disable "MSIE [1-6]\."; + + proxy_set_header Host $host; + + location / { + proxy_cache my_zone; + proxy_cache_valid 200 302 1d; + proxy_cache_valid 301 30d; + proxy_cache_valid any 5m; + proxy_cache_bypass $http_cache_control; + add_header X-Proxy-Cache $upstream_cache_status; + add_header Cache-Control "public"; + + proxy_pass http://localhost:9090/; + + sub_filter_types text/html; + sub_filter_once off; + sub_filter 'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";'; + + if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { + expires 90d; + } + + rewrite ^/k8s/clusters/.*/proxy(.*) /$1 break; + + } + } + } diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/podDisruptionBudget.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/podDisruptionBudget.yaml new file mode 100644 index 000000000..cce4a855c --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/podDisruptionBudget.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + {{- if .Values.prometheus.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: prometheus + prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/podmonitors.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/podmonitors.yaml new file mode 100644 index 000000000..95d568e13 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/podmonitors.yaml @@ -0,0 +1,37 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPodMonitors }} +apiVersion: v1 +kind: List +items: +{{- range .Values.prometheus.additionalPodMonitors }} + - apiVersion: monitoring.coreos.com/v1 + kind: PodMonitor + metadata: + name: {{ .name }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + podMetricsEndpoints: +{{ toYaml .podMetricsEndpoints | indent 8 }} + {{- if .jobLabel }} + jobLabel: {{ .jobLabel }} + {{- end }} + {{- if .namespaceSelector }} + namespaceSelector: +{{ toYaml .namespaceSelector | indent 8 }} + {{- end }} + selector: +{{ toYaml .selector | indent 8 }} + {{- if .podTargetLabels }} + podTargetLabels: +{{ toYaml .podTargetLabels | indent 8 }} + {{- end }} + {{- if .sampleLimit }} + sampleLimit: {{ .sampleLimit }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/prometheus.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/prometheus.yaml new file mode 100644 index 000000000..cf2056cb9 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/prometheus.yaml @@ -0,0 +1,332 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.annotations }} + annotations: +{{ toYaml .Values.prometheus.annotations | indent 4 }} +{{- end }} +spec: + alerting: + alertmanagers: +{{- if .Values.prometheus.prometheusSpec.alertingEndpoints }} +{{ toYaml .Values.prometheus.prometheusSpec.alertingEndpoints | indent 6 }} +{{- else if .Values.alertmanager.enabled }} + - namespace: {{ template "kube-prometheus-stack.namespace" . }} + name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + port: {{ .Values.alertmanager.alertmanagerSpec.portName }} + {{- if .Values.alertmanager.alertmanagerSpec.routePrefix }} + pathPrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" + {{- end }} + apiVersion: {{ .Values.alertmanager.apiVersion }} +{{- else }} + [] +{{- end }} +{{- if .Values.prometheus.prometheusSpec.apiserverConfig }} + apiserverConfig: +{{ toYaml .Values.prometheus.prometheusSpec.apiserverConfig | indent 4}} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.image }} + image: {{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.image.repository }}:{{ .Values.prometheus.prometheusSpec.image.tag }} + version: {{ .Values.prometheus.prometheusSpec.image.tag }} + {{- if .Values.prometheus.prometheusSpec.image.sha }} + sha: {{ .Values.prometheus.prometheusSpec.image.sha }} + {{- end }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.externalLabels }} + externalLabels: +{{ tpl (toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4) . }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.prometheusExternalLabelNameClear }} + prometheusExternalLabelName: "" +{{- else if .Values.prometheus.prometheusSpec.prometheusExternalLabelName }} + prometheusExternalLabelName: "{{ .Values.prometheus.prometheusSpec.prometheusExternalLabelName }}" +{{- end }} +{{- if .Values.prometheus.prometheusSpec.replicaExternalLabelNameClear }} + replicaExternalLabelName: "" +{{- else if .Values.prometheus.prometheusSpec.replicaExternalLabelName }} + replicaExternalLabelName: "{{ .Values.prometheus.prometheusSpec.replicaExternalLabelName }}" +{{- end }} +{{- if .Values.prometheus.prometheusSpec.externalUrl }} + externalUrl: "{{ tpl .Values.prometheus.prometheusSpec.externalUrl . }}" +{{- else if and .Values.prometheus.ingress.enabled .Values.prometheus.ingress.hosts }} + externalUrl: "http://{{ tpl (index .Values.prometheus.ingress.hosts 0) . }}{{ .Values.prometheus.prometheusSpec.routePrefix }}" +{{- else if not (or (kindIs "invalid" .Values.global.cattle.url) (kindIs "invalid" .Values.global.cattle.clusterId)) }} + externalUrl: "{{ .Values.global.cattle.url }}/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Values.namespaceOverride }}/services/http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}/proxy" +{{- else }} + externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }} +{{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} +{{- if .Values.prometheus.prometheusSpec.nodeSelector }} +{{ toYaml .Values.prometheus.prometheusSpec.nodeSelector | indent 4 }} +{{- end }} + paused: {{ .Values.prometheus.prometheusSpec.paused }} + replicas: {{ .Values.prometheus.prometheusSpec.replicas }} + shards: {{ .Values.prometheus.prometheusSpec.shards }} + logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }} + logFormat: {{ .Values.prometheus.prometheusSpec.logFormat }} + listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }} + enableAdminAPI: {{ .Values.prometheus.prometheusSpec.enableAdminAPI }} +{{- if .Values.prometheus.prometheusSpec.enableFeatures }} + enableFeatures: +{{- range $enableFeatures := .Values.prometheus.prometheusSpec.enableFeatures }} + - {{ tpl $enableFeatures $ }} +{{- end }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.scrapeInterval }} + scrapeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheus.prometheusSpec.scrapeTimeout }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.evaluationInterval }} + evaluationInterval: {{ .Values.prometheus.prometheusSpec.evaluationInterval }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.resources }} + resources: +{{ toYaml .Values.prometheus.prometheusSpec.resources | indent 4 }} +{{- end }} + retention: {{ .Values.prometheus.prometheusSpec.retention | quote }} +{{- if .Values.prometheus.prometheusSpec.retentionSize }} + retentionSize: {{ .Values.prometheus.prometheusSpec.retentionSize | quote }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.walCompression }} + walCompression: {{ .Values.prometheus.prometheusSpec.walCompression }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.routePrefix }} + routePrefix: {{ .Values.prometheus.prometheusSpec.routePrefix | quote }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.secrets }} + secrets: +{{ toYaml .Values.prometheus.prometheusSpec.secrets | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.configMaps }} + configMaps: +{{ toYaml .Values.prometheus.prometheusSpec.configMaps | indent 4 }} +{{- end }} + serviceAccountName: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} +{{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }} + serviceMonitorSelector: +{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorSelector | indent 4 }} +{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues }} + serviceMonitorSelector: + matchLabels: + release: {{ $.Release.Name | quote }} +{{ else }} + serviceMonitorSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector }} + serviceMonitorNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector | indent 4 }} +{{ else }} + serviceMonitorNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.podMonitorSelector }} + podMonitorSelector: +{{ toYaml .Values.prometheus.prometheusSpec.podMonitorSelector | indent 4 }} +{{ else if .Values.prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues }} + podMonitorSelector: + matchLabels: + release: {{ $.Release.Name | quote }} +{{ else }} + podMonitorSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector }} + podMonitorNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector | indent 4 }} +{{ else }} + podMonitorNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.probeSelector }} + probeSelector: +{{ toYaml .Values.prometheus.prometheusSpec.probeSelector | indent 4 }} +{{ else if .Values.prometheus.prometheusSpec.probeSelectorNilUsesHelmValues }} + probeSelector: + matchLabels: + release: {{ $.Release.Name | quote }} +{{ else }} + probeSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.probeNamespaceSelector }} + probeNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.probeNamespaceSelector | indent 4 }} +{{ else }} + probeNamespaceSelector: {} +{{- end }} +{{- if (or .Values.prometheus.prometheusSpec.remoteRead .Values.prometheus.prometheusSpec.additionalRemoteRead) }} + remoteRead: +{{- if .Values.prometheus.prometheusSpec.remoteRead }} +{{ tpl (toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4) . }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalRemoteRead }} +{{ toYaml .Values.prometheus.prometheusSpec.additionalRemoteRead | indent 4 }} +{{- end }} +{{- end }} +{{- if (or .Values.prometheus.prometheusSpec.remoteWrite .Values.prometheus.prometheusSpec.additionalRemoteWrite) }} + remoteWrite: +{{- if .Values.prometheus.prometheusSpec.remoteWrite }} +{{ tpl (toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4) . }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalRemoteWrite }} +{{ toYaml .Values.prometheus.prometheusSpec.additionalRemoteWrite | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.securityContext }} + securityContext: +{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }} + ruleNamespaceSelector: +{{ toYaml .Values.prometheus.prometheusSpec.ruleNamespaceSelector | indent 4 }} +{{ else }} + ruleNamespaceSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ruleSelector }} + ruleSelector: +{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}} +{{- else if .Values.prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues }} + ruleSelector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }} + release: {{ $.Release.Name | quote }} +{{ else }} + ruleSelector: {} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.storageSpec }} + storage: +{{ toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.podMetadata }} + podMetadata: +{{ tpl (toYaml .Values.prometheus.prometheusSpec.podMetadata | indent 4) . }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.query }} + query: +{{ toYaml .Values.prometheus.prometheusSpec.query | indent 4}} +{{- end }} +{{- if or .Values.prometheus.prometheusSpec.podAntiAffinity .Values.prometheus.prometheusSpec.affinity }} + affinity: +{{- if .Values.prometheus.prometheusSpec.affinity }} +{{ toYaml .Values.prometheus.prometheusSpec.affinity | indent 4 }} +{{- end }} +{{- if eq .Values.prometheus.prometheusSpec.podAntiAffinity "hard" }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app.kubernetes.io/name, operator: In, values: [prometheus]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]} +{{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} + labelSelector: + matchExpressions: + - {key: app.kubernetes.io/name, operator: In, values: [prometheus]} + - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]} +{{- end }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} +{{- if .Values.prometheus.prometheusSpec.tolerations }} +{{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.prometheus.prometheusSpec.topologySpreadConstraints | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigs }} + additionalScrapeConfigs: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg + key: additional-scrape-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.enabled }} + additionalScrapeConfigs: + name: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.name }} + key: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.key }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }} + additionalAlertManagerConfigs: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg + key: additional-alertmanager-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} + additionalAlertRelabelConfigs: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg + key: additional-alert-relabel-configs.yaml +{{- end }} +{{- if .Values.prometheus.prometheusSpec.containers }} + containers: +{{ tpl .Values.prometheus.prometheusSpec.containers $ | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.initContainers }} + initContainers: +{{ toYaml .Values.prometheus.prometheusSpec.initContainers | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.priorityClassName }} + priorityClassName: {{ .Values.prometheus.prometheusSpec.priorityClassName }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.thanos }} + thanos: +{{ toYaml .Values.prometheus.prometheusSpec.thanos | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.disableCompaction }} + disableCompaction: {{ .Values.prometheus.prometheusSpec.disableCompaction }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.portName }} + portName: {{ .Values.prometheus.prometheusSpec.portName }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.volumes }} + volumes: +{{ toYaml .Values.prometheus.prometheusSpec.volumes | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.volumeMounts }} + volumeMounts: +{{ toYaml .Values.prometheus.prometheusSpec.volumeMounts | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs }} + arbitraryFSAccessThroughSMs: +{{ toYaml .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.overrideHonorLabels }} + overrideHonorLabels: {{ .Values.prometheus.prometheusSpec.overrideHonorLabels }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.overrideHonorTimestamps }} + overrideHonorTimestamps: {{ .Values.prometheus.prometheusSpec.overrideHonorTimestamps }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} + ignoreNamespaceSelectors: {{ .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }} + enforcedNamespaceLabel: {{ .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }} +{{- $prometheusDefaultRulesExcludedFromEnforce := (include "rules.names" .) | fromYaml }} + prometheusRulesExcludedFromEnforce: +{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }} + - ruleNamespace: "{{ template "kube-prometheus-stack.namespace" $ }}" + ruleName: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}" +{{- end }} +{{- if .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce }} +{{ toYaml .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce | indent 4 }} +{{- end }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.queryLogFile }} + queryLogFile: {{ .Values.prometheus.prometheusSpec.queryLogFile }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.enforcedSampleLimit }} + enforcedSampleLimit: {{ .Values.prometheus.prometheusSpec.enforcedSampleLimit }} +{{- end }} +{{- if .Values.prometheus.prometheusSpec.allowOverlappingBlocks }} + allowOverlappingBlocks: {{ .Values.prometheus.prometheusSpec.allowOverlappingBlocks }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp-clusterrole.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp-clusterrole.yaml new file mode 100644 index 000000000..a279fb241 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp-clusterrole.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +rules: +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} +- apiGroups: ['policy'] +{{- else }} +- apiGroups: ['extensions'] +{{- end }} + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp-clusterrolebinding.yaml new file mode 100644 index 000000000..27b73b74b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp-clusterrolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} +{{- end }} + diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp.yaml new file mode 100644 index 000000000..08da5e124 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/psp.yaml @@ -0,0 +1,62 @@ +{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.rbac.pspEnabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{- if .Values.global.rbac.pspAnnotations }} + annotations: +{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} +{{- end }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' +{{- if .Values.prometheus.podSecurityPolicy.volumes }} +{{ toYaml .Values.prometheus.podSecurityPolicy.volumes | indent 4 }} +{{- end }} + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- if .Values.prometheus.podSecurityPolicy.allowedCapabilities }} + allowedCapabilities: +{{ toYaml .Values.prometheus.podSecurityPolicy.allowedCapabilities | indent 4 }} +{{- end }} +{{- if .Values.prometheus.podSecurityPolicy.allowedHostPaths }} + allowedHostPaths: +{{ toYaml .Values.prometheus.podSecurityPolicy.allowedHostPaths | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/alertmanager.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/alertmanager.rules.yaml new file mode 100644 index 000000000..387a67715 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/alertmanager.rules.yaml @@ -0,0 +1,70 @@ +{{- /* +Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.alertmanager }} +{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: alertmanager.rules + rules: + - alert: AlertmanagerConfigInconsistent + annotations: + message: 'The configuration of the instances of the Alertmanager cluster `{{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.service {{`}}`}}` are out of sync. + + {{`{{`}} range printf "alertmanager_config_hash{namespace=\"%s\",service=\"%s\"}" $labels.namespace $labels.service | query {{`}}`}} + + Configuration hash for pod {{`{{`}} .Labels.pod {{`}}`}} is "{{`{{`}} printf "%.f" .Value {{`}}`}}" + + {{`{{`}} end {{`}}`}} + + ' + expr: count by(namespace,service) (count_values by(namespace,service) ("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"})) != 1 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AlertmanagerFailedReload + annotations: + message: Reloading Alertmanager's configuration has failed for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}}. + expr: alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} == 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AlertmanagerMembersInconsistent + annotations: + message: Alertmanager has not found all other members of the cluster. + expr: |- + alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} + != on (service) GROUP_LEFT() + count by (service) (alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/etcd.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/etcd.yaml new file mode 100644 index 000000000..c3702bd31 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/etcd.yaml @@ -0,0 +1,181 @@ +{{- /* +Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/website/master/content/en/docs/v3.4/op-guide/etcd3_alert.rules.yml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.etcd }} +{{- if (include "exporter.kubeEtcd.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "etcd" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: etcd + rules: + - alert: etcdInsufficientMembers + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": insufficient members ({{`{{`}} $value {{`}}`}}).' + expr: sum(up{job=~".*etcd.*"} == bool 1) by (job) < ((count(up{job=~".*etcd.*"}) by (job) + 1) / 2) + for: 3m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdNoLeader + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member {{`{{`}} $labels.instance {{`}}`}} has no leader.' + expr: etcd_server_has_leader{job=~".*etcd.*"} == 0 + for: 1m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfLeaderChanges + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": instance {{`{{`}} $labels.instance {{`}}`}} has seen {{`{{`}} $value {{`}}`}} leader changes within the last hour.' + expr: rate(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}[15m]) > 3 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedGRPCRequests + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method) + / + sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method) + > 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedGRPCRequests + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code!="OK"}[5m])) BY (job, instance, grpc_service, grpc_method) + / + sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) BY (job, instance, grpc_service, grpc_method) + > 5 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdGRPCRequestsSlow + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": gRPC requests to {{`{{`}} $labels.grpc_method {{`}}`}} are taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job=~".*etcd.*", grpc_type="unary"}[5m])) by (job, instance, grpc_service, grpc_method, le)) + > 0.15 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdMemberCommunicationSlow + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member communication with {{`{{`}} $labels.To {{`}}`}} is taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.15 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedProposals + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} proposal failures within the last hour on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighFsyncDurations + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile fync durations are {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.5 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighCommitDurations + annotations: + message: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile commit durations {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket{job=~".*etcd.*"}[5m])) + > 0.25 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedHTTPRequests + annotations: + message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}' + expr: |- + sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) + BY (method) > 0.01 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHighNumberOfFailedHTTPRequests + annotations: + message: '{{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' + expr: |- + sum(rate(etcd_http_failed_total{job=~".*etcd.*", code!="404"}[5m])) BY (method) / sum(rate(etcd_http_received_total{job=~".*etcd.*"}[5m])) + BY (method) > 0.05 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: etcdHTTPRequestsSlow + annotations: + message: etcd instance {{`{{`}} $labels.instance {{`}}`}} HTTP requests to {{`{{`}} $labels.method {{`}}`}} are slow. + expr: |- + histogram_quantile(0.99, rate(etcd_http_successful_duration_seconds_bucket[5m])) + > 0.15 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/general.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/general.rules.yaml new file mode 100644 index 000000000..80771f4f8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/general.rules.yaml @@ -0,0 +1,56 @@ +{{- /* +Generated from 'general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.general }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "general.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: general.rules + rules: + - alert: TargetDown + annotations: + message: '{{`{{`}} printf "%.4g" $value {{`}}`}}% of the {{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.service {{`}}`}} targets in {{`{{`}} $labels.namespace {{`}}`}} namespace are down.' + expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: Watchdog + annotations: + message: 'This is an alert meant to ensure that the entire alerting pipeline is functional. + + This alert is always firing, therefore it should always be firing in Alertmanager + + and always fire against a receiver. There are integrations with various notification + + mechanisms that send a notification when this alert is not firing. For example the + + "DeadMansSnitch" integration in PagerDuty. + + ' + expr: vector(1) + labels: + severity: none +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/k8s.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/k8s.rules.yaml new file mode 100644 index 000000000..1d69d9f5f --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/k8s.rules.yaml @@ -0,0 +1,117 @@ +{{- /* +Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8s }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: k8s.rules + rules: + - expr: |- + sum by (cluster, namespace, pod, container) ( + rate(container_cpu_usage_seconds_total{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""}[5m]) + ) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) ( + 1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate + - expr: |- + container_memory_working_set_bytes{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_working_set_bytes + - expr: |- + container_memory_rss{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_rss + - expr: |- + container_memory_cache{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_cache + - expr: |- + container_memory_swap{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""} + * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, + max by(namespace, pod, node) (kube_pod_info{node!=""}) + ) + record: node_namespace_pod_container:container_memory_swap + - expr: |- + sum by (namespace, cluster) ( + sum by (namespace, pod, cluster) ( + max by (namespace, pod, container, cluster) ( + kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( + kube_pod_status_phase{phase=~"Pending|Running"} == 1 + ) + ) + ) + record: namespace_memory:kube_pod_container_resource_requests:sum + - expr: |- + sum by (namespace, cluster) ( + sum by (namespace, pod, cluster) ( + max by (namespace, pod, container, cluster) ( + kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} + ) * on(namespace, pod, cluster) group_left() max by (namespace, pod) ( + kube_pod_status_phase{phase=~"Pending|Running"} == 1 + ) + ) + ) + record: namespace_cpu:kube_pod_container_resource_requests:sum + - expr: |- + max by (cluster, namespace, workload, pod) ( + label_replace( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"}, + "replicaset", "$1", "owner_name", "(.*)" + ) * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) ( + 1, max by (replicaset, namespace, owner_name) ( + kube_replicaset_owner{job="kube-state-metrics"} + ) + ), + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: deployment + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by (cluster, namespace, workload, pod) ( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: daemonset + record: namespace_workload_pod:kube_pod_owner:relabel + - expr: |- + max by (cluster, namespace, workload, pod) ( + label_replace( + kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"}, + "workload", "$1", "owner_name", "(.*)" + ) + ) + labels: + workload_type: statefulset + record: namespace_workload_pod:kube_pod_owner:relabel +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml new file mode 100644 index 000000000..7b00b54a7 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml @@ -0,0 +1,160 @@ +{{- /* +Generated from 'kube-apiserver-availability.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverAvailability }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-availability.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - interval: 3m + name: kube-apiserver-availability.rules + rules: + - expr: |- + 1 - ( + ( + # write too slow + sum(increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) + - + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) + ) + + ( + # read too slow + sum(increase(apiserver_request_duration_seconds_count{verb=~"LIST|GET"}[30d])) + - + ( + ( + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) + or + vector(0) + ) + + + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + + + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"LIST|GET",scope="cluster",le="5"}[30d])) + ) + ) + + # errors + sum(code:apiserver_request_total:increase30d{code=~"5.."} or vector(0)) + ) + / + sum(code:apiserver_request_total:increase30d) + labels: + verb: all + record: apiserver_request:availability30d + - expr: |- + 1 - ( + sum(increase(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30d])) + - + ( + # too slow + ( + sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30d])) + or + vector(0) + ) + + + sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30d])) + + + sum(increase(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30d])) + ) + + + # errors + sum(code:apiserver_request_total:increase30d{verb="read",code=~"5.."} or vector(0)) + ) + / + sum(code:apiserver_request_total:increase30d{verb="read"}) + labels: + verb: read + record: apiserver_request:availability30d + - expr: |- + 1 - ( + ( + # too slow + sum(increase(apiserver_request_duration_seconds_count{verb=~"POST|PUT|PATCH|DELETE"}[30d])) + - + sum(increase(apiserver_request_duration_seconds_bucket{verb=~"POST|PUT|PATCH|DELETE",le="1"}[30d])) + ) + + + # errors + sum(code:apiserver_request_total:increase30d{verb="write",code=~"5.."} or vector(0)) + ) + / + sum(code:apiserver_request_total:increase30d{verb="write"}) + labels: + verb: write + record: apiserver_request:availability30d + - expr: avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30 + record: code_verb:apiserver_request_total:increase30d + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"2.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"3.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"4.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="LIST",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="GET",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="POST",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PUT",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="PATCH",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code, verb) (increase(apiserver_request_total{job="apiserver",verb="DELETE",code=~"5.."}[1h])) + record: code_verb:apiserver_request_total:increase1h + - expr: sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) + labels: + verb: read + record: code:apiserver_request_total:increase30d + - expr: sum by (code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) + labels: + verb: write + record: code:apiserver_request_total:increase30d +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml new file mode 100644 index 000000000..0f44ccc10 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml @@ -0,0 +1,95 @@ +{{- /* +Generated from 'kube-apiserver-slos' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverSlos }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-slos" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-apiserver-slos + rules: + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate1h) > (14.40 * 0.01000) + and + sum(apiserver_request:burnrate5m) > (14.40 * 0.01000) + for: 2m + labels: + long: 1h + severity: critical + short: 5m +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate6h) > (6.00 * 0.01000) + and + sum(apiserver_request:burnrate30m) > (6.00 * 0.01000) + for: 15m + labels: + long: 6h + severity: critical + short: 30m +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate1d) > (3.00 * 0.01000) + and + sum(apiserver_request:burnrate2h) > (3.00 * 0.01000) + for: 1h + labels: + long: 1d + severity: warning + short: 2h +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeAPIErrorBudgetBurn + annotations: + description: The API server is burning too much error budget. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapierrorbudgetburn + summary: The API server is burning too much error budget. + expr: |- + sum(apiserver_request:burnrate3d) > (1.00 * 0.01000) + and + sum(apiserver_request:burnrate6h) > (1.00 * 0.01000) + for: 3h + labels: + long: 3d + severity: warning + short: 6h +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml new file mode 100644 index 000000000..eddc1e40f --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-apiserver.rules.yaml @@ -0,0 +1,358 @@ +{{- /* +Generated from 'kube-apiserver.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserver }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-apiserver.rules + rules: + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1d])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1d])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1d])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1d])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1d])) + labels: + verb: read + record: apiserver_request:burnrate1d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[1h])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[1h])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[1h])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[1h])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1h])) + labels: + verb: read + record: apiserver_request:burnrate1h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[2h])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[2h])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[2h])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[2h])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[2h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[2h])) + labels: + verb: read + record: apiserver_request:burnrate2h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[30m])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[30m])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[30m])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[30m])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[30m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[30m])) + labels: + verb: read + record: apiserver_request:burnrate30m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[3d])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[3d])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[3d])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[3d])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[3d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[3d])) + labels: + verb: read + record: apiserver_request:burnrate3d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[5m])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[5m])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[5m])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[5m])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[5m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) + labels: + verb: read + record: apiserver_request:burnrate5m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"LIST|GET"}[6h])) + - + ( + ( + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope=~"resource|",le="0.1"}[6h])) + or + vector(0) + ) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="namespace",le="0.5"}[6h])) + + + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",scope="cluster",le="5"}[6h])) + ) + ) + + + # errors + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[6h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[6h])) + labels: + verb: read + record: apiserver_request:burnrate6h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1d])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) + labels: + verb: write + record: apiserver_request:burnrate1d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[1h])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) + labels: + verb: write + record: apiserver_request:burnrate1h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[2h])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[2h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) + labels: + verb: write + record: apiserver_request:burnrate2h + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[30m])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[30m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) + labels: + verb: write + record: apiserver_request:burnrate30m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[3d])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[3d])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) + labels: + verb: write + record: apiserver_request:burnrate3d + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[5m])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[5m])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + labels: + verb: write + record: apiserver_request:burnrate5m + - expr: |- + ( + ( + # too slow + sum(rate(apiserver_request_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) + - + sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",le="1"}[6h])) + ) + + + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[6h])) + ) + / + sum(rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) + labels: + verb: write + record: apiserver_request:burnrate6h + - expr: sum by (code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) + labels: + verb: read + record: code_resource:apiserver_request_total:rate5m + - expr: sum by (code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) + labels: + verb: write + record: code_resource:apiserver_request_total:rate5m + - expr: histogram_quantile(0.99, sum by (le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET"}[5m]))) > 0 + labels: + quantile: '0.99' + verb: read + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum by (le, resource) (rate(apiserver_request_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m]))) > 0 + labels: + quantile: '0.99' + verb: write + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(apiserver_request_duration_seconds_bucket{job="apiserver",subresource!="log",verb!~"LIST|WATCH|WATCHLIST|DELETECOLLECTION|PROXY|CONNECT"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:apiserver_request_duration_seconds:histogram_quantile +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml new file mode 100644 index 000000000..e54bee587 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml @@ -0,0 +1,31 @@ +{{- /* +Generated from 'kube-prometheus-general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusGeneral }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-general.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-prometheus-general.rules + rules: + - expr: count without(instance, pod, node) (up == 1) + record: count:up1 + - expr: count without(instance, pod, node) (up == 0) + record: count:up0 +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml new file mode 100644 index 000000000..27271f1b5 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml @@ -0,0 +1,39 @@ +{{- /* +Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeRecording }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-node-recording.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-prometheus-node-recording.rules + rules: + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance) + record: instance:node_cpu:rate:sum + - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) + record: instance:node_network_receive_bytes:rate:sum + - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) + record: instance:node_network_transmit_bytes:rate:sum + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) + record: instance:node_cpu:ratio + - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) + record: cluster:node_cpu:sum_rate5m + - expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) + record: cluster:node_cpu:ratio +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml new file mode 100644 index 000000000..3c0ff31b0 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml @@ -0,0 +1,65 @@ +{{- /* +Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeScheduler }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-scheduler.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-scheduler.rules + rules: + - expr: histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.99' + record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.9' + record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) + labels: + quantile: '0.5' + record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-state-metrics.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-state-metrics.yaml new file mode 100644 index 000000000..0fa5032ba --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kube-state-metrics.yaml @@ -0,0 +1,59 @@ +{{- /* +Generated from 'kube-state-metrics' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeStateMetrics }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-state-metrics" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kube-state-metrics + rules: + - alert: KubeStateMetricsListErrors + annotations: + description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricslisterrors + summary: kube-state-metrics is experiencing errors in list operations. + expr: |- + (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) + / + sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m]))) + > 0.01 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStateMetricsWatchErrors + annotations: + description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatemetricswatcherrors + summary: kube-state-metrics is experiencing errors in watch operations. + expr: |- + (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) + / + sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m]))) + > 0.01 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubelet.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubelet.rules.yaml new file mode 100644 index 000000000..216132ec8 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubelet.rules.yaml @@ -0,0 +1,41 @@ +{{- /* +Generated from 'kubelet.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubelet }} +{{- if (include "exporter.kubelet.enabled" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubelet.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubelet.rules + rules: + - expr: histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"}) + labels: + quantile: '0.99' + record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.9, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"}) + labels: + quantile: '0.9' + record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile + - expr: histogram_quantile(0.5, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (instance, le) * on(instance) group_left(node) kubelet_node_name{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"}) + labels: + quantile: '0.5' + record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-apps.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-apps.yaml new file mode 100644 index 000000000..77bb40a1e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-apps.yaml @@ -0,0 +1,298 @@ +{{- /* +Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesApps }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-apps" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-apps + rules: + - alert: KubePodCrashLooping + annotations: + description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is restarting {{`{{`}} printf "%.2f" $value {{`}}`}} times / 10 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodcrashlooping + summary: Pod is crash looping. + expr: rate(kube_pod_container_status_restarts_total{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m]) * 60 * 5 > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePodNotReady + annotations: + description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} has been in a non-ready state for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepodnotready + summary: Pod has been in a non-ready state for more than 15 minutes. + expr: |- + sum by (namespace, pod) ( + max by(namespace, pod) ( + kube_pod_status_phase{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}", phase=~"Pending|Unknown"} + ) * on(namespace, pod) group_left(owner_kind) topk by(namespace, pod) ( + 1, max by(namespace, pod, owner_kind) (kube_pod_owner{owner_kind!="Job"}) + ) + ) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDeploymentGenerationMismatch + annotations: + description: Deployment generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} does not match, this indicates that the Deployment has failed but has not been rolled back. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentgenerationmismatch + summary: Deployment generation mismatch due to possible roll-back + expr: |- + kube_deployment_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_deployment_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDeploymentReplicasMismatch + annotations: + description: Deployment {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedeploymentreplicasmismatch + summary: Deployment has not matched the expected number of replicas. + expr: |- + ( + kube_deployment_spec_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_deployment_status_replicas_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) and ( + changes(kube_deployment_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetReplicasMismatch + annotations: + description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetreplicasmismatch + summary: Deployment has not matched the expected number of replicas. + expr: |- + ( + kube_statefulset_status_replicas_ready{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_status_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) and ( + changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetGenerationMismatch + annotations: + description: StatefulSet generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} does not match, this indicates that the StatefulSet has failed but has not been rolled back. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetgenerationmismatch + summary: StatefulSet generation mismatch due to possible roll-back + expr: |- + kube_statefulset_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeStatefulSetUpdateNotRolledOut + annotations: + description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} update has not been rolled out. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubestatefulsetupdatenotrolledout + summary: StatefulSet update has not been rolled out. + expr: |- + ( + max without (revision) ( + kube_statefulset_status_current_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + unless + kube_statefulset_status_update_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + * + ( + kube_statefulset_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + ) and ( + changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetRolloutStuck + annotations: + description: DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} has not finished or progressed for at least 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetrolloutstuck + summary: DaemonSet rollout is stuck. + expr: |- + ( + ( + kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) or ( + kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + 0 + ) or ( + kube_daemonset_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) or ( + kube_daemonset_status_number_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + ) + ) and ( + changes(kube_daemonset_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) + == + 0 + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeContainerWaiting + annotations: + description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} container {{`{{`}} $labels.container{{`}}`}} has been in waiting state for longer than 1 hour. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecontainerwaiting + summary: Pod container waiting longer than 1 hour + expr: sum by (namespace, pod, container) (kube_pod_container_status_waiting_reason{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) > 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetNotScheduled + annotations: + description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are not scheduled.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetnotscheduled + summary: DaemonSet pods are not scheduled. + expr: |- + kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + - + kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeDaemonSetMisScheduled + annotations: + description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are running where they are not supposed to run.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubedaemonsetmisscheduled + summary: DaemonSet pods are misscheduled. + expr: kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeJobCompletion + annotations: + description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} is taking more than 12 hours to complete. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobcompletion + summary: Job did not complete in time + expr: kube_job_spec_completions{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - kube_job_status_succeeded{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 12h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeJobFailed + annotations: + description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} failed to complete. Removing failed job after investigation should clear this alert. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubejobfailed + summary: Job failed to complete. + expr: kube_job_failed{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeHpaReplicasMismatch + annotations: + description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.hpa {{`}}`}} has not matched the desired number of replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubehpareplicasmismatch + summary: HPA has not matched descired number of replicas. + expr: |- + (kube_hpa_status_desired_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + != + kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) + and + (kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + > + kube_hpa_spec_min_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) + and + (kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + < + kube_hpa_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) + and + changes(kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[15m]) == 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeHpaMaxedOut + annotations: + description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.hpa {{`}}`}} has been running at max replicas for longer than 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubehpamaxedout + summary: HPA is running at max replicas + expr: |- + kube_hpa_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + == + kube_hpa_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-resources.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-resources.yaml new file mode 100644 index 000000000..27babbd37 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-resources.yaml @@ -0,0 +1,159 @@ +{{- /* +Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesResources }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-resources" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-resources + rules: + - alert: KubeCPUOvercommit + annotations: + description: Cluster has overcommitted CPU resource requests for Pods and cannot tolerate node failure. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuovercommit + summary: Cluster has overcommitted CPU resource requests. + expr: |- + sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) + / + sum(kube_node_status_allocatable{resource="cpu"}) + > + ((count(kube_node_status_allocatable{resource="cpu"}) > 1) - 1) / count(kube_node_status_allocatable{resource="cpu"}) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeMemoryOvercommit + annotations: + description: Cluster has overcommitted memory resource requests for Pods and cannot tolerate node failure. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememoryovercommit + summary: Cluster has overcommitted memory resource requests. + expr: |- + sum(namespace_memory:kube_pod_container_resource_requests:sum{}) + / + sum(kube_node_status_allocatable{resource="memory"}) + > + ((count(kube_node_status_allocatable{resource="memory"}) > 1) - 1) + / + count(kube_node_status_allocatable{resource="memory"}) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeCPUQuotaOvercommit + annotations: + description: Cluster has overcommitted CPU resource requests for Namespaces. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecpuquotaovercommit + summary: Cluster has overcommitted CPU resource requests. + expr: |- + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="cpu"}) + / + sum(kube_node_status_allocatable{resource="cpu"}) + > 1.5 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeMemoryQuotaOvercommit + annotations: + description: Cluster has overcommitted memory resource requests for Namespaces. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubememoryquotaovercommit + summary: Cluster has overcommitted memory resource requests. + expr: |- + sum(kube_resourcequota{job="kube-state-metrics", type="hard", resource="memory"}) + / + sum(kube_node_status_allocatable{resource="memory",job="kube-state-metrics"}) + > 1.5 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaAlmostFull + annotations: + description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotaalmostfull + summary: Namespace quota is going to be full. + expr: |- + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + > 0.9 < 1 + for: 15m + labels: + severity: info +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaFullyUsed + annotations: + description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotafullyused + summary: Namespace quota is fully used. + expr: |- + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + == 1 + for: 15m + labels: + severity: info +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeQuotaExceeded + annotations: + description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubequotaexceeded + summary: Namespace quota has exceeded the limits. + expr: |- + kube_resourcequota{job="kube-state-metrics", type="used"} + / ignoring(instance, job, type) + (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) + > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: CPUThrottlingHigh + annotations: + description: '{{`{{`}} $value | humanizePercentage {{`}}`}} throttling of CPU in namespace {{`{{`}} $labels.namespace {{`}}`}} for container {{`{{`}} $labels.container {{`}}`}} in pod {{`{{`}} $labels.pod {{`}}`}}.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-cputhrottlinghigh + summary: Processes experience elevated CPU throttling. + expr: |- + sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace) + / + sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container, pod, namespace) + > ( 25 / 100 ) + for: 15m + labels: + severity: info +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-storage.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-storage.yaml new file mode 100644 index 000000000..ff71f8ddc --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-storage.yaml @@ -0,0 +1,75 @@ +{{- /* +Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesStorage }} +{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-storage" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-storage + rules: + - alert: KubePersistentVolumeFillingUp + annotations: + description: The PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is only {{`{{`}} $value | humanizePercentage {{`}}`}} free. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumefillingup + summary: PersistentVolume is filling up. + expr: |- + kubelet_volume_stats_available_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + / + kubelet_volume_stats_capacity_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + < 0.03 + for: 1m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePersistentVolumeFillingUp + annotations: + description: Based on recent sampling, the PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is expected to fill up within four days. Currently {{`{{`}} $value | humanizePercentage {{`}}`}} is available. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumefillingup + summary: PersistentVolume is filling up. + expr: |- + ( + kubelet_volume_stats_available_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + / + kubelet_volume_stats_capacity_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} + ) < 0.15 + and + predict_linear(kubelet_volume_stats_available_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubePersistentVolumeErrors + annotations: + description: The persistent volume {{`{{`}} $labels.persistentvolume {{`}}`}} has status {{`{{`}} $labels.phase {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubepersistentvolumeerrors + summary: PersistentVolume is having issues with provisioning. + expr: kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 + for: 5m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml new file mode 100644 index 000000000..c3110cfb3 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml @@ -0,0 +1,98 @@ +{{- /* +Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-apiserver" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-apiserver + rules: + - alert: KubeClientCertificateExpiration + annotations: + description: A client certificate used to authenticate to the apiserver is expiring in less than 7.0 days. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration + summary: Client certificate is about to expire. + expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientCertificateExpiration + annotations: + description: A client certificate used to authenticate to the apiserver is expiring in less than 24.0 hours. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclientcertificateexpiration + summary: Client certificate is about to expire. + expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AggregatedAPIErrors + annotations: + description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has reported errors. It has appeared unavailable {{`{{`}} $value | humanize {{`}}`}} times averaged over the past 10m. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-aggregatedapierrors + summary: An aggregated API has reported errors. + expr: sum by(name, namespace)(increase(aggregator_unavailable_apiservice_total[10m])) > 4 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: AggregatedAPIDown + annotations: + description: An aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has been only {{`{{`}} $value | humanize {{`}}`}}% available over the last 10m. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-aggregatedapidown + summary: An aggregated API is down. + expr: (1 - max by(name, namespace)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- if .Values.kubeApiServer.enabled }} + - alert: KubeAPIDown + annotations: + description: KubeAPI has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapidown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="apiserver"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} + - alert: KubeAPITerminatedRequests + annotations: + description: The apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeapiterminatedrequests + summary: The apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests. + expr: sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) / ( sum(rate(apiserver_request_total{job="apiserver"}[10m])) + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) ) > 0.20 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml new file mode 100644 index 000000000..bbb5f9e23 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml @@ -0,0 +1,43 @@ +{{- /* +Generated from 'kubernetes-system-controller-manager' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create }} +{{- if (include "exporter.kubeControllerManager.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-controller-manager" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-controller-manager + rules: +{{- if (include "exporter.kubeControllerManager.enabled" .)}} + - alert: KubeControllerManagerDown + annotations: + description: KubeControllerManager has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubecontrollermanagerdown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="{{ include "exporter.kubeControllerManager.jobName" . }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml new file mode 100644 index 000000000..dbec4e958 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml @@ -0,0 +1,188 @@ +{{- /* +Generated from 'kubernetes-system-kubelet' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-kubelet" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-kubelet + rules: + - alert: KubeNodeNotReady + annotations: + description: '{{`{{`}} $labels.node {{`}}`}} has been unready for more than 15 minutes.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodenotready + summary: Node is not ready. + expr: kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeNodeUnreachable + annotations: + description: '{{`{{`}} $labels.node {{`}}`}} is unreachable and some workloads may be rescheduled.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodeunreachable + summary: Node is unreachable. + expr: (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletTooManyPods + annotations: + description: Kubelet '{{`{{`}} $labels.node {{`}}`}}' is running at {{`{{`}} $value | humanizePercentage {{`}}`}} of its Pod capacity. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubelettoomanypods + summary: Kubelet is running at capacity. + expr: |- + count by(node) ( + (kube_pod_status_phase{job="kube-state-metrics",phase="Running"} == 1) * on(instance,pod,namespace,cluster) group_left(node) topk by(instance,pod,namespace,cluster) (1, kube_pod_info{job="kube-state-metrics"}) + ) + / + max by(node) ( + kube_node_status_capacity{job="kube-state-metrics",resource="pods"} != 1 + ) > 0.95 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeNodeReadinessFlapping + annotations: + description: The readiness status of node {{`{{`}} $labels.node {{`}}`}} has changed {{`{{`}} $value {{`}}`}} times in the last 15 minutes. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubenodereadinessflapping + summary: Node readiness status is flapping. + expr: sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (node) > 2 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletPlegDurationHigh + annotations: + description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletplegdurationhigh + summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. + expr: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletPodStartUpLatencyHigh + annotations: + description: Kubelet Pod startup 99th percentile latency is {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletpodstartuplatencyhigh + summary: Kubelet Pod startup latency is too high. + expr: histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"}[5m])) by (instance, le)) * on(instance) group_left(node) kubelet_node_name{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"} > 60 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletClientCertificateExpiration + annotations: + description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificateexpiration + summary: Kubelet client certificate is about to expire. + expr: kubelet_certificate_manager_client_ttl_seconds < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletClientCertificateExpiration + annotations: + description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificateexpiration + summary: Kubelet client certificate is about to expire. + expr: kubelet_certificate_manager_client_ttl_seconds < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletServerCertificateExpiration + annotations: + description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificateexpiration + summary: Kubelet server certificate is about to expire. + expr: kubelet_certificate_manager_server_ttl_seconds < 604800 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletServerCertificateExpiration + annotations: + description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificateexpiration + summary: Kubelet server certificate is about to expire. + expr: kubelet_certificate_manager_server_ttl_seconds < 86400 + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletClientCertificateRenewalErrors + annotations: + description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its client certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes). + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletclientcertificaterenewalerrors + summary: Kubelet has failed to renew its client certificate. + expr: increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeletServerCertificateRenewalErrors + annotations: + description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its server certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes). + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletservercertificaterenewalerrors + summary: Kubelet has failed to renew its server certificate. + expr: increase(kubelet_server_expiration_renew_errors[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- if (include "exporter.kubeletService.enabled" .) }} + - alert: KubeletDown + annotations: + description: Kubelet has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeletdown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml new file mode 100644 index 000000000..f4f5589f4 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml @@ -0,0 +1,43 @@ +{{- /* +Generated from 'kubernetes-system-scheduler' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeScheduler }} +{{- if (include "exporter.kubeScheduler.enabled" .)}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-scheduler" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system-scheduler + rules: +{{- if (include "exporter.kubeScheduler.enabled" .)}} + - alert: KubeSchedulerDown + annotations: + description: KubeScheduler has disappeared from Prometheus target discovery. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeschedulerdown + summary: Target disappeared from Prometheus target discovery. + expr: absent(up{job="{{ include "exporter.kubeScheduler.jobName" . }}"} == 1) + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system.yaml new file mode 100644 index 000000000..ea2f2589c --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/kubernetes-system.yaml @@ -0,0 +1,55 @@ +{{- /* +Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: kubernetes-system + rules: + - alert: KubeVersionMismatch + annotations: + description: There are {{`{{`}} $value {{`}}`}} different semantic versions of Kubernetes components running. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeversionmismatch + summary: Different semantic versions of Kubernetes components running. + expr: count(count by (git_version) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"git_version","$1","git_version","(v[0-9]*.[0-9]*).*"))) > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: KubeClientErrors + annotations: + description: Kubernetes API server client '{{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.instance {{`}}`}}' is experiencing {{`{{`}} $value | humanizePercentage {{`}}`}} errors.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-kubeclienterrors + summary: Kubernetes API server client is experiencing errors. + expr: |- + (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (instance, job) + / + sum(rate(rest_client_requests_total[5m])) by (instance, job)) + > 0.01 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-exporter.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-exporter.rules.yaml new file mode 100644 index 000000000..ddb737647 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-exporter.rules.yaml @@ -0,0 +1,79 @@ +{{- /* +Generated from 'node-exporter.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/node-exporter-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-exporter.rules + rules: + - expr: |- + count without (cpu) ( + count without (mode) ( + node_cpu_seconds_total{job="node-exporter"} + ) + ) + record: instance:node_num_cpu:sum + - expr: |- + 1 - avg without (cpu, mode) ( + rate(node_cpu_seconds_total{job="node-exporter", mode="idle"}[1m]) + ) + record: instance:node_cpu_utilisation:rate1m + - expr: |- + ( + node_load1{job="node-exporter"} + / + instance:node_num_cpu:sum{job="node-exporter"} + ) + record: instance:node_load1_per_cpu:ratio + - expr: |- + 1 - ( + node_memory_MemAvailable_bytes{job="node-exporter"} + / + node_memory_MemTotal_bytes{job="node-exporter"} + ) + record: instance:node_memory_utilisation:ratio + - expr: rate(node_vmstat_pgmajfault{job="node-exporter"}[1m]) + record: instance:node_vmstat_pgmajfault:rate1m + - expr: rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) + record: instance_device:node_disk_io_time_seconds:rate1m + - expr: rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+"}[1m]) + record: instance_device:node_disk_io_time_weighted_seconds:rate1m + - expr: |- + sum without (device) ( + rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_receive_bytes_excluding_lo:rate1m + - expr: |- + sum without (device) ( + rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_transmit_bytes_excluding_lo:rate1m + - expr: |- + sum without (device) ( + rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_receive_drop_excluding_lo:rate1m + - expr: |- + sum without (device) ( + rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[1m]) + ) + record: instance:node_network_transmit_drop_excluding_lo:rate1m +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-exporter.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-exporter.yaml new file mode 100644 index 000000000..3be497c1f --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-exporter.yaml @@ -0,0 +1,262 @@ +{{- /* +Generated from 'node-exporter' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/node-exporter-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-exporter + rules: + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up. + summary: Filesystem is predicted to run out of space within the next 24 hours. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 40 + and + predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up fast. + summary: Filesystem is predicted to run out of space within the next 4 hours. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15 + and + predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left. + summary: Filesystem has less than 5% space left. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left. + summary: Filesystem has less than 3% space left. + expr: |- + ( + node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemFilesFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up. + summary: Filesystem is predicted to run out of inodes within the next 24 hours. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40 + and + predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemFilesFillingUp + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up fast. + summary: Filesystem is predicted to run out of inodes within the next 4 hours. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20 + and + predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left. + summary: Filesystem has less than 5% inodes left. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 5 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left. + summary: Filesystem has less than 3% inodes left. + expr: |- + ( + node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3 + and + node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 + ) + for: 1h + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeNetworkReceiveErrs + annotations: + description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} receive errors in the last two minutes.' + summary: Network interface is reporting many receive errors. + expr: rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeNetworkTransmitErrs + annotations: + description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} transmit errors in the last two minutes.' + summary: Network interface is reporting many transmit errors. + expr: rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 + for: 1h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeHighNumberConntrackEntriesUsed + annotations: + description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of conntrack entries are used.' + summary: Number of conntrack are getting close to the limit. + expr: (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeTextFileCollectorScrapeError + annotations: + description: Node Exporter text file collector failed to scrape. + summary: Node Exporter text file collector failed to scrape. + expr: node_textfile_scrape_error{job="node-exporter"} == 1 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeClockSkewDetected + annotations: + message: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. + summary: Clock skew detected. + expr: |- + ( + node_timex_offset_seconds > 0.05 + and + deriv(node_timex_offset_seconds[5m]) >= 0 + ) + or + ( + node_timex_offset_seconds < -0.05 + and + deriv(node_timex_offset_seconds[5m]) <= 0 + ) + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeClockNotSynchronising + annotations: + message: Clock on {{`{{`}} $labels.instance {{`}}`}} is not synchronising. Ensure NTP is configured on this host. + summary: Clock not synchronising. + expr: |- + min_over_time(node_timex_sync_status[5m]) == 0 + and + node_timex_maxerror_seconds >= 16 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeRAIDDegraded + annotations: + description: RAID array '{{`{{`}} $labels.device {{`}}`}}' on {{`{{`}} $labels.instance {{`}}`}} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. + summary: RAID Array is degraded + expr: node_md_disks_required - ignoring (state) (node_md_disks{state="active"}) > 0 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: NodeRAIDDiskFailure + annotations: + description: At least one device in RAID array on {{`{{`}} $labels.instance {{`}}`}} failed. Array '{{`{{`}} $labels.device {{`}}`}}' needs attention and possibly a disk swap. + summary: Failed device in RAID array + expr: node_md_disks{state="fail"} > 0 + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-network.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-network.yaml new file mode 100644 index 000000000..9a6955ae9 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node-network.yaml @@ -0,0 +1,37 @@ +{{- /* +Generated from 'node-network' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.network }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-network" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node-network + rules: + - alert: NodeNetworkInterfaceFlapping + annotations: + message: Network interface "{{`{{`}} $labels.device {{`}}`}}" changing it's up status often on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}}" + expr: changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 + for: 2m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node.rules.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node.rules.yaml new file mode 100644 index 000000000..f24c5550b --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/node.rules.yaml @@ -0,0 +1,51 @@ +{{- /* +Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/kubernetes-prometheusRule.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node.rules" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: node.rules + rules: + - expr: |- + topk by(namespace, pod) (1, + max by (node, namespace, pod) ( + label_replace(kube_pod_info{job="kube-state-metrics",node!=""}, "pod", "$1", "pod", "(.*)") + )) + record: 'node_namespace_pod:kube_pod_info:' + - expr: |- + count by (cluster, node) (sum by (node, cpu) ( + node_cpu_seconds_total{job="node-exporter"} + * on (namespace, pod) group_left(node) + topk by(namespace, pod) (1, node_namespace_pod:kube_pod_info:) + )) + record: node:node_num_cpu:sum + - expr: |- + sum( + node_memory_MemAvailable_bytes{job="node-exporter"} or + ( + node_memory_Buffers_bytes{job="node-exporter"} + + node_memory_Cached_bytes{job="node-exporter"} + + node_memory_MemFree_bytes{job="node-exporter"} + + node_memory_Slab_bytes{job="node-exporter"} + ) + ) by (cluster) + record: :node_memory_MemAvailable_bytes:sum +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/prometheus-operator.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/prometheus-operator.yaml new file mode 100644 index 000000000..d1c1f6545 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/prometheus-operator.yaml @@ -0,0 +1,113 @@ +{{- /* +Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheusOperator }} +{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus-operator" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: prometheus-operator + rules: + - alert: PrometheusOperatorListErrors + annotations: + description: Errors while performing List operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorlisterrors + summary: Errors while performing list operations in controller. + expr: (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m]))) > 0.4 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorWatchErrors + annotations: + description: Errors while performing watch operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorwatcherrors + summary: Errors while performing watch operations in controller. + expr: (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m]))) > 0.4 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorSyncFailed + annotations: + description: Controller {{`{{`}} $labels.controller {{`}}`}} in {{`{{`}} $labels.namespace {{`}}`}} namespace fails to reconcile {{`{{`}} $value {{`}}`}} objects. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorsyncfailed + summary: Last controller reconciliation failed + expr: min_over_time(prometheus_operator_syncs{status="failed",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorReconcileErrors + annotations: + description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of reconciling operations failed for {{`{{`}} $labels.controller {{`}}`}} controller in {{`{{`}} $labels.namespace {{`}}`}} namespace.' + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorreconcileerrors + summary: Errors while reconciling controller. + expr: (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) > 0.1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorNodeLookupErrors + annotations: + description: Errors while reconciling Prometheus in {{`{{`}} $labels.namespace {{`}}`}} Namespace. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatornodelookuperrors + summary: Errors while reconciling Prometheus. + expr: rate(prometheus_operator_node_address_lookup_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorNotReady + annotations: + description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace isn't ready to reconcile {{`{{`}} $labels.controller {{`}}`}} resources. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatornotready + summary: Prometheus operator not ready + expr: min by(namespace, controller) (max_over_time(prometheus_operator_ready{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) == 0) + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOperatorRejectedResources + annotations: + description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace rejected {{`{{`}} printf "%0.0f" $value {{`}}`}} {{`{{`}} $labels.controller {{`}}`}}/{{`{{`}} $labels.resource {{`}}`}} resources. + runbook_url: {{ .Values.defaultRules.runbookUrl }}alert-name-prometheusoperatorrejectedresources + summary: Resources rejected by Prometheus operator + expr: min_over_time(prometheus_operator_managed_resources{state="rejected",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 5m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/prometheus.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/prometheus.yaml new file mode 100644 index 000000000..c9c805eea --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/rules-1.14/prometheus.yaml @@ -0,0 +1,258 @@ +{{- /* +Generated from 'prometheus' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/master/manifests/prometheus-rules.yaml +Do not change in-place! In order to change this file first read following link: +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack +*/ -}} +{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} +{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheus }} +{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} +{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" | trunc 63 | trimSuffix "-" }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.defaultRules.labels }} +{{ toYaml .Values.defaultRules.labels | indent 4 }} +{{- end }} +{{- if .Values.defaultRules.annotations }} + annotations: +{{ toYaml .Values.defaultRules.annotations | indent 4 }} +{{- end }} +spec: + groups: + - name: prometheus + rules: + - alert: PrometheusBadConfig + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to reload its configuration. + summary: Failed Prometheus configuration reload. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(prometheus_config_last_reload_successful{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) == 0 + for: 10m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotificationQueueRunningFull + annotations: + description: Alert notification queue of Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is running full. + summary: Prometheus alert notification queue predicted to run full in less than 30m. + expr: |- + # Without min_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + predict_linear(prometheus_notifications_queue_length{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m], 60 * 30) + > + min_over_time(prometheus_notifications_queue_capacity{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers + annotations: + description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to Alertmanager {{`{{`}}$labels.alertmanager{{`}}`}}.' + summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager. + expr: |- + ( + rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + / + rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + * 100 + > 1 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusErrorSendingAlertsToAnyAlertmanager + annotations: + description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% minimum errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to any Alertmanager.' + summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. + expr: |- + min without(alertmanager) ( + rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + / + rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + * 100 + > 3 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotConnectedToAlertmanagers + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not connected to any Alertmanagers. + summary: Prometheus is not connected to any Alertmanagers. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + max_over_time(prometheus_notifications_alertmanagers_discovered{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) < 1 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBReloadsFailing + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} reload failures over the last 3h. + summary: Prometheus has issues reloading blocks from disk. + expr: increase(prometheus_tsdb_reloads_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0 + for: 4h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTSDBCompactionsFailing + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} compaction failures over the last 3h. + summary: Prometheus has issues compacting blocks. + expr: increase(prometheus_tsdb_compactions_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0 + for: 4h + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusNotIngestingSamples + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not ingesting samples. + summary: Prometheus is not ingesting samples. + expr: rate(prometheus_tsdb_head_samples_appended_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) <= 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusDuplicateTimestamps + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with different values but duplicated timestamp. + summary: Prometheus is dropping samples with duplicate timestamps. + expr: rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusOutOfOrderTimestamps + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with timestamps arriving out of order. + summary: Prometheus drops samples with out-of-order timestamps. + expr: rate(prometheus_target_scrapes_sample_out_of_order_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 10m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRemoteStorageFailures + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} failed to send {{`{{`}} printf "%.1f" $value {{`}}`}}% of the samples to {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}} + summary: Prometheus fails to send samples to remote storage. + expr: |- + ( + rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + / + ( + rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + + + rate(prometheus_remote_storage_succeeded_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + ) + * 100 + > 1 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRemoteWriteBehind + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write is {{`{{`}} printf "%.1f" $value {{`}}`}}s behind for {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}. + summary: Prometheus remote write is behind. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + - on(job, instance) group_right + max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + > 120 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRemoteWriteDesiredShards + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write desired shards calculation wants to run {{`{{`}} $value {{`}}`}} shards for queue {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}, which is more than the max of {{`{{`}} printf `prometheus_remote_storage_shards_max{instance="%s",job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}` $labels.instance | query | first | value {{`}}`}}. + summary: Prometheus remote write desired shards calculation wants to run more than configured max shards. + expr: |- + # Without max_over_time, failed scrapes could create false negatives, see + # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. + ( + max_over_time(prometheus_remote_storage_shards_desired{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + > + max_over_time(prometheus_remote_storage_shards_max{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) + ) + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusRuleFailures + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to evaluate {{`{{`}} printf "%.0f" $value {{`}}`}} rules in the last 5m. + summary: Prometheus is failing rule evaluations. + expr: increase(prometheus_rule_evaluation_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 15m + labels: + severity: critical +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusMissingRuleEvaluations + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has missed {{`{{`}} printf "%.0f" $value {{`}}`}} rule group evaluations in the last 5m. + summary: Prometheus is missing rule evaluations due to slow rule group evaluation. + expr: increase(prometheus_rule_group_iterations_missed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} + - alert: PrometheusTargetLimitHit + annotations: + description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has dropped {{`{{`}} printf "%.0f" $value {{`}}`}} targets because the number of targets exceeded the configured target_limit. + summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit. + expr: increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 + for: 15m + labels: + severity: warning +{{- if .Values.defaultRules.additionalRuleLabels }} +{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/service.yaml new file mode 100644 index 000000000..c6420060a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/service.yaml @@ -0,0 +1,60 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus + self-monitor: {{ .Values.prometheus.serviceMonitor.selfMonitor | quote }} +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.service.labels }} +{{ toYaml .Values.prometheus.service.labels | indent 4 }} +{{- end }} +{{- if .Values.prometheus.service.annotations }} + annotations: +{{ toYaml .Values.prometheus.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.prometheus.service.clusterIP }} + clusterIP: {{ .Values.prometheus.service.clusterIP }} +{{- end }} +{{- if .Values.prometheus.service.externalIPs }} + externalIPs: +{{ toYaml .Values.prometheus.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.prometheus.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.prometheus.service.loadBalancerIP }} +{{- end }} +{{- if .Values.prometheus.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := .Values.prometheus.service.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{- end }} + ports: + - name: {{ .Values.prometheus.prometheusSpec.portName }} + {{- if eq .Values.prometheus.service.type "NodePort" }} + nodePort: {{ .Values.prometheus.service.nodePort }} + {{- end }} + port: {{ .Values.prometheus.service.port }} + targetPort: {{ .Values.prometheus.service.targetPort }} + {{- if .Values.prometheus.thanosIngress.enabled }} + - name: grpc + {{- if eq .Values.prometheus.service.type "NodePort" }} + nodePort: {{ .Values.prometheus.thanosIngress.nodePort }} + {{- end }} + port: {{ .Values.prometheus.thanosIngress.servicePort }} + targetPort: {{ .Values.prometheus.thanosIngress.servicePort }} + {{- end }} +{{- if .Values.prometheus.service.additionalPorts }} +{{ toYaml .Values.prometheus.service.additionalPorts | indent 2 }} +{{- end }} + selector: + app.kubernetes.io/name: prometheus + prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- if .Values.prometheus.service.sessionAffinity }} + sessionAffinity: {{ .Values.prometheus.service.sessionAffinity }} +{{- end }} + type: "{{ .Values.prometheus.service.type }}" +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceThanosSidecar.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceThanosSidecar.yaml new file mode 100644 index 000000000..c3d52ef80 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceThanosSidecar.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.thanosService.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-discovery + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-thanos-discovery +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.thanosService.labels }} +{{ toYaml .Values.prometheus.thanosService.labels | indent 4 }} +{{- end }} +{{- if .Values.prometheus.thanosService.annotations }} + annotations: +{{ toYaml .Values.prometheus.thanosService.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.prometheus.thanosService.type }} + clusterIP: {{ .Values.prometheus.thanosService.clusterIP }} + ports: + - name: {{ .Values.prometheus.thanosService.portName }} + port: {{ .Values.prometheus.thanosService.port }} + targetPort: {{ .Values.prometheus.thanosService.targetPort }} + {{- if eq .Values.prometheus.thanosService.type "NodePort" }} + nodePort: {{ .Values.prometheus.thanosService.nodePort }} + {{- end }} + selector: + app.kubernetes.io/name: prometheus + prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceThanosSidecarExternal.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceThanosSidecarExternal.yaml new file mode 100644 index 000000000..99668f425 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceThanosSidecarExternal.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.thanosServiceExternal.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-external + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.thanosServiceExternal.labels }} +{{ toYaml .Values.prometheus.thanosServiceExternal.labels | indent 4 }} +{{- end }} +{{- if .Values.prometheus.thanosServiceExternal.annotations }} + annotations: +{{ toYaml .Values.prometheus.thanosServiceExternal.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.prometheus.thanosServiceExternal.type }} + ports: + - name: {{ .Values.prometheus.thanosServiceExternal.portName }} + port: {{ .Values.prometheus.thanosServiceExternal.port }} + targetPort: {{ .Values.prometheus.thanosServiceExternal.targetPort }} + {{- if eq .Values.prometheus.thanosServiceExternal.type "NodePort" }} + nodePort: {{ .Values.prometheus.thanosServiceExternal.nodePort }} + {{- end }} + selector: + app.kubernetes.io/name: prometheus + prometheus: {{ template "kube-prometheus-stack.fullname" . }}-prometheus +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceaccount.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceaccount.yaml new file mode 100644 index 000000000..0b9929bc6 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceaccount.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus + app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus + app.kubernetes.io/component: prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +{{- if .Values.prometheus.serviceAccount.annotations }} + annotations: +{{ toYaml .Values.prometheus.serviceAccount.annotations | indent 4 }} +{{- end }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{ toYaml .Values.global.imagePullSecrets | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/servicemonitor.yaml new file mode 100644 index 000000000..356c013ff --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/servicemonitor.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.selfMonitor }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-prometheus + release: {{ $.Release.Name | quote }} + self-monitor: "true" + namespaceSelector: + matchNames: + - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} + endpoints: + - port: {{ .Values.prometheus.prometheusSpec.portName }} + {{- if .Values.prometheus.serviceMonitor.interval }} + interval: {{ .Values.prometheus.serviceMonitor.interval }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.scheme }} + scheme: {{ .Values.prometheus.serviceMonitor.scheme }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.tlsConfig }} + tlsConfig: {{ toYaml .Values.prometheus.serviceMonitor.tlsConfig | nindent 6 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ .Values.prometheus.serviceMonitor.bearerTokenFile }} + {{- end }} + path: "{{ trimSuffix "/" .Values.prometheus.prometheusSpec.routePrefix }}/metrics" +{{- if .Values.prometheus.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.prometheus.serviceMonitor.metricRelabelings | indent 6) . }} +{{- end }} +{{- if .Values.prometheus.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.prometheus.serviceMonitor.relabelings | indent 6 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/servicemonitors.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/servicemonitors.yaml new file mode 100644 index 000000000..a78d1cd00 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/servicemonitors.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }} +apiVersion: v1 +kind: List +items: +{{- range .Values.prometheus.additionalServiceMonitors }} + - apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + name: {{ .name }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ template "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + endpoints: +{{ toYaml .endpoints | indent 8 }} + {{- if .jobLabel }} + jobLabel: {{ .jobLabel }} + {{- end }} + {{- if .namespaceSelector }} + namespaceSelector: +{{ toYaml .namespaceSelector | indent 8 }} + {{- end }} + selector: +{{ toYaml .selector | indent 8 }} + {{- if .targetLabels }} + targetLabels: +{{ toYaml .targetLabels | indent 8 }} + {{- end }} + {{- if .podTargetLabels }} + podTargetLabels: +{{ toYaml .podTargetLabels | indent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceperreplica.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceperreplica.yaml new file mode 100644 index 000000000..470ce79f2 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/prometheus/serviceperreplica.yaml @@ -0,0 +1,46 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled }} +{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} +{{- $serviceValues := .Values.prometheus.servicePerReplica -}} +apiVersion: v1 +kind: List +metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-serviceperreplica + namespace: {{ template "kube-prometheus-stack.namespace" . }} +items: +{{- range $i, $e := until $count }} + - apiVersion: v1 + kind: Service + metadata: + name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + namespace: {{ template "kube-prometheus-stack.namespace" $ }} + labels: + app: {{ include "kube-prometheus-stack.name" $ }}-prometheus +{{ include "kube-prometheus-stack.labels" $ | indent 8 }} + {{- if $serviceValues.annotations }} + annotations: +{{ toYaml $serviceValues.annotations | indent 8 }} + {{- end }} + spec: + {{- if $serviceValues.clusterIP }} + clusterIP: {{ $serviceValues.clusterIP }} + {{- end }} + {{- if $serviceValues.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range $cidr := $serviceValues.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} + {{- end }} + ports: + - name: {{ $.Values.prometheus.prometheusSpec.portName }} + {{- if eq $serviceValues.type "NodePort" }} + nodePort: {{ $serviceValues.nodePort }} + {{- end }} + port: {{ $serviceValues.port }} + targetPort: {{ $serviceValues.targetPort }} + selector: + app.kubernetes.io/name: prometheus + prometheus: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus + statefulset.kubernetes.io/pod-name: prometheus-{{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} + type: "{{ $serviceValues.type }}" +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/clusterrole.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/clusterrole.yaml new file mode 100644 index 000000000..a115de7ca --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/clusterrole.yaml @@ -0,0 +1,131 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-admin + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- end }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + verbs: + - 'get' + - 'list' + - 'watch' +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + - probes + - probes/finalizers + - alertmanagerconfigs + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-edit + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- end }} +rules: +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + verbs: + - 'get' + - 'list' + - 'watch' +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + - probes + - alertmanagerconfigs + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-view + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} + {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- end }} +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - prometheuses + - prometheuses/finalizers + - alertmanagers/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - prometheusrules + - podmonitors + - probes + - probes/finalizers + - alertmanagerconfigs + verbs: + - 'get' + - 'list' + - 'watch' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: monitoring-ui-view + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - services/proxy + resourceNames: + - "http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}" + - "https:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}" + - "http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}" + - "https:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}" + - "http:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}" + - "https:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}" + verbs: + - 'get' +- apiGroups: + - "" + resourceNames: + - {{ template "kube-prometheus-stack.fullname" . }}-prometheus + - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager + - {{ include "call-nested" (list . "grafana" "grafana.fullname") }} + resources: + - endpoints + verbs: + - list +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/config-role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/config-role.yaml new file mode 100644 index 000000000..f48ffc827 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/config-role.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-admin + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-edit + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-config-view + namespace: {{ template "kube-prometheus-stack.namespace" . }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - 'get' + - 'list' + - 'watch' +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboard-role.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboard-role.yaml new file mode 100644 index 000000000..d2f81976a --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboard-role.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create .Values.grafana.enabled }} +{{- if .Values.grafana.defaultDashboardsEnabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-admin + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-edit + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: monitoring-dashboard-view + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - 'get' + - 'list' + - 'watch' +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml new file mode 100644 index 000000000..7b51a0bf7 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.ingressNginx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "ingress-nginx" | trunc 63 | trimSuffix "-" }} + {{- if .Values.grafana.sidecar.dashboards.annotations }} + annotations: {{ toYaml .Values.grafana.sidecar.dashboards.annotations | nindent 4 }} + {{- end }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/ingress-nginx/*").AsConfig | indent 2 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml new file mode 100644 index 000000000..d73b25745 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-cluster + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/cluster/*").AsConfig | indent 2 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml new file mode 100644 index 000000000..8865efa93 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-home + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/home/*").AsConfig | indent 2 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml new file mode 100644 index 000000000..37afc6495 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-k8s + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/k8s/*").AsConfig | indent 2 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml new file mode 100644 index 000000000..172c36e9d --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-nodes + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/nodes/*").AsConfig | indent 2 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml new file mode 100644 index 000000000..940f18869 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-pods + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/pods/*").AsConfig | indent 2 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml new file mode 100644 index 000000000..d146dacdd --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.grafana.defaultDashboards.namespace }} + name: rancher-default-dashboards-workloads + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} + labels: + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- end }} + app: {{ template "kube-prometheus-stack.name" $ }}-grafana +{{ include "kube-prometheus-stack.labels" $ | indent 4 }} +data: +{{ (.Files.Glob "files/rancher/workloads/*").AsConfig | indent 2 }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml new file mode 100644 index 000000000..53a9ad689 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml @@ -0,0 +1,27 @@ +{{- if and (not .Values.ingressNginx.enabled) (.Values.rkeIngressNginx.enabled) }} +{{- fail "Cannot set .Values.rkeIngressNginx.enabled=true when .Values.ingressNginx.enabled=false" }} +{{- end }} +{{- if and .Values.ingressNginx.enabled (not .Values.rkeIngressNginx.enabled) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-ingress-nginx + labels: + app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx + jobLabel: ingress-nginx +{{ include "kube-prometheus-stack.labels" . | indent 4 }} + namespace: {{ .Values.ingressNginx.namespace }} +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.ingressNginx.service.port }} + protocol: TCP + targetPort: {{ .Values.ingressNginx.service.targetPort }} + selector: + {{- if .Values.ingressNginx.service.selector }} +{{ toYaml .Values.ingressNginx.service.selector | indent 4 }} + {{- else }} + app: ingress-nginx + {{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml new file mode 100644 index 000000000..0cbc07f69 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if and (not .Values.ingressNginx.enabled) (.Values.rkeIngressNginx.enabled) }} +{{- fail "Cannot set .Values.rkeIngressNginx.enabled=true when .Values.ingressNginx.enabled=false" }} +{{- end }} +{{- if and .Values.ingressNginx.enabled (not .Values.rkeIngressNginx.enabled) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus-stack.fullname" . }}-ingress-nginx + namespace: {{ .Values.ingressNginx.namespace }} + labels: + app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx +{{ include "kube-prometheus-stack.labels" . | indent 4 }} +spec: + jobLabel: jobLabel + selector: + matchLabels: + app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx + release: {{ $.Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ .Values.ingressNginx.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.ingressNginx.serviceMonitor.interval}} + interval: {{ .Values.ingressNginx.serviceMonitor.interval }} + {{- end }} + {{- if .Values.ingressNginx.serviceMonitor.proxyUrl }} + proxyUrl: {{ .Values.ingressNginx.serviceMonitor.proxyUrl}} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- if .Values.ingressNginx.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.ingressNginx.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.ingressNginx.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.ingressNginx.serviceMonitor.relabelings | indent 4 }} +{{- end }} +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/hardened.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/hardened.yaml new file mode 100644 index 000000000..f9bf57c7e --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/rancher-monitoring/hardened.yaml @@ -0,0 +1,124 @@ +{{- $namespaces := dict "_0" .Release.Namespace -}} +{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled (not .Values.grafana.defaultDashboards.useExistingNamespace) -}} +{{- $_ := set $namespaces "_1" .Values.grafana.defaultDashboards.namespace -}} +{{- end -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-patch-sa + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation +spec: + template: + metadata: + name: {{ .Chart.Name }}-patch-sa + labels: + app: {{ .Chart.Name }}-patch-sa + spec: + serviceAccountName: {{ .Chart.Name }}-patch-sa + securityContext: + runAsNonRoot: true + runAsUser: 1000 + restartPolicy: Never + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} + containers: + {{- range $_, $ns := $namespaces }} + - name: patch-sa-{{ $ns }} + image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }} + imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }} + command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] + args: ["-n", "{{ $ns }}"] + {{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-patch-sa + labels: + app: {{ .Chart.Name }}-patch-sa +rules: +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: ['get', 'patch'] +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ .Chart.Name }}-patch-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-patch-sa + labels: + app: {{ .Chart.Name }}-patch-sa +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-patch-sa +subjects: +- kind: ServiceAccount + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-patch-sa +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ .Chart.Name }}-patch-sa + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Chart.Name }}-patch-sa +spec: + privileged: false + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false + volumes: + - 'secret' +{{- range $_, $ns := $namespaces }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-allow-all + namespace: {{ $ns }} +spec: + podSelector: {} + ingress: + - {} + egress: + - {} + policyTypes: + - Ingress + - Egress +{{- end }} diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/validate-install-crd.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/validate-install-crd.yaml new file mode 100644 index 000000000..ac7921f58 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/templates/validate-install-crd.yaml @@ -0,0 +1,21 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "monitoring.coreos.com/v1alpha1/AlertmanagerConfig" false -}} +# {{- set $found "monitoring.coreos.com/v1/Alertmanager" false -}} +# {{- set $found "monitoring.coreos.com/v1/PodMonitor" false -}} +# {{- set $found "monitoring.coreos.com/v1/Probe" false -}} +# {{- set $found "monitoring.coreos.com/v1/Prometheus" false -}} +# {{- set $found "monitoring.coreos.com/v1/PrometheusRule" false -}} +# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} +# {{- set $found "monitoring.coreos.com/v1/ThanosRuler" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/values.yaml b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/values.yaml new file mode 100644 index 000000000..16dd80c79 --- /dev/null +++ b/charts/rancher-monitoring/rancher-monitoring/100.0.0+up16.6.0/values.yaml @@ -0,0 +1,3160 @@ +# Default values for kube-prometheus-stack. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Rancher Monitoring Configuration + +## Configuration for prometheus-adapter +## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter +## +prometheus-adapter: + enabled: true + prometheus: + # Change this if you change the namespaceOverride or nameOverride of prometheus-operator + url: http://rancher-monitoring-prometheus.cattle-monitoring-system.svc + port: 9090 + psp: + create: true + +## RKE PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +rkeControllerManager: + enabled: false + metricsPort: 10252 + component: kube-controller-manager + clients: + port: 10011 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/controlplane: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rkeScheduler: + enabled: false + metricsPort: 10251 + component: kube-scheduler + clients: + port: 10012 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/controlplane: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rkeProxy: + enabled: false + metricsPort: 10249 + component: kube-proxy + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rkeEtcd: + enabled: false + metricsPort: 2379 + component: kube-etcd + clients: + port: 10014 + https: + enabled: true + certDir: /etc/kubernetes/ssl + certFile: kube-etcd-*.pem + keyFile: kube-etcd-*-key.pem + caCertFile: kube-ca.pem + nodeSelector: + node-role.kubernetes.io/etcd: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rkeIngressNginx: + enabled: false + metricsPort: 10254 + component: ingress-nginx + clients: + port: 10015 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + nodeSelector: + node-role.kubernetes.io/worker: "true" + +## k3s PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +k3sServer: + enabled: false + metricsPort: 10250 + component: k3s-server + clients: + port: 10013 + useLocalhost: true + https: + enabled: true + useServiceAccountCredentials: true + insecureSkipVerify: true + rbac: + additionalRules: + - nonResourceURLs: ["/metrics/cadvisor"] + verbs: ["get"] + - apiGroups: [""] + resources: ["nodes/metrics"] + verbs: ["get"] + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + serviceMonitor: + endpoints: + - port: metrics + honorLabels: true + relabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + - port: metrics + path: /metrics/cadvisor + honorLabels: true + relabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + - port: metrics + path: /metrics/probes + honorLabels: true + relabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + +## KubeADM PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +kubeAdmControllerManager: + enabled: false + metricsPort: 10257 + component: kube-controller-manager + clients: + port: 10011 + useLocalhost: true + https: + enabled: true + useServiceAccountCredentials: true + insecureSkipVerify: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +kubeAdmScheduler: + enabled: false + metricsPort: 10259 + component: kube-scheduler + clients: + port: 10012 + useLocalhost: true + https: + enabled: true + useServiceAccountCredentials: true + insecureSkipVerify: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +kubeAdmProxy: + enabled: false + metricsPort: 10249 + component: kube-proxy + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +kubeAdmEtcd: + enabled: false + metricsPort: 2381 + component: kube-etcd + clients: + port: 10014 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +## rke2 PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## +rke2ControllerManager: + enabled: false + metricsPort: 10252 + component: kube-controller-manager + clients: + port: 10011 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/master: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rke2Scheduler: + enabled: false + metricsPort: 10251 + component: kube-scheduler + clients: + port: 10012 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/master: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rke2Proxy: + enabled: false + metricsPort: 10249 + component: kube-proxy + clients: + port: 10013 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rke2Etcd: + enabled: false + metricsPort: 2381 + component: kube-etcd + clients: + port: 10014 + useLocalhost: true + nodeSelector: + node-role.kubernetes.io/etcd: "true" + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +rke2IngressNginx: + enabled: false + metricsPort: 10254 + component: ingress-nginx + clients: + port: 10015 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app.kubernetes.io/component" + operator: "In" + values: + - "controller" + topologyKey: "kubernetes.io/hostname" + namespaces: + - "kube-system" + # in the RKE2 cluster, the ingress-nginx-controller is deployed as + # a Deployment with 1 pod when RKE2 version is <= 1.20, + # a DaemonSet when RKE2 version is >= 1.21 + deployment: + enabled: false + replicas: 1 + + + +## Additional PushProx Monitoring +## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox +## + +# hardenedKubelet can only be deployed if kubelet.enabled=true +# If enabled, it replaces the ServiceMonitor deployed by the default kubelet option with a +# PushProx-based exporter that does not require a host port to be open to scrape metrics. +hardenedKubelet: + enabled: false + metricsPort: 10250 + component: kubelet + clients: + port: 10015 + useLocalhost: true + https: + enabled: true + useServiceAccountCredentials: true + insecureSkipVerify: true + rbac: + additionalRules: + - nonResourceURLs: ["/metrics/cadvisor"] + verbs: ["get"] + - apiGroups: [""] + resources: ["nodes/metrics"] + verbs: ["get"] + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + serviceMonitor: + endpoints: + - port: metrics + honorLabels: true + relabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + - port: metrics + path: /metrics/cadvisor + honorLabels: true + relabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + - port: metrics + path: /metrics/probes + honorLabels: true + relabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + +# hardenedNodeExporter can only be deployed if nodeExporter.enabled=true +# If enabled, it replaces the ServiceMonitor deployed by the default nodeExporter with a +# PushProx-based exporter that does not require a host port to be open to scrape metrics. +hardenedNodeExporter: + enabled: false + metricsPort: 9796 + component: node-exporter + clients: + port: 10016 + useLocalhost: true + tolerations: + - effect: "NoExecute" + operator: "Exists" + - effect: "NoSchedule" + operator: "Exists" + +## Component scraping nginx-ingress-controller +## +ingressNginx: + enabled: false + + ## The namespace to search for your nginx-ingress-controller + ## + namespace: ingress-nginx + + service: + port: 9913 + targetPort: 10254 + # selector: + # app: ingress-nginx + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +# Prometheus Operator Configuration + +## Provide a name in place of kube-prometheus-stack for `app:` labels +## NOTE: If you change this value, you must update the prometheus-adapter.prometheus.url +## +nameOverride: "rancher-monitoring" + +## Override the deployment namespace +## NOTE: If you change this value, you must update the prometheus-adapter.prometheus.url +## +namespaceOverride: "cattle-monitoring-system" + +## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.16.6 +## +kubeTargetVersionOverride: "" + +## Allow kubeVersion to be overridden while creating the ingress +## +kubeVersionOverride: "" + +## Provide a name to substitute for the full names of resources +## +fullnameOverride: "" + +## Labels to apply to all resources +## +commonLabels: {} +# scmhash: abc123 +# myLabel: aakkmd + +## Create default rules for monitoring the cluster +## +defaultRules: + create: true + rules: + alertmanager: true + etcd: true + general: true + k8s: true + kubeApiserver: true + kubeApiserverAvailability: true + kubeApiserverError: true + kubeApiserverSlos: true + kubelet: true + kubePrometheusGeneral: true + kubePrometheusNodeAlerting: true + kubePrometheusNodeRecording: true + kubernetesAbsent: true + kubernetesApps: true + kubernetesResources: true + kubernetesStorage: true + kubernetesSystem: true + kubeScheduler: true + kubeStateMetrics: true + network: true + node: true + prometheus: true + prometheusOperator: true + time: true + + ## Runbook url prefix for default rules + runbookUrl: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md# + ## Reduce app namespace alert scope + appNamespacesTarget: ".*" + + ## Labels for default rules + labels: {} + ## Annotations for default rules + annotations: {} + + ## Additional labels for PrometheusRule alerts + additionalRuleLabels: {} + +## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster. +## +# additionalPrometheusRules: [] +# - name: my-rule-file +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +## Provide custom recording or alerting rules to be deployed into the cluster. +## +additionalPrometheusRulesMap: {} +# rule-name: +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +## +global: + cattle: + systemDefaultRegistry: "" + ## Windows Monitoring + ## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-windows-exporter + ## + ## Deploys a DaemonSet of Prometheus exporters based on https://github.com/prometheus-community/windows_exporter. + ## Every Windows host must have a wins version of 0.1.0+ to use this chart (default as of Rancher 2.5.8). + ## To upgrade wins versions on Windows hosts, see https://github.com/rancher/wins/tree/master/charts/rancher-wins-upgrader. + ## + windows: + enabled: false + kubectl: + repository: rancher/kubectl + tag: v1.20.2 + pullPolicy: IfNotPresent + rbac: + ## Create RBAC resources for ServiceAccounts and users + ## + create: true + + userRoles: + ## Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets + create: true + ## Aggregate default user ClusterRoles into default k8s ClusterRoles + aggregateToDefaultRoles: true + + pspEnabled: true + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## Reference to one or more secrets to be used when pulling images + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + +## Configuration for alertmanager +## ref: https://prometheus.io/docs/alerting/alertmanager/ +## +alertmanager: + + ## Deploy alertmanager + ## + enabled: true + + ## Annotations for Alertmanager + ## + annotations: {} + + ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 + ## + apiVersion: v2 + + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + annotations: {} + + ## Configure pod disruption budgets for Alertmanager + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## This configuration is immutable once created and will require the PDB to be deleted to be changed + ## https://github.com/kubernetes/kubernetes/issues/45398 + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + + ## Alertmanager configuration directives + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## https://prometheus.io/webtools/alerting/routing-tree-editor/ + ## + config: + global: + resolve_timeout: 5m + route: + group_by: ['job'] + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: 'null' + routes: + - match: + alertname: Watchdog + receiver: 'null' + receivers: + - name: 'null' + templates: + - '/etc/alertmanager/config/*.tmpl' + + ## Pass the Alertmanager configuration directives through Helm's templating + ## engine. If the Alertmanager configuration contains Alertmanager templates, + ## they'll need to be properly escaped so that they are not interpreted by + ## Helm + ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function + ## https://prometheus.io/docs/alerting/configuration/#tmpl_string + ## https://prometheus.io/docs/alerting/notifications/ + ## https://prometheus.io/docs/alerting/notification_examples/ + tplConfig: false + + ## Alertmanager template files to format alerts + ## By default, templateFiles are placed in /etc/alertmanager/config/ and if + ## they have a .tmpl file suffix will be loaded. See config.templates above + ## to change, add other suffixes. If adding other suffixes, be sure to update + ## config.templates above to include those suffixes. + ## ref: https://prometheus.io/docs/alerting/notifications/ + ## https://prometheus.io/docs/alerting/notification_examples/ + ## + templateFiles: + rancher_defaults.tmpl: |- + {{- define "slack.rancher.text" -}} + {{ template "rancher.text_multiple" . }} + {{- end -}} + + {{- define "rancher.text_multiple" -}} + *[GROUP - Details]* + One or more alarms in this group have triggered a notification. + + {{- if gt (len .GroupLabels.Values) 0 }} + *Group Labels:* + {{- range .GroupLabels.SortedPairs }} + • *{{ .Name }}:* `{{ .Value }}` + {{- end }} + {{- end }} + {{- if .ExternalURL }} + *Link to AlertManager:* {{ .ExternalURL }} + {{- end }} + + {{- range .Alerts }} + {{ template "rancher.text_single" . }} + {{- end }} + {{- end -}} + + {{- define "rancher.text_single" -}} + {{- if .Labels.alertname }} + *[ALERT - {{ .Labels.alertname }}]* + {{- else }} + *[ALERT]* + {{- end }} + {{- if .Labels.severity }} + *Severity:* `{{ .Labels.severity }}` + {{- end }} + {{- if .Labels.cluster }} + *Cluster:* {{ .Labels.cluster }} + {{- end }} + {{- if .Annotations.summary }} + *Summary:* {{ .Annotations.summary }} + {{- end }} + {{- if .Annotations.message }} + *Message:* {{ .Annotations.message }} + {{- end }} + {{- if .Annotations.description }} + *Description:* {{ .Annotations.description }} + {{- end }} + {{- if .Annotations.runbook_url }} + *Runbook URL:* <{{ .Annotations.runbook_url }}|:spiral_note_pad:> + {{- end }} + {{- with .Labels }} + {{- with .Remove (stringSlice "alertname" "severity" "cluster") }} + {{- if gt (len .) 0 }} + *Additional Labels:* + {{- range .SortedPairs }} + • *{{ .Name }}:* `{{ .Value }}` + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Annotations }} + {{- with .Remove (stringSlice "summary" "message" "description" "runbook_url") }} + {{- if gt (len .) 0 }} + *Additional Annotations:* + {{- range .SortedPairs }} + • *{{ .Name }}:* `{{ .Value }}` + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end -}} + + ingress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + + labels: {} + + ## Hosts must be provided if Ingress is enabled. + ## + hosts: [] + # - alertmanager.domain.com + + ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Alertmanager Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: alertmanager-general-tls + # hosts: + # - alertmanager.example.com + + ## Configuration for Alertmanager secret + ## + secret: + annotations: {} + + ## Configuration for creating an Ingress that will map to each Alertmanager replica service + ## alertmanager.servicePerReplica must be enabled + ## + ingressPerReplica: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Final form of the hostname for each per replica ingress is + ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} + ## + ## Prefix for the per replica ingress that will have `-$replicaNumber` + ## appended to the end + hostPrefix: "" + ## Domain that will be used for the per replica ingress + hostDomain: "" + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## Secret name containing the TLS certificate for alertmanager per replica ingress + ## Secret must be manually created in the namespace + tlsSecretName: "" + + ## Separated secret for each per replica Ingress. Can be used together with cert-manager + ## + tlsSecretPerReplica: + enabled: false + ## Final form of the secret for each per replica ingress is + ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} + ## + prefix: "alertmanager" + + ## Configuration for Alertmanager service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port for Alertmanager Service to listen on + ## + port: 9093 + ## To be used with a proxy extraContainer port + ## + targetPort: 9093 + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30903 + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + + ## Additional ports to open for Alertmanager service + additionalPorts: [] + + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + ## Configuration for creating a separate Service for each statefulset Alertmanager replica + ## + servicePerReplica: + enabled: false + annotations: {} + + ## Port for Alertmanager Service per replica to listen on + ## + port: 9093 + + ## To be used with a proxy extraContainer port + targetPort: 9093 + + ## Port to expose on each node + ## Only used if servicePerReplica.type is 'NodePort' + ## + nodePort: 30904 + + ## Loadbalancer source IP ranges + ## Only used if servicePerReplica.type is "LoadBalancer" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + ## If true, create a serviceMonitor for alertmanager + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + + bearerTokenFile: + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Settings affecting alertmanagerSpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec + ## + alertmanagerSpec: + ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the Alertmanager pods. + ## + podMetadata: {} + + ## Image of Alertmanager + ## + image: + repository: rancher/mirrored-prometheus-alertmanager + tag: v0.22.2 + sha: "" + + ## If true then the user will be responsible to provide a secret with alertmanager configuration + ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used + ## + useExistingSecret: false + + ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the + ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + ## + secrets: [] + + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. + ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + ## + configMaps: [] + + ## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for + ## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. + ## + # configSecret: + + ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with. + ## + alertmanagerConfigSelector: {} + ## Example which selects all alertmanagerConfig resources + ## with label "alertconfig" with values any of "example-config" or "example-config-2" + # alertmanagerConfigSelector: + # matchExpressions: + # - key: alertconfig + # operator: In + # values: + # - example-config + # - example-config-2 + # + ## Example which selects all alertmanagerConfig resources with label "role" set to "example-config" + # alertmanagerConfigSelector: + # matchLabels: + # role: example-config + + ## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. + ## + alertmanagerConfigNamespaceSelector: {} + ## Example which selects all namespaces + ## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2" + # alertmanagerConfigNamespaceSelector: + # matchExpressions: + # - key: alertmanagerconfig + # operator: In + # values: + # - example-namespace + # - example-namespace-2 + + ## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled" + # alertmanagerConfigNamespaceSelector: + # matchLabels: + # alertmanagerconfig: enabled + + ## Define Log Format + # Use logfmt (default) or json logging + logFormat: logfmt + + ## Log level for Alertmanager to be configured with. + ## + logLevel: info + + ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the + ## running cluster equal to the expected size. + replicas: 1 + + ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression + ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours). + ## + retention: 120h + + ## Storage is the definition of how storage will be used by the Alertmanager instances. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storage: {} + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + + ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false + ## + externalUrl: + + ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, + ## but the server serves requests under a different route prefix. For example for use with kubectl proxy. + ## + routePrefix: / + + ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. + ## + paused: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Define resources requests and limits for single Pods. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + limits: + memory: 500Mi + cpu: 1000m + requests: + memory: 100Mi + cpu: 100m + + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + ## + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname + + ## Assign custom affinity rules to the alertmanager instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + + ## If specified, the pod's tolerations. + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: alertmanager + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + + ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. + ## Note this is only for the Alertmanager UI, not the gossip communication. + ## + listenLocal: false + + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. + ## + containers: [] + + # Additional volumes on the output StatefulSet definition. + volumes: [] + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## Priority class assigned to the Pods + ## + priorityClassName: "" + + ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + ## + additionalPeers: [] + + ## PortName to use for Alert Manager. + ## + portName: "web" + + ## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 + ## + clusterAdvertiseAddress: false + + ## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. + ## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + forceEnableClusterMode: false + + +## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml +## +grafana: + enabled: true + namespaceOverride: "" + + ## Grafana's primary configuration + ## NOTE: values in map will be converted to ini format + ## ref: http://docs.grafana.org/installation/configuration/ + ## + grafana.ini: + users: + auto_assign_org_role: Viewer + auth: + disable_login_form: false + auth.anonymous: + enabled: true + org_role: Viewer + auth.basic: + enabled: false + dashboards: + # Modify this value to change the default dashboard shown on the main Grafana page + default_home_dashboard_path: /tmp/dashboards/rancher-default-home.json + security: + # Required to embed dashboards in Rancher Cluster Overview Dashboard on Cluster Explorer + allow_embedding: true + + deploymentStrategy: + type: Recreate + + ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled + ## + forceDeployDatasources: false + + ## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled + ## + forceDeployDashboards: false + + ## Deploy default dashboards. + ## + defaultDashboardsEnabled: true + + # Additional options for defaultDashboards + defaultDashboards: + # The default namespace to place defaultDashboards within + namespace: cattle-dashboards + # Whether to create the default namespace as a Helm managed namespace or use an existing namespace + # If false, the defaultDashboards.namespace will be created as a Helm managed namespace + useExistingNamespace: false + # Whether the Helm managed namespace created by this chart should be left behind on a Helm uninstall + # If you place other dashboards in this namespace, then they will be deleted on a helm uninstall + # Ignore if useExistingNamespace is true + cleanupOnUninstall: false + + adminPassword: prom-operator + + ingress: + ## If true, Grafana Ingress will be created + ## + enabled: false + + ## Annotations for Grafana Ingress + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + ## Labels to be added to the Ingress + ## + labels: {} + + ## Hostnames. + ## Must be provided if Ingress is enable. + ## + # hosts: + # - grafana.domain.com + hosts: [] + + ## Path for grafana ingress + path: / + + ## TLS configuration for grafana Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: grafana-general-tls + # hosts: + # - grafana.example.com + + sidecar: + dashboards: + enabled: true + label: grafana_dashboard + searchNamespace: cattle-dashboards + + ## Annotations for Grafana dashboard configmaps + ## + annotations: {} + multicluster: false + datasources: + enabled: true + defaultDatasourceEnabled: true + + ## URL of prometheus datasource + ## + # url: http://prometheus-stack-prometheus:9090/ + + # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default + # defaultDatasourceScrapeInterval: 15s + + ## Annotations for Grafana datasource configmaps + ## + annotations: {} + + ## Create datasource for each Pod of Prometheus StatefulSet; + ## this uses headless service `prometheus-operated` which is + ## created by Prometheus Operator + ## ref: https://git.io/fjaBS + createPrometheusReplicasDatasources: false + label: grafana_datasource + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # configMap: certs-configmap + # readOnly: true + + ## Configure additional grafana datasources (passed through tpl) + ## ref: http://docs.grafana.org/administration/provisioning/#datasources + additionalDataSources: [] + # - name: prometheus-sample + # access: proxy + # basicAuth: true + # basicAuthPassword: pass + # basicAuthUser: daco + # editable: false + # jsonData: + # tlsSkipVerify: true + # orgId: 1 + # type: prometheus + # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090 + # version: 1 + + ## Passed to grafana subchart and used by servicemonitor below + ## + service: + portName: nginx-http + ## Port for Grafana Service to listen on + ## + port: 80 + ## To be used with a proxy extraContainer port + ## + targetPort: 8080 + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30950 + ## Service type + ## + type: ClusterIP + + proxy: + image: + repository: rancher/mirrored-library-nginx + tag: 1.21.1-alpine + + ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod + extraContainers: | + - name: grafana-proxy + args: + - nginx + - -g + - daemon off; + - -c + - /nginx/nginx.conf + image: "{{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" + ports: + - containerPort: 8080 + name: nginx-http + protocol: TCP + volumeMounts: + - mountPath: /nginx + name: grafana-nginx + - mountPath: /var/cache/nginx + name: nginx-home + securityContext: + runAsUser: 101 + runAsGroup: 101 + + ## Volumes that can be used in containers + extraContainerVolumes: + - name: nginx-home + emptyDir: {} + - name: grafana-nginx + configMap: + name: grafana-nginx-proxy-config + items: + - key: nginx.conf + mode: 438 + path: nginx.conf + + ## If true, create a serviceMonitor for grafana + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + # Path to use for scraping metrics. Might be different if server.root_url is set + # in grafana.ini + path: "/metrics" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + resources: + limits: + memory: 200Mi + cpu: 200m + requests: + memory: 100Mi + cpu: 100m + +## Component scraping the kube api server +## +kubeApiServer: + enabled: true + tlsConfig: + serverName: kubernetes + insecureSkipVerify: false + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + jobLabel: component + selector: + matchLabels: + component: apiserver + provider: kubernetes + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + relabelings: [] + # - sourceLabels: + # - __meta_kubernetes_namespace + # - __meta_kubernetes_service_name + # - __meta_kubernetes_endpoint_port_name + # action: keep + # regex: default;kubernetes;https + # - targetLabel: __address__ + # replacement: kubernetes.default.svc:443 + +## Component scraping the kubelet and kubelet-hosted cAdvisor +## +kubelet: + enabled: true + namespace: kube-system + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## Enable scraping the kubelet over https. For requirements to enable this see + ## https://github.com/prometheus-operator/prometheus-operator/issues/926 + ## + https: true + + ## Enable scraping /metrics/cadvisor from kubelet's service + ## + cAdvisor: true + + ## Enable scraping /metrics/probes from kubelet's service + ## + probes: true + + ## Enable scraping /metrics/resource from kubelet's service + ## This is disabled by default because container metrics are already exposed by cAdvisor + ## + resource: false + # From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource + resourcePath: "/metrics/resource/v1alpha1" + ## Metric relabellings to apply to samples before ingestion + ## + cAdvisorMetricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + ## Metric relabellings to apply to samples before ingestion + ## + probesMetricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + # relabel configs to apply to samples before ingestion. + # metrics_path is required to match upstream rules and charts + ## + cAdvisorRelabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + probesRelabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + resourceRelabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + metricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + # relabel configs to apply to samples before ingestion. + # metrics_path is required to match upstream rules and charts + ## + relabelings: + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping the kube controller manager +## +kubeControllerManager: + enabled: false + + ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## If using kubeControllerManager.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 10252 + targetPort: 10252 + # selector: + # component: kube-controller-manager + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## Enable scraping kube-controller-manager over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + + # Skip TLS certificate validation when scraping + insecureSkipVerify: null + + # Name of the server to use when validating TLS certificate + serverName: null + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping coreDns. Use either this or kubeDns +## +coreDns: + enabled: true + service: + port: 9153 + targetPort: 9153 + # selector: + # k8s-app: kube-dns + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping kubeDns. Use either this or coreDns +## +kubeDns: + enabled: false + service: + dnsmasq: + port: 10054 + targetPort: 10054 + skydns: + port: 10055 + targetPort: 10055 + # selector: + # k8s-app: kube-dns + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + dnsmasqMetricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + dnsmasqRelabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Component scraping etcd +## +kubeEtcd: + enabled: false + + ## If your etcd is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 2379 + targetPort: 2379 + # selector: + # component: etcd + + ## Configure secure access to the etcd cluster by loading a secret into prometheus and + ## specifying security configuration below. For example, with a secret named etcd-client-cert + ## + ## serviceMonitor: + ## scheme: https + ## insecureSkipVerify: false + ## serverName: localhost + ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca + ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client + ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key + ## + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + scheme: http + insecureSkipVerify: false + serverName: "" + caFile: "" + certFile: "" + keyFile: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + +## Component scraping kube scheduler +## +kubeScheduler: + enabled: false + + ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## If using kubeScheduler.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 10251 + targetPort: 10251 + # selector: + # component: kube-scheduler + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + ## Enable scraping kube-scheduler over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + + ## Skip TLS certificate validation when scraping + insecureSkipVerify: null + + ## Name of the server to use when validating TLS certificate + serverName: null + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + +## Component scraping kube proxy +## +kubeProxy: + enabled: false + + ## If your kube proxy is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + service: + enabled: true + port: 10249 + targetPort: 10249 + # selector: + # k8s-app: kube-proxy + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## Enable scraping kube-proxy over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + +## Component scraping kube state metrics +## +kubeStateMetrics: + enabled: true + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + ## Override serviceMonitor selector + ## + selectorOverride: {} + ## Override namespace selector + ## + namespaceOverride: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Configuration for kube-state-metrics subchart +## +kube-state-metrics: + namespaceOverride: "" + rbac: + create: true + podSecurityPolicy: + enabled: true + resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 100m + memory: 130Mi + +## Deploy node exporter as a daemonset to all nodes +## +nodeExporter: + enabled: true + + ## Use the value configured in prometheus-node-exporter.podLabels + ## + jobLabel: jobLabel + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used. + ## + scrapeTimeout: "" + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - sourceLabels: [__name__] + # separator: ; + # regex: ^node_mountstats_nfs_(event|operations|transport)_.+ + # replacement: $1 + # action: drop + + ## relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Configuration for prometheus-node-exporter subchart +## +prometheus-node-exporter: + namespaceOverride: "" + podLabels: + ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards + ## + jobLabel: node-exporter + extraArgs: + - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) + - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ + service: + port: 9796 + targetPort: 9796 + resources: + limits: + cpu: 200m + memory: 50Mi + requests: + cpu: 100m + memory: 30Mi + +## Manages Prometheus and Alertmanager components +## +prometheusOperator: + enabled: true + + ## Prometheus-Operator v0.39.0 and later support TLS natively. + ## + tls: + enabled: true + # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants + tlsMinVersion: VersionTLS13 + # Users who are deploying this chart in GKE private clusters will need to add firewall rules to expose this port for admissions webhooks + internalPort: 8443 + + ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted + ## rules from making their way into prometheus and potentially preventing the container from starting + admissionWebhooks: + failurePolicy: Fail + enabled: true + ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate. + ## If unspecified, system trust roots on the apiserver are used. + caBundle: "" + ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data. + ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own + ## certs ahead of time if you wish. + ## + patch: + enabled: true + image: + repository: rancher/mirrored-jettech-kube-webhook-certgen + tag: v1.5.2 + sha: "" + pullPolicy: IfNotPresent + resources: {} + ## Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + podAnnotations: {} + nodeSelector: {} + affinity: {} + tolerations: [] + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + + # Use certmanager to generate webhook certs + certManager: + enabled: false + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" + + ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list). + ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration + ## + namespaces: {} + # releaseNamespace: true + # additional: + # - kube-system + + ## Namespaces not to scope the interaction of the Prometheus Operator (deny list). + ## + denyNamespaces: [] + + ## Filter namespaces to look for prometheus-operator custom resources + ## + alertmanagerInstanceNamespaces: [] + prometheusInstanceNamespaces: [] + thanosRulerInstanceNamespaces: [] + + ## The clusterDomain value will be added to the cluster.peer option of the alertmanager. + ## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value) + ## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094 + ## + # clusterDomain: "cluster.local" + + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + + ## Configuration for Prometheus operator service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30080 + + nodePortTls: 30443 + + ## Additional ports to open for Prometheus service + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + ## + additionalPorts: [] + + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" + ## + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## Service type + ## NodePort, ClusterIP, LoadBalancer + ## + type: ClusterIP + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + ## Labels to add to the operator pod + ## + podLabels: {} + + ## Annotations to add to the operator pod + ## + podAnnotations: {} + + ## Assign a PriorityClassName to pods if set + # priorityClassName: "" + + ## Define Log Format + # Use logfmt (default) or json logging + # logFormat: logfmt + + ## Decrease log verbosity to errors only + # logLevel: error + + ## If true, the operator will create and maintain a service for scraping kubelets + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/helm/prometheus-operator/README.md + ## + kubeletService: + enabled: true + namespace: kube-system + + ## Create a servicemonitor for the operator + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## Scrape timeout. If not set, the Prometheus default scrape timeout is used. + scrapeTimeout: "" + selfMonitor: true + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Resource limits & requests + ## + resources: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 100m + memory: 100Mi + + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), + # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + ## + hostNetwork: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## Assign custom affinity rules to the prometheus operator + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + + ## Prometheus-operator image + ## + image: + repository: rancher/mirrored-prometheus-operator-prometheus-operator + tag: v0.48.0 + sha: "" + pullPolicy: IfNotPresent + + ## Prometheus image to use for prometheuses managed by the operator + ## + # prometheusDefaultBaseImage: quay.io/prometheus/prometheus + + ## Alertmanager image to use for alertmanagers managed by the operator + ## + # alertmanagerDefaultBaseImage: quay.io/prometheus/alertmanager + + ## Prometheus-config-reloader image to use for config and rule reloading + ## + prometheusConfigReloaderImage: + repository: rancher/mirrored-prometheus-operator-prometheus-config-reloader + tag: v0.48.0 + sha: "" + + ## Set the prometheus config reloader side-car CPU limit + ## + configReloaderCpu: 100m + + ## Set the prometheus config reloader side-car memory limit + ## + configReloaderMemory: 50Mi + + ## Set a Field Selector to filter watched secrets + ## + secretFieldSelector: "" + +## Deploy a Prometheus instance +## +prometheus: + + enabled: true + + ## Annotations for Prometheus + ## + annotations: {} + + ## Service account for Prometheuses to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + annotations: {} + + # Service for thanos service discovery on sidecar + # Enable this can make Thanos Query can use + # `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery + # Thanos sidecar on prometheus nodes + # (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!) + thanosService: + enabled: false + annotations: {} + labels: {} + portName: grpc + port: 10901 + targetPort: "grpc" + clusterIP: "None" + + ## Service type + ## + type: ClusterIP + + ## Port to expose on each node + ## + nodePort: 30901 + + # Service for external access to sidecar + # Enabling this creates a service to expose thanos-sidecar outside the cluster. + thanosServiceExternal: + enabled: false + annotations: {} + labels: {} + portName: grpc + port: 10901 + targetPort: "grpc" + + ## Service type + ## + type: LoadBalancer + + ## Port to expose on each node + ## + nodePort: 30901 + + ## Configuration for Prometheus service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port for Prometheus Service to listen on + ## + port: 9090 + + ## To be used with a proxy extraContainer port + targetPort: 8081 + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30090 + + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" + loadBalancerIP: "" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + sessionAffinity: "" + + ## Configuration for creating a separate Service for each statefulset Prometheus replica + ## + servicePerReplica: + enabled: false + annotations: {} + + ## Port for Prometheus Service per replica to listen on + ## + port: 9090 + + ## To be used with a proxy extraContainer port + targetPort: 9090 + + ## Port to expose on each node + ## Only used if servicePerReplica.type is 'NodePort' + ## + nodePort: 30091 + + ## Loadbalancer source IP ranges + ## Only used if servicePerReplica.type is "LoadBalancer" + loadBalancerSourceRanges: [] + ## Service type + ## + type: ClusterIP + + ## Configure pod disruption budgets for Prometheus + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## This configuration is immutable once created and will require the PDB to be deleted to be changed + ## https://github.com/kubernetes/kubernetes/issues/45398 + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + + # Ingress exposes thanos sidecar outside the cluster + thanosIngress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + servicePort: 10901 + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30901 + + ## Hosts must be provided if Ingress is enabled. + ## + hosts: [] + # - thanos-gateway.domain.com + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Thanos Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: thanos-gateway-tls + # hosts: + # - thanos-gateway.domain.com + + ingress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Hostnames. + ## Must be provided if Ingress is enabled. + ## + # hosts: + # - prometheus.domain.com + hosts: [] + + ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Prometheus Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-general-tls + # hosts: + # - prometheus.example.com + + ## Configuration for creating an Ingress that will map to each Prometheus replica service + ## prometheus.servicePerReplica must be enabled + ## + ingressPerReplica: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Final form of the hostname for each per replica ingress is + ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} + ## + ## Prefix for the per replica ingress that will have `-$replicaNumber` + ## appended to the end + hostPrefix: "" + ## Domain that will be used for the per replica ingress + hostDomain: "" + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## Secret name containing the TLS certificate for Prometheus per replica ingress + ## Secret must be manually created in the namespace + tlsSecretName: "" + + ## Separated secret for each per replica Ingress. Can be used together with cert-manager + ## + tlsSecretPerReplica: + enabled: false + ## Final form of the secret for each per replica ingress is + ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} + ## + prefix: "prometheus" + + ## Configure additional options for default pod security policy for Prometheus + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + podSecurityPolicy: + allowedCapabilities: [] + allowedHostPaths: [] + volumes: [] + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + + bearerTokenFile: + + ## metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Settings affecting prometheusSpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + prometheusSpec: + ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos + ## + disableCompaction: false + ## APIServerConfig + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#apiserverconfig + ## + apiserverConfig: {} + + ## Interval between consecutive scrapes. + ## Defaults to 30s. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183 + ## + scrapeInterval: "" + + ## Number of seconds to wait for target to respond before erroring + ## + scrapeTimeout: "" + + ## Interval between consecutive evaluations. + ## + evaluationInterval: "" + + ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + ## + listenLocal: false + + ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. + ## This is disabled by default. + ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + ## + enableAdminAPI: false + + # EnableFeatures API enables access to Prometheus disabled features. + # ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ + enableFeatures: [] + # - exemplar-storage + + ## Image of Prometheus. + ## + image: + repository: rancher/mirrored-prometheus-prometheus + tag: v2.27.1 + sha: "" + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: prometheus + + ## Alertmanagers to which alerts will be sent + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints + ## + ## Default configuration will connect to the alertmanager deployed as part of this release + ## + alertingEndpoints: [] + # - name: "" + # namespace: "" + # port: http + # scheme: http + # pathPrefix: "" + # tlsConfig: {} + # bearerTokenFile: "" + # apiVersion: v2 + + ## External labels to add to any time series or alerts when communicating with external systems + ## + externalLabels: {} + + ## Name of the external label used to denote replica name + ## + replicaExternalLabelName: "" + + ## If true, the Operator won't add the external label used to denote replica name + ## + replicaExternalLabelNameClear: false + + ## Name of the external label used to denote Prometheus instance name + ## + prometheusExternalLabelName: "" + + ## If true, the Operator won't add the external label used to denote Prometheus instance name + ## + prometheusExternalLabelNameClear: false + + ## External URL at which Prometheus will be reachable. + ## + externalUrl: "" + + ## Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs + ## If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into + ## + ignoreNamespaceSelectors: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. + ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not + ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated + ## with the new list of secrets. + ## + secrets: [] + + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. + ## The ConfigMaps are mounted into /etc/prometheus/configmaps/. + ## + configMaps: [] + + ## QuerySpec defines the query command line flags when starting Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec + ## + query: {} + + ## Namespaces to be selected for PrometheusRules discovery. + ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + ruleNamespaceSelector: {} + + ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the PrometheusRule resources created + ## + ruleSelectorNilUsesHelmValues: false + + ## PrometheusRules to be selected for target discovery. + ## If {}, select all PrometheusRules + ## + ruleSelector: {} + ## Example which select all PrometheusRules resources + ## with label "prometheus" with values any of "example-rules" or "example-rules-2" + # ruleSelector: + # matchExpressions: + # - key: prometheus + # operator: In + # values: + # - example-rules + # - example-rules-2 + # + ## Example which select all PrometheusRules resources with label "role" set to "example-rules" + # ruleSelector: + # matchLabels: + # role: example-rules + + ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the servicemonitors created + ## + serviceMonitorSelectorNilUsesHelmValues: false + + ## ServiceMonitors to be selected for target discovery. + ## If {}, select all ServiceMonitors + ## + serviceMonitorSelector: {} + ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel" + # serviceMonitorSelector: + # matchLabels: + # prometheus: somelabel + + ## Namespaces to be selected for ServiceMonitor discovery. + ## + serviceMonitorNamespaceSelector: {} + ## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel" + # serviceMonitorNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the podmonitors created + ## + podMonitorSelectorNilUsesHelmValues: false + + ## PodMonitors to be selected for target discovery. + ## If {}, select all PodMonitors + ## + podMonitorSelector: {} + ## Example which selects PodMonitors with label "prometheus" set to "somelabel" + # podMonitorSelector: + # matchLabels: + # prometheus: somelabel + + ## Namespaces to be selected for PodMonitor discovery. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + podMonitorNamespaceSelector: {} + + ## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the probes created + ## + probeSelectorNilUsesHelmValues: true + + ## Probes to be selected for target discovery. + ## If {}, select all Probes + ## + probeSelector: {} + ## Example which selects Probes with label "prometheus" set to "somelabel" + # probeSelector: + # matchLabels: + # prometheus: somelabel + + ## Namespaces to be selected for Probe discovery. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + probeNamespaceSelector: {} + + ## How long to retain metrics + ## + retention: 10d + + ## Maximum size of metrics + ## + retentionSize: "" + + ## Enable compression of the write-ahead log using Snappy. + ## + walCompression: false + + ## If true, the Operator won't process any Prometheus configuration changes + ## + paused: false + + ## Number of replicas of each shard to deploy for a Prometheus deployment. + ## Number of replicas multiplied by shards is the total number of Pods created. + ## + replicas: 1 + + ## EXPERIMENTAL: Number of shards to distribute targets onto. + ## Number of replicas multiplied by shards is the total number of Pods created. + ## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. + ## Increasing shards will not reshard data either but it will continue to be available from the same instances. + ## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. + ## Sharding is done on the content of the `__address__` target meta-label. + ## + shards: 1 + + ## Log level for Prometheus be configured in + ## + logLevel: info + + ## Log format for Prometheus be configured in + ## + logFormat: logfmt + + ## Prefix used to register routes, overriding externalUrl route. + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + + ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the prometheus pods. + ## + podMetadata: {} + # labels: + # app: prometheus + # k8s-app: prometheus + + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname + + ## Assign custom affinity rules to the prometheus instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + + ## The remote_read spec configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec + remoteRead: [] + # - url: http://remote1/read + ## additionalRemoteRead is appended to remoteRead + additionalRemoteRead: [] + + ## The remote_write spec configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec + remoteWrite: [] + # - url: http://remote1/push + ## additionalRemoteWrite is appended to remoteWrite + additionalRemoteWrite: [] + + ## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature + remoteWriteDashboards: false + + ## Resource limits & requests + ## + resources: + limits: + memory: 1500Mi + cpu: 1000m + requests: + memory: 750Mi + cpu: 750m + + ## Prometheus StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Using PersistentVolumeClaim + ## + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + ## Using tmpfs volume + ## + # emptyDir: + # medium: Memory + + # Additional volumes on the output StatefulSet definition. + volumes: + - name: nginx-home + emptyDir: {} + - name: prometheus-nginx + configMap: + name: prometheus-nginx-proxy-config + defaultMode: 438 + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations + ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form + ## as specified in the official Prometheus documentation: + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are + ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility + ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible + ## scrape configs are going to break Prometheus after the upgrade. + ## + ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the + ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes + ## + additionalScrapeConfigs: [] + # - job_name: kube-etcd + # kubernetes_sd_configs: + # - role: node + # scheme: https + # tls_config: + # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca + # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client + # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key + # relabel_configs: + # - action: labelmap + # regex: __meta_kubernetes_node_label_(.+) + # - source_labels: [__address__] + # action: replace + # targetLabel: __address__ + # regex: ([^:;]+):(\d+) + # replacement: ${1}:2379 + # - source_labels: [__meta_kubernetes_node_name] + # action: keep + # regex: .*mst.* + # - source_labels: [__meta_kubernetes_node_name] + # action: replace + # targetLabel: node + # regex: (.*) + # replacement: ${1} + # metric_relabel_configs: + # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone) + # action: labeldrop + + ## If additional scrape configurations are already deployed in a single secret file you can use this section. + ## Expected values are the secret name and key + ## Cannot be used with additionalScrapeConfigs + additionalScrapeConfigsSecret: {} + # enabled: false + # name: + # key: + + ## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful + ## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false' + additionalPrometheusSecretsAnnotations: {} + + ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified + ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#. + ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. + ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this + ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release + ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. + ## + additionalAlertManagerConfigs: [] + # - consul_sd_configs: + # - server: consul.dev.test:8500 + # scheme: http + # datacenter: dev + # tag_separator: ',' + # services: + # - metrics-prometheus-alertmanager + + ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended + ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the + ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the + ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel + ## configs are going to break Prometheus after the upgrade. + ## + additionalAlertRelabelConfigs: [] + # - separator: ; + # regex: prometheus_replica + # replacement: $1 + # action: labeldrop + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. + ## https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + + ## Priority class assigned to the Pods + ## + priorityClassName: "" + + ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. + ## This section is experimental, it may change significantly without deprecation notice in any release. + ## This is experimental and may change significantly without backward compatibility in any release. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#thanosspec + ## + thanos: {} + + proxy: + image: + repository: rancher/mirrored-library-nginx + tag: 1.21.1-alpine + + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. + ## if using proxy extraContainer update targetPort with proxy container port + containers: | + - name: prometheus-proxy + args: + - nginx + - -g + - daemon off; + - -c + - /nginx/nginx.conf + image: "{{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.proxy.image.repository }}:{{ .Values.prometheus.prometheusSpec.proxy.image.tag }}" + ports: + - containerPort: 8081 + name: nginx-http + protocol: TCP + volumeMounts: + - mountPath: /nginx + name: prometheus-nginx + - mountPath: /var/cache/nginx + name: nginx-home + securityContext: + runAsUser: 101 + runAsGroup: 101 + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## PortName to use for Prometheus. + ## + portName: "nginx-http" + + ## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files + ## on the file system of the Prometheus container e.g. bearer token files. + arbitraryFSAccessThroughSMs: false + + ## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor + ## or PodMonitor to true, this overrides honor_labels to false. + overrideHonorLabels: false + + ## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. + overrideHonorTimestamps: false + + ## IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor + ## configs, and they will only discover endpoints within their current namespace. Defaults to false. + ignoreNamespaceSelectors: false + + ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. + ## The label value will always be the namespace of the object that is being created. + ## Disabled by default + enforcedNamespaceLabel: "" + + ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. + ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + prometheusRulesExcludedFromEnforce: [] + + ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, + ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such + ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions + ## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) + queryLogFile: false + + ## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit + ## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall + ## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + enforcedSampleLimit: false + + ## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental + ## in Prometheus so it may change in any upcoming release. + allowOverlappingBlocks: false + + additionalRulesForClusterRole: [] + # - apiGroups: [ "" ] + # resources: + # - nodes/proxy + # verbs: [ "get", "list", "watch" ] + + additionalServiceMonitors: [] + ## Name of the ServiceMonitor to create + ## + # - name: "" + + ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from + ## the chart + ## + # additionalLabels: {} + + ## Service label for use in assembling a job name of the form