global: cattle: systemDefaultRegistry: "" # Default values for kube-state-metrics. prometheusScrape: true image: repository: rancher/mirrored-kube-state-metrics-kube-state-metrics tag: v2.0.0 pullPolicy: IfNotPresent imagePullSecrets: [] # - name: "image-pull-secret" # If set to true, this will deploy kube-state-metrics as a StatefulSet and the data # will be automatically sharded across <.Values.replicas> pods using the built-in # autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding # This is an experimental feature and there are no stability guarantees. autosharding: enabled: false replicas: 1 # List of additional cli arguments to configure kube-state-metrics # for example: --enable-gzip-encoding, --log-file, etc. # all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md extraArgs: [] service: port: 8080 # Default to clusterIP for backward compatibility type: ClusterIP nodePort: 0 loadBalancerIP: "" annotations: {} customLabels: {} hostNetwork: false rbac: # If true, create & use RBAC resources create: true # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. # useExistingRole: your-existing-role # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) useClusterRole: true serviceAccount: # Specifies whether a ServiceAccount should be created, require rbac true create: true # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: # Reference to one or more secrets to be used when pulling images # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # ServiceAccount annotations. # Use case: AWS EKS IAM roles for service accounts # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html annotations: {} prometheus: monitor: enabled: false additionalLabels: {} namespace: "" honorLabels: false ## Specify if a Pod Security Policy for kube-state-metrics must be created ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ ## podSecurityPolicy: enabled: false annotations: {} ## Specify pod annotations ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl ## # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' additionalVolumes: [] securityContext: enabled: true runAsNonRoot: true runAsGroup: 65534 runAsUser: 65534 fsGroup: 65534 ## Specify security settings for a Container ## Allows overrides and additional options compared to (Pod) securityContext ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container containerSecurityContext: {} ## Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ nodeSelector: {} ## Affinity settings for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ affinity: {} ## Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] # Annotations to be added to the pod podAnnotations: {} ## Assign a PriorityClassName to pods if set # priorityClassName: "" # Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} # Available collectors for kube-state-metrics. By default all available # resources are enabled. collectors: certificatesigningrequests: true configmaps: true cronjobs: true daemonsets: true deployments: true endpoints: true horizontalpodautoscalers: true ingresses: true jobs: true limitranges: true mutatingwebhookconfigurations: true namespaces: true networkpolicies: true nodes: true persistentvolumeclaims: true persistentvolumes: true poddisruptionbudgets: true pods: true replicasets: true replicationcontrollers: true resourcequotas: true secrets: true services: true statefulsets: true storageclasses: true validatingwebhookconfigurations: true verticalpodautoscalers: false volumeattachments: true # Enabling kubeconfig will pass the --kubeconfig argument to the container kubeconfig: enabled: false # base64 encoded kube-config file secret: # Comma-separated list of namespaces to be enabled for collecting resources. By default all namespaces are collected. namespaces: "" ## Override the deployment namespace ## namespaceOverride: "" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 64Mi # requests: # cpu: 10m # memory: 32Mi ## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. ## For example: kubeTargetVersionOverride: 1.14.9 ## kubeTargetVersionOverride: "" # Enable self metrics configuration for service and Service Monitor # Default values for telemetry configuration can be overridden selfMonitor: enabled: false # telemetryHost: 0.0.0.0 # telemetryPort: 8081