mirror of https://git.rancher.io/charts
276 lines
8.9 KiB
Diff
276 lines
8.9 KiB
Diff
--- charts-original/values.yaml
|
|
+++ charts/values.yaml
|
|
@@ -1,14 +1,38 @@
|
|
# Default values for kube-state-metrics.
|
|
prometheusScrape: true
|
|
image:
|
|
- repository: registry.k8s.io/kube-state-metrics/kube-state-metrics
|
|
- tag: v2.6.0
|
|
+ registry: registry.k8s.io
|
|
+ repository: kube-state-metrics/kube-state-metrics
|
|
+ # If unset use v + .Charts.appVersion
|
|
+ tag: ""
|
|
sha: ""
|
|
pullPolicy: IfNotPresent
|
|
|
|
imagePullSecrets: []
|
|
# - name: "image-pull-secret"
|
|
|
|
+global:
|
|
+ cattle:
|
|
+ psp:
|
|
+ enabled: false
|
|
+ systemDefaultRegistry: ""
|
|
+
|
|
+ # To help compatibility with other charts which use global.imagePullSecrets.
|
|
+ # Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style).
|
|
+ # global:
|
|
+ # imagePullSecrets:
|
|
+ # - name: pullSecret1
|
|
+ # - name: pullSecret2
|
|
+ # or
|
|
+ # global:
|
|
+ # imagePullSecrets:
|
|
+ # - pullSecret1
|
|
+ # - pullSecret2
|
|
+ imagePullSecrets: []
|
|
+ #
|
|
+ # Allow parent charts to override registry hostname
|
|
+ imageRegistry: ""
|
|
+
|
|
# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
|
|
# will be automatically sharded across <.Values.replicas> pods using the built-in
|
|
# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
|
|
@@ -29,6 +53,8 @@
|
|
type: ClusterIP
|
|
nodePort: 0
|
|
loadBalancerIP: ""
|
|
+ # Only allow access to the loadBalancerIP from these IPs
|
|
+ loadBalancerSourceRanges: []
|
|
clusterIP: ""
|
|
annotations: {}
|
|
|
|
@@ -36,6 +62,9 @@
|
|
customLabels: {}
|
|
# app: kube-state-metrics
|
|
|
|
+## Override selector labels
|
|
+selectorOverride: {}
|
|
+
|
|
## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
|
|
releaseLabel: false
|
|
|
|
@@ -58,6 +87,46 @@
|
|
# verbs: ["list", "watch"]
|
|
extraRules: []
|
|
|
|
+# Configure kube-rbac-proxy. When enabled, creates one kube-rbac-proxy container per exposed HTTP endpoint (metrics and telemetry if enabled).
|
|
+# The requests are served through the same service but requests are then HTTPS.
|
|
+kubeRBACProxy:
|
|
+ enabled: false
|
|
+ image:
|
|
+ registry: quay.io
|
|
+ repository: brancz/kube-rbac-proxy
|
|
+ tag: v0.14.0
|
|
+ sha: ""
|
|
+ pullPolicy: IfNotPresent
|
|
+
|
|
+ # List of additional cli arguments to configure kube-rbac-prxy
|
|
+ # for example: --tls-cipher-suites, --log-file, etc.
|
|
+ # all the possible args can be found here: https://github.com/brancz/kube-rbac-proxy#usage
|
|
+ extraArgs: []
|
|
+
|
|
+ ## Specify security settings for a Container
|
|
+ ## Allows overrides and additional options compared to (Pod) securityContext
|
|
+ ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
+ containerSecurityContext: {}
|
|
+
|
|
+ resources: {}
|
|
+ # We usually recommend not to specify default resources and to leave this as a conscious
|
|
+ # choice for the user. This also increases chances charts run on environments with little
|
|
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
+ # limits:
|
|
+ # cpu: 100m
|
|
+ # memory: 64Mi
|
|
+ # requests:
|
|
+ # cpu: 10m
|
|
+ # memory: 32Mi
|
|
+
|
|
+ ## volumeMounts enables mounting custom volumes in rbac-proxy containers
|
|
+ ## Useful for TLS certificates and keys
|
|
+ volumeMounts: []
|
|
+ # - mountPath: /etc/tls
|
|
+ # name: kube-rbac-proxy-tls
|
|
+ # readOnly: true
|
|
+
|
|
serviceAccount:
|
|
# Specifies whether a ServiceAccount should be created, require rbac true
|
|
create: true
|
|
@@ -75,10 +144,32 @@
|
|
prometheus:
|
|
monitor:
|
|
enabled: false
|
|
+ annotations: {}
|
|
additionalLabels: {}
|
|
namespace: ""
|
|
jobLabel: ""
|
|
+ targetLabels: []
|
|
+ podTargetLabels: []
|
|
interval: ""
|
|
+ ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.
|
|
+ ##
|
|
+ sampleLimit: 0
|
|
+
|
|
+ ## TargetLimit defines a limit on the number of scraped targets that will be accepted.
|
|
+ ##
|
|
+ targetLimit: 0
|
|
+
|
|
+ ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
|
|
+ ##
|
|
+ labelLimit: 0
|
|
+
|
|
+ ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
|
|
+ ##
|
|
+ labelNameLengthLimit: 0
|
|
+
|
|
+ ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.
|
|
+ ##
|
|
+ labelValueLengthLimit: 0
|
|
scrapeTimeout: ""
|
|
proxyUrl: ""
|
|
selectorOverride: {}
|
|
@@ -86,13 +177,20 @@
|
|
metricRelabelings: []
|
|
relabelings: []
|
|
scheme: ""
|
|
+ ## File to read bearer token for scraping targets
|
|
+ bearerTokenFile: ""
|
|
+ ## Secret to mount to read bearer token for scraping targets. The secret needs
|
|
+ ## to be in the same namespace as the service monitor and accessible by the
|
|
+ ## Prometheus Operator
|
|
+ bearerTokenSecret: {}
|
|
+ # name: secret-name
|
|
+ # key: key-name
|
|
tlsConfig: {}
|
|
|
|
## Specify if a Pod Security Policy for kube-state-metrics must be created
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
|
##
|
|
podSecurityPolicy:
|
|
- enabled: false
|
|
annotations: {}
|
|
## Specify pod annotations
|
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
|
@@ -105,16 +203,46 @@
|
|
|
|
additionalVolumes: []
|
|
|
|
+## Configure network policy for kube-state-metrics
|
|
+networkPolicy:
|
|
+ enabled: false
|
|
+ # networkPolicy.flavor -- Flavor of the network policy to use.
|
|
+ # Can be:
|
|
+ # * kubernetes for networking.k8s.io/v1/NetworkPolicy
|
|
+ # * cilium for cilium.io/v2/CiliumNetworkPolicy
|
|
+ flavor: kubernetes
|
|
+
|
|
+ ## Configure the cilium network policy kube-apiserver selector
|
|
+ # cilium:
|
|
+ # kubeApiServerSelector:
|
|
+ # - toEntities:
|
|
+ # - kube-apiserver
|
|
+
|
|
+ # egress:
|
|
+ # - {}
|
|
+ # ingress:
|
|
+ # - {}
|
|
+ # podSelector:
|
|
+ # matchLabels:
|
|
+ # app.kubernetes.io/name: kube-state-metrics
|
|
+
|
|
securityContext:
|
|
enabled: true
|
|
runAsGroup: 65534
|
|
runAsUser: 65534
|
|
fsGroup: 65534
|
|
+ runAsNonRoot: true
|
|
+ seccompProfile:
|
|
+ type: RuntimeDefault
|
|
|
|
## Specify security settings for a Container
|
|
## Allows overrides and additional options compared to (Pod) securityContext
|
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
|
-containerSecurityContext: {}
|
|
+containerSecurityContext:
|
|
+ allowPrivilegeEscalation: false
|
|
+ capabilities:
|
|
+ drop:
|
|
+ - ALL
|
|
|
|
## Node labels for pod assignment
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
@@ -184,6 +312,7 @@
|
|
- horizontalpodautoscalers
|
|
- ingresses
|
|
- jobs
|
|
+ - leases
|
|
- limitranges
|
|
- mutatingwebhookconfigurations
|
|
- namespaces
|
|
@@ -202,7 +331,6 @@
|
|
- storageclasses
|
|
- validatingwebhookconfigurations
|
|
- volumeattachments
|
|
- # - verticalpodautoscalers # not a default resource, see also: https://github.com/kubernetes/kube-state-metrics#enabling-verticalpodautoscalers
|
|
|
|
# Enabling kubeconfig will pass the --kubeconfig argument to the container
|
|
kubeconfig:
|
|
@@ -210,11 +338,17 @@
|
|
# base64 encoded kube-config file
|
|
secret:
|
|
|
|
+# Enabling support for customResourceState, will create a configMap including your config that will be read from kube-state-metrics
|
|
+customResourceState:
|
|
+ enabled: false
|
|
+ # Add (Cluster)Role permissions to list/watch the customResources defined in the config to rbac.extraRules
|
|
+ config: {}
|
|
+
|
|
# Enable only the release namespace for collecting resources. By default all namespaces are collected.
|
|
-# If releaseNamespace and namespaces are both set only releaseNamespace will be used.
|
|
+# If releaseNamespace and namespaces are both set a merged list will be collected.
|
|
releaseNamespace: false
|
|
|
|
-# Comma-separated list of namespaces to be enabled for collecting resources. By default all namespaces are collected.
|
|
+# Comma-separated list(string) or yaml list of namespaces to be enabled for collecting resources. By default all namespaces are collected.
|
|
namespaces: ""
|
|
|
|
# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set,
|
|
@@ -251,6 +385,26 @@
|
|
# telemetryPort: 8081
|
|
# telemetryNodePort: 0
|
|
|
|
+# Enable vertical pod autoscaler support for kube-state-metrics
|
|
+verticalPodAutoscaler:
|
|
+ enabled: false
|
|
+ # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
|
|
+ controlledResources: []
|
|
+
|
|
+ # Define the max allowed resources for the pod
|
|
+ maxAllowed: {}
|
|
+ # cpu: 200m
|
|
+ # memory: 100Mi
|
|
+ # Define the min allowed resources for the pod
|
|
+ minAllowed: {}
|
|
+ # cpu: 200m
|
|
+ # memory: 100Mi
|
|
+
|
|
+ # updatePolicy:
|
|
+ # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
|
|
+ # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
|
|
+ # updateMode: Auto
|
|
+
|
|
# volumeMounts are used to add custom volume mounts to deployment.
|
|
# See example below
|
|
volumeMounts: []
|