TVK 2.10.2 update release make charts output
parent
f4b76064ff
commit
6d26e69af3
Binary file not shown.
|
@ -0,0 +1,23 @@
|
||||||
|
# Patterns to ignore when building packages.
|
||||||
|
# This supports shell glob matching, relative path matching, and
|
||||||
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
|
.DS_Store
|
||||||
|
# Common VCS dirs
|
||||||
|
.git/
|
||||||
|
.gitignore
|
||||||
|
.bzr/
|
||||||
|
.bzrignore
|
||||||
|
.hg/
|
||||||
|
.hgignore
|
||||||
|
.svn/
|
||||||
|
# Common backup files
|
||||||
|
*.swp
|
||||||
|
*.bak
|
||||||
|
*.tmp
|
||||||
|
*~
|
||||||
|
# Various IDEs
|
||||||
|
.project
|
||||||
|
.idea/
|
||||||
|
*.tmproj
|
||||||
|
# Helm files
|
||||||
|
OWNERS
|
|
@ -0,0 +1,9 @@
|
||||||
|
load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
|
||||||
|
|
||||||
|
pkg_tar(
|
||||||
|
name = "helm-tar",
|
||||||
|
files = glob(["**"]),
|
||||||
|
package_dir = "/opt/tvk/k8s-triliovault-operator/",
|
||||||
|
strip_prefix = "./",
|
||||||
|
visibility = ["//visibility:public"],
|
||||||
|
)
|
|
@ -0,0 +1,22 @@
|
||||||
|
annotations:
|
||||||
|
catalog.cattle.io/certified: partner
|
||||||
|
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
|
||||||
|
catalog.cattle.io/release-name: k8s-triliovault-operator
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 2.10.2
|
||||||
|
dependencies:
|
||||||
|
- condition: observability.enabled
|
||||||
|
name: observability
|
||||||
|
repository: file://./charts/observability
|
||||||
|
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
|
||||||
|
Application Lifecycle.
|
||||||
|
home: https://github.com/trilioData/k8s-triliovault-operator
|
||||||
|
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
|
||||||
|
kubeVersion: '>=1.19.0-0'
|
||||||
|
maintainers:
|
||||||
|
- email: prafull.ladha@trilio.io
|
||||||
|
name: prafull11
|
||||||
|
name: k8s-triliovault-operator
|
||||||
|
sources:
|
||||||
|
- https://github.com/trilioData/k8s-triliovault-operator
|
||||||
|
version: 2.10.200
|
|
@ -0,0 +1 @@
|
||||||
|
# Placeholder for the License if we decide to provide one
|
|
@ -0,0 +1,202 @@
|
||||||
|
# K8s-TrilioVault-Operator
|
||||||
|
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
- Kubernetes 1.19+
|
||||||
|
- PV provisioner support
|
||||||
|
- CSI driver should be installed
|
||||||
|
|
||||||
|
### One Click Installation
|
||||||
|
|
||||||
|
In one click install for upstream operator, a cluster scope TVM custom resource `triliovault-manager` is created.
|
||||||
|
|
||||||
|
```shell script
|
||||||
|
helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
|
||||||
|
helm install tvm trilio-vault-operator/k8s-triliovault-operator
|
||||||
|
```
|
||||||
|
|
||||||
|
#### One click install with preflight Configuration
|
||||||
|
|
||||||
|
The following table lists the configuration parameter of the upstream operator one click install feature as well as preflight check flags, their default values and usage.
|
||||||
|
|
||||||
|
| Parameter | Description | Default | Example |
|
||||||
|
|--------------------------------------------------------------------|---------------------------------------------------------------------------------------------------|------------|-------------------------|
|
||||||
|
| `installTVK.enabled` | 1 click install feature is enabled | true | |
|
||||||
|
| `installTVK.applicationScope` | scope of TVK application created | Cluster | |
|
||||||
|
| `installTVK.tvkInstanceName` | tvk instance name | "" | "tvk-instance" |
|
||||||
|
| `installTVK.ingressConfig.host` | host of the ingress resource created | "" | |
|
||||||
|
| `installTVK.ingressConfig.tlsSecretName` | tls secret name which contains ingress certs | "" | |
|
||||||
|
| `installTVK.ingressConfig.annotations` | annotations to be added on ingress resource | "" | |
|
||||||
|
| `installTVK.ingressConfig.ingressClass` | ingress class name for the ingress resource | "" | |
|
||||||
|
| `installTVK.ComponentConfiguration.ingressController.enabled` | TVK ingress controller should be deployed | true | |
|
||||||
|
| `installTVK.ComponentConfiguration.ingressController.service.type` | TVK ingress controller service type | "NodePort" | |
|
||||||
|
| `preflight.enabled` | enables preflight check for tvk | false | |
|
||||||
|
| `preflight.storageClass` | Name of storage class to use for preflight checks (Required) | "" | |
|
||||||
|
| `preflight.cleanupOnFailure` | Cleanup the resources on cluster if preflight checks fail (Optional) | false | |
|
||||||
|
| `preflight.imagePullSecret` | Name of the secret for authentication while pulling the images from the local registry (Optional) | "" | |
|
||||||
|
| `preflight.limits` | Pod memory and cpu resource limits for DNS and volume snapshot preflight check (Optional) | "" | "cpu=600m,memory=256Mi" |
|
||||||
|
| `preflight.localRegistry` | Name of the local registry from where the images will be pulled (Optional) | "" | |
|
||||||
|
| `preflight.nodeSelector` | Node selector labels for pods to schedule on a specific nodes of cluster (Optional) | "" | "key=value" |
|
||||||
|
| `preflight.pvcStorageRequest` | PVC storage request for volume snapshot preflight check (Optional) | "" | "2Gi" |
|
||||||
|
| `preflight.requests` | Pod memory and cpu resource requests for DNS and volume snapshot preflight check (Optional) | "" | "cpu=300m,memory=128Mi" |
|
||||||
|
| `preflight.volumeSnapshotClass` | Name of volume snapshot class to use for preflight checks (Optional) | "" | |
|
||||||
|
| `preflight.logLevel` | Log Level for the preflight run (Default: "INFO") | "" | |
|
||||||
|
| `preflight.imageTag` | Image tag to use for the preflight image (Default: latest) | "" | |
|
||||||
|
|
||||||
|
Check the TVM CR configuration by running following command:
|
||||||
|
|
||||||
|
```
|
||||||
|
kubectl get triliovaultmanagers.triliovault.trilio.io triliovault-manager -o yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
Once the operator pod is in running state, the TVK pods getting spawned. Confirm the [TVK pods are up](#Check-TVK-Install).
|
||||||
|
|
||||||
|
#### Note:
|
||||||
|
|
||||||
|
If preflight check is enabled and helm install fails, check pre-install helm hook pod logs for any failure in preflight check. Do the following steps:
|
||||||
|
|
||||||
|
First, run this command:
|
||||||
|
```
|
||||||
|
kubectl get pods -n <helm-release-namespace>
|
||||||
|
```
|
||||||
|
|
||||||
|
The pod name should start with `<helm-release-name>-preflight-job-preinstall-hook`. Check the logs of the pod by the following command:
|
||||||
|
```
|
||||||
|
kubectl logs -f <pod-name> -n <helm-release-namespace>
|
||||||
|
```
|
||||||
|
|
||||||
|
#### The failed preflight job is not cleaned up automatically right after failure. If the user cluster version is 1.21 and above, the job will be cleaned up after 1 hour so user should collect any failure logs within 1 hr of job failure. For cluster version below 1.21, user has to clean up failed preflight job manually.
|
||||||
|
|
||||||
|
To delete the job manually, run the following command:
|
||||||
|
```
|
||||||
|
kubectl delete job -f <job-name> -n <helm-release-namespace>
|
||||||
|
```
|
||||||
|
|
||||||
|
where job name should also start with `<helm-release-name>-preflight-job-preinstall-hook`
|
||||||
|
|
||||||
|
Also, due to a bug at helm side where auto deletion of resources upon failure doesn't work, user needs to clean the following resources left behind to be able to run preflight again, until the bug is fixed from their side, after which this step will be handled automatically. Run the following command to clean up the temporary resources:
|
||||||
|
|
||||||
|
1. Cleanup Service Account:
|
||||||
|
```
|
||||||
|
kubectl delete sa <helm-release-name>-preflight-service-account -n <helm-release-namespace>
|
||||||
|
```
|
||||||
|
2. Cleanup Cluster Role Binding:
|
||||||
|
```
|
||||||
|
kubectl delete clusterrolebinding <helm-release-name>-<helm-release-namespace>-preflight-rolebinding
|
||||||
|
```
|
||||||
|
3. Cleanup Cluster Role:
|
||||||
|
```
|
||||||
|
kubectl delete clusterrole <helm-release-name>-<helm-release-namespace>-preflight-role
|
||||||
|
```
|
||||||
|
|
||||||
|
## Manual Installation
|
||||||
|
|
||||||
|
To install the operator on local setup just run the latest helm charts inside this repo
|
||||||
|
|
||||||
|
```shell script
|
||||||
|
helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
|
||||||
|
helm install tvm trilio-vault-operator/k8s-triliovault-operator
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, create a TrilioVaultManager CR to install the TrilioVault for Kubernetes. You can provide the custom configurations for the TVK resources as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
apiVersion: triliovault.trilio.io/v1
|
||||||
|
kind: TrilioVaultManager
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
triliovault: k8s
|
||||||
|
name: tvk
|
||||||
|
spec:
|
||||||
|
trilioVaultAppVersion: latest
|
||||||
|
applicationScope: Cluster
|
||||||
|
# User can configure tvk instance name
|
||||||
|
tvkInstanceName: tvk-instance
|
||||||
|
# User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section
|
||||||
|
ingressConfig:
|
||||||
|
host: "trilio.co.in"
|
||||||
|
tlsSecretName: "secret-name"
|
||||||
|
# TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
|
||||||
|
# User can configure resources for all componentes and can configure service type and host for the ingress-controller
|
||||||
|
componentConfiguration:
|
||||||
|
web-backend:
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: "400Mi"
|
||||||
|
cpu: "200m"
|
||||||
|
limits:
|
||||||
|
memory: "2584Mi"
|
||||||
|
cpu: "1000m"
|
||||||
|
ingress-controller:
|
||||||
|
enabled: true
|
||||||
|
service:
|
||||||
|
type: LoadBalancer
|
||||||
|
```
|
||||||
|
|
||||||
|
### Apply the Custom Resource
|
||||||
|
|
||||||
|
Apply `TVM.yaml`:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
kubectl create -f TVM.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
### Check TVK Install
|
||||||
|
|
||||||
|
Check that the pods were created:
|
||||||
|
|
||||||
|
```
|
||||||
|
kubectl get pods
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
NAME READY STATUS RESTARTS AGE
|
||||||
|
k8s-triliovault-admission-webhook-6ff5f98c8-qwmfc 1/1 Running 0 81s
|
||||||
|
k8s-triliovault-backend-6f66b6b8d5-gxtmz 1/1 Running 0 81s
|
||||||
|
k8s-triliovault-control-plane-6c464c5d78-ftk6g 1/1 Running 0 81s
|
||||||
|
k8s-triliovault-exporter-59566f97dd-gs4xc 1/1 Running 0 81s
|
||||||
|
k8s-triliovault-ingress-nginx-controller-867c764cd5-qhpx6 1/1 Running 0 18s
|
||||||
|
k8s-triliovault-web-967c8475-m7pc6 1/1 Running 0 81s
|
||||||
|
tvm-k8s-triliovault-operator-66bd7d86d5-dvhzb 1/1 Running 0 6m48s
|
||||||
|
```
|
||||||
|
|
||||||
|
Check that ingress controller service is of type LoadBalancer:
|
||||||
|
```
|
||||||
|
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||||
|
k8s-triliovault-admission-webhook ClusterIP 10.7.243.24 <none> 443/TCP 129m
|
||||||
|
k8s-triliovault-ingress-nginx-controller LoadBalancer 10.7.246.193 35.203.155.148 80:30362/TCP,443:32327/TCP 129m
|
||||||
|
k8s-triliovault-ingress-nginx-controller-admission ClusterIP 10.7.250.31 <none> 443/TCP 129m
|
||||||
|
k8s-triliovault-web ClusterIP 10.7.254.41 <none> 80/TCP 129m
|
||||||
|
k8s-triliovault-web-backend ClusterIP 10.7.252.146 <none> 80/TCP 129m
|
||||||
|
tvm-k8s-triliovault-operator-webhook-service ClusterIP 10.7.248.163 <none> 443/TCP 130m 123m
|
||||||
|
```
|
||||||
|
|
||||||
|
Check that ingress resources has the host defined by the user:
|
||||||
|
```
|
||||||
|
NAME CLASS HOSTS ADDRESS PORTS AGE
|
||||||
|
k8s-triliovault k8s-triliovault-default-nginx * 35.203.155.148 80 129m
|
||||||
|
```
|
||||||
|
|
||||||
|
You can access the TVK UI by hitting this address in your browser: https://35.203.155.148
|
||||||
|
|
||||||
|
## Delete
|
||||||
|
|
||||||
|
```shell
|
||||||
|
kubectl delete -f TVM.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
## Uninstall
|
||||||
|
|
||||||
|
To uninstall/delete the operator helm chart :
|
||||||
|
|
||||||
|
```bash
|
||||||
|
helm uninstall tvm
|
||||||
|
```
|
||||||
|
|
||||||
|
## TrilioVaultManager compatibility
|
||||||
|
|
||||||
|
We maintain the version parity between the TrilioVaultManager(upstream operator) and TrilioVault for Kubernetes. Whenever
|
||||||
|
user wants to upgrade to the new version, should use the same version for upstream operator and Triliovault for Kubernetes.
|
|
@ -0,0 +1,21 @@
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 0.1.0
|
||||||
|
dependencies:
|
||||||
|
- name: visualization
|
||||||
|
repository: file://charts/visualization
|
||||||
|
version: ^0.1.0
|
||||||
|
- name: logging
|
||||||
|
repository: file://charts/logging
|
||||||
|
version: ^0.1.0
|
||||||
|
- name: monitoring
|
||||||
|
repository: file://charts/monitoring
|
||||||
|
version: ^0.1.0
|
||||||
|
description: Observability Stack is designed to manage the K8s-TrilioVault Application's
|
||||||
|
Logging, Monitoring and Visualization.
|
||||||
|
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
|
||||||
|
kubeVersion: '>=1.19.0-0'
|
||||||
|
maintainers:
|
||||||
|
- email: support@trilio.io
|
||||||
|
name: Trilio
|
||||||
|
name: observability
|
||||||
|
version: 0.1.0
|
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 0.1.0
|
||||||
|
dependencies:
|
||||||
|
- condition: loki.enabled
|
||||||
|
name: loki
|
||||||
|
repository: https://grafana.github.io/helm-charts
|
||||||
|
version: ^2.11.1
|
||||||
|
- condition: promtail.enabled
|
||||||
|
name: promtail
|
||||||
|
repository: https://grafana.github.io/helm-charts
|
||||||
|
version: ^4.2.0
|
||||||
|
description: Logging Stack designed to manage the K8s-TrilioVault Application's Logs.
|
||||||
|
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
|
||||||
|
maintainers:
|
||||||
|
- email: support@trilio.io
|
||||||
|
name: Trilio
|
||||||
|
name: logging
|
||||||
|
version: 0.1.0
|
|
@ -0,0 +1,13 @@
|
||||||
|
apiVersion: v1
|
||||||
|
appVersion: v2.5.0
|
||||||
|
description: 'Loki: like Prometheus, but for logs.'
|
||||||
|
home: https://grafana.com/loki
|
||||||
|
icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png
|
||||||
|
kubeVersion: ^1.10.0-0
|
||||||
|
maintainers:
|
||||||
|
- email: support@trilio.io
|
||||||
|
name: Trilio
|
||||||
|
name: loki
|
||||||
|
sources:
|
||||||
|
- https://github.com/grafana/loki
|
||||||
|
version: 2.11.1
|
|
@ -0,0 +1,3 @@
|
||||||
|
Verify the application is working by running these commands:
|
||||||
|
kubectl --namespace {{ .Release.Namespace }} port-forward service/{{ include "loki.fullname" . }} {{ .Values.service.port }}
|
||||||
|
curl http://127.0.0.1:{{ .Values.service.port }}/api/prom/label
|
|
@ -0,0 +1,75 @@
|
||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "loki.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "loki.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride -}}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "loki.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account
|
||||||
|
*/}}
|
||||||
|
{{- define "loki.serviceAccountName" -}}
|
||||||
|
{{- if .Values.serviceAccount.create -}}
|
||||||
|
{{ default (include "loki.fullname" .) .Values.serviceAccount.name }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ default "default" .Values.serviceAccount.name }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the app name of loki clients. Defaults to the same logic as "loki.fullname", and default client expects "promtail".
|
||||||
|
*/}}
|
||||||
|
{{- define "client.name" -}}
|
||||||
|
{{- if .Values.client.name -}}
|
||||||
|
{{- .Values.client.name -}}
|
||||||
|
{{- else if .Values.client.fullnameOverride -}}
|
||||||
|
{{- .Values.client.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default "promtail" .Values.client.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Generate a right Ingress apiVersion
|
||||||
|
*/}}
|
||||||
|
{{- define "ingress.apiVersion" -}}
|
||||||
|
{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||||
|
networking.k8s.io/v1
|
||||||
|
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||||
|
networking.k8s.io/v1beta1
|
||||||
|
{{- else -}}
|
||||||
|
extensions/v1
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
{{- if or (.Values.useExistingAlertingGroup.enabled) (gt (len .Values.alerting_groups) 0) }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}-alerting-rules
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
data:
|
||||||
|
{{ template "loki.fullname" . }}-alerting-rules.yaml: |-
|
||||||
|
groups:
|
||||||
|
{{- toYaml .Values.alerting_groups | nindent 6 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,55 @@
|
||||||
|
{{- if .Values.ingress.enabled -}}
|
||||||
|
{{- $fullName := include "loki.fullname" . -}}
|
||||||
|
{{- $svcPort := .Values.service.port -}}
|
||||||
|
{{- $apiVersion := include "ingress.apiVersion" . -}}
|
||||||
|
apiVersion: {{ $apiVersion }}
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: {{ $fullName }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
{{- with .Values.ingress.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
{{- if .Values.ingress.ingressClassName }}
|
||||||
|
ingressClassName: {{ .Values.ingress.ingressClassName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.ingress.tls }}
|
||||||
|
tls:
|
||||||
|
{{- range .Values.ingress.tls }}
|
||||||
|
- hosts:
|
||||||
|
{{- range .hosts }}
|
||||||
|
- {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
secretName: {{ .secretName }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
rules:
|
||||||
|
{{- range .Values.ingress.hosts }}
|
||||||
|
- host: {{ .host | quote }}
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
{{- range .paths }}
|
||||||
|
- path: {{ . }}
|
||||||
|
{{- if eq $apiVersion "networking.k8s.io/v1" }}
|
||||||
|
pathType: Prefix
|
||||||
|
{{- end }}
|
||||||
|
backend:
|
||||||
|
{{- if eq $apiVersion "networking.k8s.io/v1" }}
|
||||||
|
service:
|
||||||
|
name: {{ $fullName }}
|
||||||
|
port:
|
||||||
|
number: {{ $svcPort }}
|
||||||
|
{{- else }}
|
||||||
|
serviceName: {{ $fullName }}
|
||||||
|
servicePort: {{ $svcPort }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,26 @@
|
||||||
|
{{- if .Values.networkPolicy.enabled }}
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
spec:
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
ingress:
|
||||||
|
- from:
|
||||||
|
- podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app: {{ template "client.name" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
- ports:
|
||||||
|
- port: {{ .Values.service.port }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,17 @@
|
||||||
|
{{- if .Values.podDisruptionBudget -}}
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodDisruptionBudget
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,41 @@
|
||||||
|
{{- if .Values.rbac.pspEnabled }}
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
spec:
|
||||||
|
privileged: false
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
volumes:
|
||||||
|
- 'configMap'
|
||||||
|
- 'emptyDir'
|
||||||
|
- 'persistentVolumeClaim'
|
||||||
|
- 'secret'
|
||||||
|
- 'projected'
|
||||||
|
- 'downwardAPI'
|
||||||
|
hostNetwork: false
|
||||||
|
hostIPC: false
|
||||||
|
hostPID: false
|
||||||
|
runAsUser:
|
||||||
|
rule: 'MustRunAsNonRoot'
|
||||||
|
seLinux:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
supplementalGroups:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
fsGroup:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
requiredDropCapabilities:
|
||||||
|
- ALL
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,23 @@
|
||||||
|
{{- if and .Values.serviceMonitor.enabled .Values.serviceMonitor.prometheusRule.enabled -}}
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PrometheusRule
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
{{- if .Values.serviceMonitor.prometheusRule.namespace }}
|
||||||
|
namespace: {{ .Values.serviceMonitor.prometheusRule.namespace | quote }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
{{- if .Values.serviceMonitor.prometheusRule.additionalLabels }}
|
||||||
|
{{- toYaml .Values.serviceMonitor.prometheusRule.additionalLabels | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
{{- if .Values.serviceMonitor.prometheusRule.rules }}
|
||||||
|
groups:
|
||||||
|
- name: {{ template "loki.fullname" . }}
|
||||||
|
rules: {{- toYaml .Values.serviceMonitor.prometheusRule.rules | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{- if .Values.rbac.create }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
{{- if .Values.rbac.pspEnabled }}
|
||||||
|
rules:
|
||||||
|
- apiGroups: ['extensions']
|
||||||
|
resources: ['podsecuritypolicies']
|
||||||
|
verbs: ['use']
|
||||||
|
resourceNames: [{{ template "loki.fullname" . }}]
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{- if .Values.rbac.create }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "loki.serviceAccountName" . }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
{{- if not .Values.config.existingSecret -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
data:
|
||||||
|
loki.yaml: {{ tpl (toYaml .Values.config) . | b64enc}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,26 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}-headless
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ template "loki.name" . }}
|
||||||
|
{{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
|
||||||
|
variant: headless
|
||||||
|
spec:
|
||||||
|
clusterIP: None
|
||||||
|
ports:
|
||||||
|
- port: {{ .Values.service.port }}
|
||||||
|
protocol: TCP
|
||||||
|
name: http-metrics
|
||||||
|
targetPort: {{ .Values.service.targetPort }}
|
||||||
|
{{- if .Values.extraPorts }}
|
||||||
|
{{ toYaml .Values.extraPorts | indent 4}}
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
release: {{ .Release.Name }}
|
|
@ -0,0 +1,45 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ template "loki.name" . }}
|
||||||
|
{{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.service.labels }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml .Values.service.annotations | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
type: {{ .Values.service.type }}
|
||||||
|
{{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }}
|
||||||
|
clusterIP: {{ .Values.service.clusterIP }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
|
||||||
|
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.service.loadBalancerSourceRanges }}
|
||||||
|
loadBalancerSourceRanges:
|
||||||
|
{{- range $cidr := .Values.service.loadBalancerSourceRanges }}
|
||||||
|
- {{ $cidr }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- port: {{ .Values.service.port }}
|
||||||
|
protocol: TCP
|
||||||
|
name: http-metrics
|
||||||
|
targetPort: {{ .Values.service.targetPort }}
|
||||||
|
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
|
||||||
|
nodePort: {{ .Values.service.nodePort }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.extraPorts }}
|
||||||
|
{{ toYaml .Values.extraPorts | indent 4}}
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
release: {{ .Release.Name }}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- if .Values.serviceAccount.create }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
|
||||||
|
name: {{ template "loki.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||||
|
{{- end }}
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
{{- if .Values.serviceMonitor.enabled }}
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: ServiceMonitor
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
{{- if .Values.serviceMonitor.additionalLabels }}
|
||||||
|
{{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.serviceMonitor.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.serviceMonitor.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
release: {{ .Release.Name | quote }}
|
||||||
|
variant: headless
|
||||||
|
namespaceSelector:
|
||||||
|
matchNames:
|
||||||
|
- {{ .Release.Namespace | quote }}
|
||||||
|
endpoints:
|
||||||
|
- port: http-metrics
|
||||||
|
{{- if .Values.serviceMonitor.interval }}
|
||||||
|
interval: {{ .Values.serviceMonitor.interval }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.serviceMonitor.scrapeTimeout }}
|
||||||
|
scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.serviceMonitor.path }}
|
||||||
|
path: {{ .Values.serviceMonitor.path }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,160 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
chart: {{ template "loki.chart" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml .Values.annotations | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
podManagementPolicy: {{ .Values.podManagementPolicy }}
|
||||||
|
replicas: {{ .Values.replicas }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- include "k8s-triliovault-operator.labels" . | nindent 6 }}
|
||||||
|
serviceName: {{ template "loki.fullname" . }}-headless
|
||||||
|
updateStrategy:
|
||||||
|
{{- toYaml .Values.updateStrategy | nindent 4 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: {{ template "loki.name" . }}
|
||||||
|
name: {{ template "loki.fullname" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- include "k8s-triliovault-operator.labels" . | nindent 8 }}
|
||||||
|
{{- with .Values.podLabels }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
annotations:
|
||||||
|
{{- if not .Values.config.existingSecret }}
|
||||||
|
checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.podAnnotations }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ template "loki.serviceAccountName" . }}
|
||||||
|
{{- if .Values.priorityClassName }}
|
||||||
|
priorityClassName: {{ .Values.priorityClassName }}
|
||||||
|
{{- end }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml .Values.securityContext | nindent 8 }}
|
||||||
|
initContainers:
|
||||||
|
{{- toYaml .Values.initContainers | nindent 8 }}
|
||||||
|
{{- if .Values.image.pullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- range .Values.image.pullSecrets }}
|
||||||
|
- name: {{ . }}
|
||||||
|
{{- end}}
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}
|
||||||
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
|
args:
|
||||||
|
- "-config.file=/etc/loki/loki.yaml"
|
||||||
|
{{- range $key, $value := .Values.extraArgs }}
|
||||||
|
- "-{{ $key }}={{ $value }}"
|
||||||
|
{{- end }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: tmp
|
||||||
|
mountPath: /tmp
|
||||||
|
{{- if .Values.extraVolumeMounts }}
|
||||||
|
{{ toYaml .Values.extraVolumeMounts | nindent 12}}
|
||||||
|
{{- end }}
|
||||||
|
- name: config
|
||||||
|
mountPath: /etc/loki
|
||||||
|
- name: storage
|
||||||
|
mountPath: "/data"
|
||||||
|
subPath: {{ .Values.persistence.subPath }}
|
||||||
|
{{- if or (.Values.useExistingAlertingGroup.enabled) (gt (len .Values.alerting_groups) 0) }}
|
||||||
|
- name: rules
|
||||||
|
mountPath: /rules/fake
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: http-metrics
|
||||||
|
containerPort: {{ .Values.config.server.http_listen_port }}
|
||||||
|
protocol: TCP
|
||||||
|
livenessProbe:
|
||||||
|
{{- toYaml .Values.livenessProbe | nindent 12 }}
|
||||||
|
readinessProbe:
|
||||||
|
{{- toYaml .Values.readinessProbe | nindent 12 }}
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.resources | nindent 12 }}
|
||||||
|
securityContext:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
env:
|
||||||
|
{{- if .Values.env }}
|
||||||
|
{{- toYaml .Values.env | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.tracing.jaegerAgentHost }}
|
||||||
|
- name: JAEGER_AGENT_HOST
|
||||||
|
value: "{{ .Values.tracing.jaegerAgentHost }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.extraContainers }}
|
||||||
|
{{ toYaml .Values.extraContainers | indent 8}}
|
||||||
|
{{- end }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- toYaml .Values.nodeSelector | nindent 8 }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml .Values.affinity | nindent 8 }}
|
||||||
|
tolerations:
|
||||||
|
{{- toYaml .Values.tolerations | nindent 8 }}
|
||||||
|
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
|
||||||
|
volumes:
|
||||||
|
- name: tmp
|
||||||
|
emptyDir: {}
|
||||||
|
{{- if or (.Values.useExistingAlertingGroup.enabled) (gt (len .Values.alerting_groups) 0) }}
|
||||||
|
- name: rules
|
||||||
|
configMap:
|
||||||
|
{{- if .Values.useExistingAlertingGroup.enabled }}
|
||||||
|
name: {{ .Values.useExistingAlertingGroup.configmapName }}
|
||||||
|
{{- else }}
|
||||||
|
name: {{ template "loki.fullname" . }}-alerting-rules
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
- name: config
|
||||||
|
secret:
|
||||||
|
{{- if .Values.config.existingSecret }}
|
||||||
|
secretName: {{ .Values.config.existingSecret }}
|
||||||
|
{{- else }}
|
||||||
|
secretName: {{ template "loki.fullname" . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.extraVolumes }}
|
||||||
|
{{ toYaml .Values.extraVolumes | indent 8}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.persistence.enabled }}
|
||||||
|
- name: storage
|
||||||
|
emptyDir: {}
|
||||||
|
{{- else if .Values.persistence.existingClaim }}
|
||||||
|
- name: storage
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ .Values.persistence.existingClaim }}
|
||||||
|
{{- else }}
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: storage
|
||||||
|
annotations:
|
||||||
|
{{- toYaml .Values.persistence.annotations | nindent 8 }}
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
{{- toYaml .Values.persistence.accessModes | nindent 8 }}
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: {{ .Values.persistence.size | quote }}
|
||||||
|
storageClassName: {{ .Values.persistence.storageClassName }}
|
||||||
|
{{- if .Values.persistence.selector }}
|
||||||
|
selector:
|
||||||
|
{{- toYaml .Values.persistence.selector | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,326 @@
|
||||||
|
image:
|
||||||
|
repository: grafana/loki
|
||||||
|
tag: 2.5.0
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
## Optionally specify an array of imagePullSecrets.
|
||||||
|
## Secrets must be manually created in the namespace.
|
||||||
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||||
|
##
|
||||||
|
# pullSecrets:
|
||||||
|
# - myRegistryKeySecretName
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
enabled: false
|
||||||
|
# For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
|
||||||
|
# See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
|
||||||
|
# ingressClassName: nginx
|
||||||
|
annotations: {}
|
||||||
|
# kubernetes.io/ingress.class: nginx
|
||||||
|
# kubernetes.io/tls-acme: "true"
|
||||||
|
hosts:
|
||||||
|
- host: chart-example.local
|
||||||
|
paths: []
|
||||||
|
tls: []
|
||||||
|
# - secretName: chart-example-tls
|
||||||
|
# hosts:
|
||||||
|
# - chart-example.local
|
||||||
|
|
||||||
|
## Affinity for pod assignment
|
||||||
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||||||
|
affinity: {}
|
||||||
|
# podAntiAffinity:
|
||||||
|
# requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
# - labelSelector:
|
||||||
|
# matchExpressions:
|
||||||
|
# - key: app
|
||||||
|
# operator: In
|
||||||
|
# values:
|
||||||
|
# - loki
|
||||||
|
# topologyKey: "kubernetes.io/hostname"
|
||||||
|
|
||||||
|
## StatefulSet annotations
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
# enable tracing for debug, need install jaeger and specify right jaeger_agent_host
|
||||||
|
tracing:
|
||||||
|
jaegerAgentHost:
|
||||||
|
|
||||||
|
config:
|
||||||
|
# existingSecret:
|
||||||
|
auth_enabled: false
|
||||||
|
ingester:
|
||||||
|
chunk_idle_period: 3m
|
||||||
|
chunk_block_size: 262144
|
||||||
|
chunk_retain_period: 1m
|
||||||
|
max_transfer_retries: 0
|
||||||
|
wal:
|
||||||
|
dir: /data/loki/wal
|
||||||
|
lifecycler:
|
||||||
|
ring:
|
||||||
|
kvstore:
|
||||||
|
store: inmemory
|
||||||
|
replication_factor: 1
|
||||||
|
|
||||||
|
## Different ring configs can be used. E.g. Consul
|
||||||
|
# ring:
|
||||||
|
# store: consul
|
||||||
|
# replication_factor: 1
|
||||||
|
# consul:
|
||||||
|
# host: "consul:8500"
|
||||||
|
# prefix: ""
|
||||||
|
# http_client_timeout: "20s"
|
||||||
|
# consistent_reads: true
|
||||||
|
limits_config:
|
||||||
|
enforce_metric_name: false
|
||||||
|
reject_old_samples: true
|
||||||
|
reject_old_samples_max_age: 168h
|
||||||
|
max_entries_limit_per_query: 5000
|
||||||
|
max_streams_per_user: 100000
|
||||||
|
schema_config:
|
||||||
|
configs:
|
||||||
|
- from: 2020-10-24
|
||||||
|
store: boltdb-shipper
|
||||||
|
object_store: filesystem
|
||||||
|
schema: v11
|
||||||
|
index:
|
||||||
|
prefix: index_
|
||||||
|
period: 24h
|
||||||
|
server:
|
||||||
|
http_listen_port: 3100
|
||||||
|
storage_config:
|
||||||
|
boltdb_shipper:
|
||||||
|
active_index_directory: /data/loki/boltdb-shipper-active
|
||||||
|
cache_location: /data/loki/boltdb-shipper-cache
|
||||||
|
cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space
|
||||||
|
shared_store: filesystem
|
||||||
|
filesystem:
|
||||||
|
directory: /data/loki/chunks
|
||||||
|
chunk_store_config:
|
||||||
|
max_look_back_period: 0s
|
||||||
|
table_manager:
|
||||||
|
retention_deletes_enabled: false
|
||||||
|
retention_period: 0s
|
||||||
|
compactor:
|
||||||
|
working_directory: /data/loki/boltdb-shipper-compactor
|
||||||
|
shared_store: filesystem
|
||||||
|
# Needed for Alerting: https://grafana.com/docs/loki/latest/rules/
|
||||||
|
# This is just a simple example, for more details: https://grafana.com/docs/loki/latest/configuration/#ruler_config
|
||||||
|
# ruler:
|
||||||
|
# storage:
|
||||||
|
# type: local
|
||||||
|
# local:
|
||||||
|
# directory: /rules
|
||||||
|
# rule_path: /tmp/scratch
|
||||||
|
# alertmanager_url: http://alertmanager.svc.namespace:9093
|
||||||
|
# ring:
|
||||||
|
# kvstore:
|
||||||
|
# store: inmemory
|
||||||
|
# enable_api: true
|
||||||
|
|
||||||
|
## Additional Loki container arguments, e.g. log level (debug, info, warn, error)
|
||||||
|
extraArgs: {}
|
||||||
|
# log.level: debug
|
||||||
|
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /ready
|
||||||
|
port: http-metrics
|
||||||
|
initialDelaySeconds: 45
|
||||||
|
|
||||||
|
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
|
||||||
|
networkPolicy:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
## The app name of loki clients
|
||||||
|
client: {}
|
||||||
|
# name:
|
||||||
|
|
||||||
|
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
|
||||||
|
## If you set enabled as "True", you need :
|
||||||
|
## - create a pv which above 10Gi and has same namespace with loki
|
||||||
|
## - keep storageClassName same with below setting
|
||||||
|
persistence:
|
||||||
|
enabled: false
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
annotations: {}
|
||||||
|
# selector:
|
||||||
|
# matchLabels:
|
||||||
|
# app.kubernetes.io/name: loki
|
||||||
|
# subPath: ""
|
||||||
|
# existingClaim:
|
||||||
|
|
||||||
|
## Pod Labels
|
||||||
|
podLabels: {}
|
||||||
|
|
||||||
|
## Pod Annotations
|
||||||
|
podAnnotations:
|
||||||
|
prometheus.io/scrape: "true"
|
||||||
|
prometheus.io/port: "http-metrics"
|
||||||
|
|
||||||
|
podManagementPolicy: OrderedReady
|
||||||
|
|
||||||
|
## Assign a PriorityClassName to pods if set
|
||||||
|
# priorityClassName:
|
||||||
|
|
||||||
|
rbac:
|
||||||
|
create: true
|
||||||
|
pspEnabled: false
|
||||||
|
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /ready
|
||||||
|
port: http-metrics
|
||||||
|
initialDelaySeconds: 45
|
||||||
|
|
||||||
|
replicas: 1
|
||||||
|
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 1000m
|
||||||
|
memory: 500Mi
|
||||||
|
requests:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 256Mi
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
fsGroup: 10001
|
||||||
|
runAsGroup: 10001
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 10001
|
||||||
|
|
||||||
|
service:
|
||||||
|
type: ClusterIP
|
||||||
|
nodePort:
|
||||||
|
port: 3100
|
||||||
|
annotations: {}
|
||||||
|
labels: {}
|
||||||
|
targetPort: http-metrics
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
create: true
|
||||||
|
name:
|
||||||
|
annotations: {}
|
||||||
|
automountServiceAccountToken: true
|
||||||
|
|
||||||
|
terminationGracePeriodSeconds: 4800
|
||||||
|
|
||||||
|
## Tolerations for pod assignment
|
||||||
|
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||||
|
tolerations: []
|
||||||
|
|
||||||
|
# The values to set in the PodDisruptionBudget spec
|
||||||
|
# If not set then a PodDisruptionBudget will not be created
|
||||||
|
podDisruptionBudget: {}
|
||||||
|
# minAvailable: 1
|
||||||
|
# maxUnavailable: 1
|
||||||
|
|
||||||
|
updateStrategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: false
|
||||||
|
interval: ""
|
||||||
|
additionalLabels: {}
|
||||||
|
annotations: {}
|
||||||
|
# scrapeTimeout: 10s
|
||||||
|
# path: /metrics
|
||||||
|
prometheusRule:
|
||||||
|
enabled: false
|
||||||
|
additionalLabels: {}
|
||||||
|
# namespace:
|
||||||
|
rules: []
|
||||||
|
# Some examples from https://awesome-prometheus-alerts.grep.to/rules.html#loki
|
||||||
|
# - alert: LokiProcessTooManyRestarts
|
||||||
|
# expr: changes(process_start_time_seconds{job=~"loki"}[15m]) > 2
|
||||||
|
# for: 0m
|
||||||
|
# labels:
|
||||||
|
# severity: warning
|
||||||
|
# annotations:
|
||||||
|
# summary: Loki process too many restarts (instance {{ $labels.instance }})
|
||||||
|
# description: "A loki process had too many restarts (target {{ $labels.instance }})\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||||
|
# - alert: LokiRequestErrors
|
||||||
|
# expr: 100 * sum(rate(loki_request_duration_seconds_count{status_code=~"5.."}[1m])) by (namespace, job, route) / sum(rate(loki_request_duration_seconds_count[1m])) by (namespace, job, route) > 10
|
||||||
|
# for: 15m
|
||||||
|
# labels:
|
||||||
|
# severity: critical
|
||||||
|
# annotations:
|
||||||
|
# summary: Loki request errors (instance {{ $labels.instance }})
|
||||||
|
# description: "The {{ $labels.job }} and {{ $labels.route }} are experiencing errors\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||||
|
# - alert: LokiRequestPanic
|
||||||
|
# expr: sum(increase(loki_panic_total[10m])) by (namespace, job) > 0
|
||||||
|
# for: 5m
|
||||||
|
# labels:
|
||||||
|
# severity: critical
|
||||||
|
# annotations:
|
||||||
|
# summary: Loki request panic (instance {{ $labels.instance }})
|
||||||
|
# description: "The {{ $labels.job }} is experiencing {{ printf \"%.2f\" $value }}% increase of panics\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||||
|
# - alert: LokiRequestLatency
|
||||||
|
# expr: (histogram_quantile(0.99, sum(rate(loki_request_duration_seconds_bucket{route!~"(?i).*tail.*"}[5m])) by (le))) > 1
|
||||||
|
# for: 5m
|
||||||
|
# labels:
|
||||||
|
# severity: critical
|
||||||
|
# annotations:
|
||||||
|
# summary: Loki request latency (instance {{ $labels.instance }})
|
||||||
|
# description: "The {{ $labels.job }} {{ $labels.route }} is experiencing {{ printf \"%.2f\" $value }}s 99th percentile latency\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||||
|
|
||||||
|
|
||||||
|
initContainers: []
|
||||||
|
## Init containers to be added to the loki pod.
|
||||||
|
# - name: my-init-container
|
||||||
|
# image: busybox:latest
|
||||||
|
# command: ['sh', '-c', 'echo hello']
|
||||||
|
|
||||||
|
extraContainers: []
|
||||||
|
## Additional containers to be added to the loki pod.
|
||||||
|
# - name: reverse-proxy
|
||||||
|
# image: angelbarrera92/basic-auth-reverse-proxy:dev
|
||||||
|
# args:
|
||||||
|
# - "serve"
|
||||||
|
# - "--upstream=http://localhost:3100"
|
||||||
|
# - "--auth-config=/etc/reverse-proxy-conf/authn.yaml"
|
||||||
|
# ports:
|
||||||
|
# - name: http
|
||||||
|
# containerPort: 11811
|
||||||
|
# protocol: TCP
|
||||||
|
# volumeMounts:
|
||||||
|
# - name: reverse-proxy-auth-config
|
||||||
|
# mountPath: /etc/reverse-proxy-conf
|
||||||
|
|
||||||
|
|
||||||
|
extraVolumes: []
|
||||||
|
## Additional volumes to the loki pod.
|
||||||
|
# - name: reverse-proxy-auth-config
|
||||||
|
# secret:
|
||||||
|
# secretName: reverse-proxy-auth-config
|
||||||
|
|
||||||
|
## Extra volume mounts that will be added to the loki container
|
||||||
|
extraVolumeMounts: []
|
||||||
|
|
||||||
|
extraPorts: []
|
||||||
|
## Additional ports to the loki services. Useful to expose extra container ports.
|
||||||
|
# - port: 11811
|
||||||
|
# protocol: TCP
|
||||||
|
# name: http
|
||||||
|
# targetPort: http
|
||||||
|
|
||||||
|
# Extra env variables to pass to the loki container
|
||||||
|
env: []
|
||||||
|
|
||||||
|
# Specify Loki Alerting rules based on this documentation: https://grafana.com/docs/loki/latest/rules/
|
||||||
|
# When specified, you also need to add a ruler config section above. An example is shown in the alerting docs.
|
||||||
|
alerting_groups: []
|
||||||
|
# - name: example
|
||||||
|
# rules:
|
||||||
|
# - alert: HighThroughputLogStreams
|
||||||
|
# expr: sum by(container) (rate({job=~"loki-dev/.*"}[1m])) > 1000
|
||||||
|
# for: 2m
|
||||||
|
|
||||||
|
useExistingAlertingGroup:
|
||||||
|
enabled: false
|
||||||
|
configmapName: ""
|
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 2.5.0
|
||||||
|
description: Promtail is an agent which ships the contents of local logs to a Loki
|
||||||
|
instance
|
||||||
|
home: https://grafana.com/loki
|
||||||
|
icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png
|
||||||
|
maintainers:
|
||||||
|
- email: support@trilio.io
|
||||||
|
name: Trilio
|
||||||
|
name: promtail
|
||||||
|
sources:
|
||||||
|
- https://github.com/grafana/loki
|
||||||
|
- https://grafana.com/oss/loki/
|
||||||
|
- https://grafana.com/docs/loki/latest/
|
||||||
|
type: application
|
||||||
|
version: 4.2.0
|
|
@ -0,0 +1,10 @@
|
||||||
|
***********************************************************************
|
||||||
|
Welcome to Grafana Promtail
|
||||||
|
Chart version: {{ .Chart.Version }}
|
||||||
|
Promtail version: {{ .Values.image.tag | default .Chart.AppVersion }}
|
||||||
|
***********************************************************************
|
||||||
|
|
||||||
|
Verify the application is working by running these commands:
|
||||||
|
|
||||||
|
* kubectl --namespace {{ .Release.Namespace }} port-forward daemonset/{{ include "promtail.fullname" . }} {{ .Values.config.serverPort }}
|
||||||
|
* curl http://127.0.0.1:{{ .Values.config.serverPort }}/metrics
|
|
@ -0,0 +1,81 @@
|
||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "promtail.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "promtail.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride -}}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "promtail.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Common labels
|
||||||
|
*/}}
|
||||||
|
{{- define "promtail.labels" -}}
|
||||||
|
helm.sh/chart: {{ include "promtail.chart" . }}
|
||||||
|
{{ include "promtail.selectorLabels" . }}
|
||||||
|
{{- if .Chart.AppVersion }}
|
||||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Selector labels
|
||||||
|
*/}}
|
||||||
|
{{- define "promtail.selectorLabels" -}}
|
||||||
|
app.kubernetes.io/name: {{ include "promtail.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{ include "k8s-triliovault-operator.labels" .}}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account
|
||||||
|
*/}}
|
||||||
|
{{- define "promtail.serviceAccountName" -}}
|
||||||
|
{{- if .Values.serviceAccount.create -}}
|
||||||
|
{{ default (include "promtail.fullname" .) .Values.serviceAccount.name }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ default "default" .Values.serviceAccount.name }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
The service name to connect to Loki. Defaults to the same logic as "loki.fullname"
|
||||||
|
*/}}
|
||||||
|
{{- define "loki.serviceName" -}}
|
||||||
|
{{- if .Values.loki.serviceName -}}
|
||||||
|
{{- .Values.loki.serviceName -}}
|
||||||
|
{{- else if .Values.loki.fullnameOverride -}}
|
||||||
|
{{- .Values.loki.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default "loki" .Values.loki.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,21 @@
|
||||||
|
{{- if .Values.rbac.create }}
|
||||||
|
kind: ClusterRole
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- nodes
|
||||||
|
- nodes/proxy
|
||||||
|
- services
|
||||||
|
- endpoints
|
||||||
|
- pods
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- watch
|
||||||
|
- list
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- if .Values.rbac.create }}
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "promtail.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: {{ include "promtail.fullname" . }}
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,132 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "promtail.selectorLabels" . | nindent 6 }}
|
||||||
|
updateStrategy:
|
||||||
|
{{- toYaml .Values.updateStrategy | nindent 4 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.selectorLabels" . | nindent 8 }}
|
||||||
|
{{- with .Values.podLabels }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
annotations:
|
||||||
|
checksum/config: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||||
|
{{- with .Values.podAnnotations }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ include "promtail.serviceAccountName" . }}
|
||||||
|
{{- with .Values.priorityClassName }}
|
||||||
|
priorityClassName: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.initContainer.enabled }}
|
||||||
|
initContainers:
|
||||||
|
- name: init
|
||||||
|
image: "{{ .Values.initContainer.image.registry }}/{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
|
||||||
|
command:
|
||||||
|
- sh
|
||||||
|
- -c
|
||||||
|
- sysctl -w fs.inotify.max_user_instances={{ .Values.initContainer.fsInotifyMaxUserInstances }}
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||||
|
containers:
|
||||||
|
- name: promtail
|
||||||
|
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
|
args:
|
||||||
|
- "-config.file=/etc/promtail/promtail.yaml"
|
||||||
|
{{- with .Values.extraArgs }}
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /etc/promtail
|
||||||
|
- name: run
|
||||||
|
mountPath: /run/promtail
|
||||||
|
{{- with .Values.defaultVolumeMounts }}
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.extraVolumeMounts }}
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
env:
|
||||||
|
- name: HOSTNAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
{{- with .Values.extraEnv }}
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.extraEnvFrom }}
|
||||||
|
envFrom:
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: http-metrics
|
||||||
|
containerPort: {{ .Values.config.serverPort }}
|
||||||
|
protocol: TCP
|
||||||
|
{{- range $key, $values := .Values.extraPorts }}
|
||||||
|
- name: {{ .name | default $key }}
|
||||||
|
containerPort: {{ $values.containerPort }}
|
||||||
|
protocol: {{ $values.protocol | default "TCP" }}
|
||||||
|
{{- end }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
|
||||||
|
{{- with .Values.livenessProbe }}
|
||||||
|
livenessProbe:
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.readinessProbe }}
|
||||||
|
readinessProbe:
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.resources }}
|
||||||
|
resources:
|
||||||
|
{{- toYaml . | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
secret:
|
||||||
|
secretName: {{ include "promtail.fullname" . }}
|
||||||
|
- name: run
|
||||||
|
hostPath:
|
||||||
|
path: /run/promtail
|
||||||
|
{{- with .Values.defaultVolumes }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.extraVolumes }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,4 @@
|
||||||
|
{{ range .Values.extraObjects }}
|
||||||
|
---
|
||||||
|
{{ tpl (toYaml .) $ }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,126 @@
|
||||||
|
{{- if .Values.networkPolicy.enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "promtail.name" . }}-namespace-only
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
podSelector: {}
|
||||||
|
policyTypes:
|
||||||
|
- Ingress
|
||||||
|
- Egress
|
||||||
|
egress:
|
||||||
|
- to:
|
||||||
|
- podSelector: {}
|
||||||
|
ingress:
|
||||||
|
- from:
|
||||||
|
- podSelector: {}
|
||||||
|
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "promtail.name" . }}-egress-dns
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "promtail.selectorLabels" . | nindent 6 }}
|
||||||
|
policyTypes:
|
||||||
|
- Egress
|
||||||
|
egress:
|
||||||
|
- ports:
|
||||||
|
- port: 53
|
||||||
|
protocol: UDP
|
||||||
|
to:
|
||||||
|
- namespaceSelector: {}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "promtail.name" . }}-egress-k8s-api
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "promtail.selectorLabels" . | nindent 6 }}
|
||||||
|
policyTypes:
|
||||||
|
- Egress
|
||||||
|
egress:
|
||||||
|
- ports:
|
||||||
|
- port: {{ .Values.networkPolicy.k8sApi.port }}
|
||||||
|
protocol: TCP
|
||||||
|
{{- if len .Values.networkPolicy.k8sApi.cidrs }}
|
||||||
|
to:
|
||||||
|
{{- range $cidr := .Values.networkPolicy.k8sApi.cidrs }}
|
||||||
|
- ipBlock:
|
||||||
|
cidr: {{ $cidr }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "promtail.name" . }}-ingress-metrics
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "promtail.selectorLabels" . | nindent 6 }}
|
||||||
|
policyTypes:
|
||||||
|
- Ingress
|
||||||
|
ingress:
|
||||||
|
- ports:
|
||||||
|
- port: http-metrics
|
||||||
|
protocol: TCP
|
||||||
|
{{- if len .Values.networkPolicy.metrics.cidrs }}
|
||||||
|
from:
|
||||||
|
{{- range $cidr := .Values.networkPolicy.metrics.cidrs }}
|
||||||
|
- ipBlock:
|
||||||
|
cidr: {{ $cidr }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.networkPolicy.metrics.namespaceSelector }}
|
||||||
|
- namespaceSelector:
|
||||||
|
{{- toYaml .Values.networkPolicy.metrics.namespaceSelector | nindent 12 }}
|
||||||
|
{{- if .Values.networkPolicy.metrics.podSelector }}
|
||||||
|
podSelector:
|
||||||
|
{{- toYaml .Values.networkPolicy.metrics.podSelector | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.extraPorts }}
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "promtail.name" . }}-egress-extra-ports
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "promtail.selectorLabels" . | nindent 6 }}
|
||||||
|
policyTypes:
|
||||||
|
- Egress
|
||||||
|
egress:
|
||||||
|
- ports:
|
||||||
|
{{- range $extraPortConfig := .Values.extraPorts }}
|
||||||
|
- port: {{ $extraPortConfig.containerPort }}
|
||||||
|
protocol: {{ $extraPortConfig.protocol }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,10 @@
|
||||||
|
{{- if and .Values.rbac.create .Values.rbac.pspEnabled }}
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
{{- toYaml .Values.podSecurityPolicy | nindent 2 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,18 @@
|
||||||
|
{{- if and .Values.rbac.create .Values.rbac.pspEnabled }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.fullname" . }}-psp
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- policy
|
||||||
|
resources:
|
||||||
|
- podsecuritypolicies
|
||||||
|
verbs:
|
||||||
|
- use
|
||||||
|
resourceNames:
|
||||||
|
- {{ include "promtail.fullname" . }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- if and .Values.rbac.create .Values.rbac.pspEnabled }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.fullname" . }}-psp
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: {{ include "promtail.fullname" . }}-psp
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "promtail.serviceAccountName" . }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,10 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
stringData:
|
||||||
|
promtail.yaml: |
|
||||||
|
{{- tpl .Values.config.file . | nindent 4 }}
|
|
@ -0,0 +1,52 @@
|
||||||
|
{{- range $key, $values := .Values.extraPorts }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.fullname" $ }}-{{ $key | lower }}
|
||||||
|
namespace: {{ $.Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" $ | nindent 4 }}
|
||||||
|
{{- with .labels }}
|
||||||
|
{{- toYaml $ | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
{{- with $values.service }}
|
||||||
|
type: {{ .type | default "ClusterIP" }}
|
||||||
|
{{- with .clusterIP }}
|
||||||
|
clusterIP: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .loadBalancerIP }}
|
||||||
|
loadBalancerIP: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .loadBalancerSourceRanges }}
|
||||||
|
loadBalancerSourceRanges:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- with .externalIPs }}
|
||||||
|
externalIPs:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .externalTrafficPolicy }}
|
||||||
|
externalTrafficPolicy: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: {{ .name | default $key }}
|
||||||
|
targetPort: {{ .name | default $key }}
|
||||||
|
protocol: TCP
|
||||||
|
{{- if $values.service }}
|
||||||
|
port: {{ $values.service.port | default $values.containerPort }}
|
||||||
|
{{- if $values.service.nodePort }}
|
||||||
|
nodePort: {{ $values.service.nodePort }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
port: {{ $values.containerPort }}
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
{{- include "promtail.selectorLabels" $ | nindent 4 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,18 @@
|
||||||
|
{{- if .Values.serviceMonitor.enabled }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.fullname" . }}-metrics
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
clusterIP: None
|
||||||
|
ports:
|
||||||
|
- name: http-metrics
|
||||||
|
port: {{ .Values.config.serverPort }}
|
||||||
|
targetPort: http-metrics
|
||||||
|
protocol: TCP
|
||||||
|
selector:
|
||||||
|
{{- include "promtail.selectorLabels" . | nindent 4 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,17 @@
|
||||||
|
{{- if .Values.serviceAccount.create }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.serviceAccount.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.serviceAccount.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,40 @@
|
||||||
|
{{- if .Values.serviceMonitor.enabled }}
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: ServiceMonitor
|
||||||
|
metadata:
|
||||||
|
name: {{ include "promtail.fullname" $ }}
|
||||||
|
{{- if .Values.serviceMonitor.namespace }}
|
||||||
|
namespace: {{ .Values.serviceMonitor.namespace }}
|
||||||
|
{{- else }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.serviceMonitor.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "promtail.labels" $ | nindent 4 }}
|
||||||
|
{{- with .Values.serviceMonitor.labels }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
{{- with .Values.serviceMonitor.namespaceSelector }}
|
||||||
|
namespaceSelector:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "promtail.selectorLabels" . | nindent 6 }}
|
||||||
|
endpoints:
|
||||||
|
- port: http-metrics
|
||||||
|
{{- with .Values.serviceMonitor.interval }}
|
||||||
|
interval: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.serviceMonitor.scrapeTimeout }}
|
||||||
|
scrapeTimeout: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.serviceMonitor.relabelings }}
|
||||||
|
relabelings:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,430 @@
|
||||||
|
# -- Overrides the chart's name
|
||||||
|
nameOverride: null
|
||||||
|
|
||||||
|
# -- Overrides the chart's computed fullname
|
||||||
|
fullnameOverride: null
|
||||||
|
|
||||||
|
initContainer:
|
||||||
|
# -- Specifies whether the init container for setting inotify max user instances is to be enabled
|
||||||
|
enabled: false
|
||||||
|
image:
|
||||||
|
# -- The Docker registry for the init container
|
||||||
|
registry: docker.io
|
||||||
|
# -- Docker image repository for the init container
|
||||||
|
repository: busybox
|
||||||
|
# -- Docker tag for the init container
|
||||||
|
tag: 1.33
|
||||||
|
# -- Docker image pull policy for the init container image
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
# -- The inotify max user instances to configure
|
||||||
|
fsInotifyMaxUserInstances: 128
|
||||||
|
|
||||||
|
image:
|
||||||
|
# -- The Docker registry
|
||||||
|
registry: docker.io
|
||||||
|
# -- Docker image repository
|
||||||
|
repository: grafana/promtail
|
||||||
|
# -- Overrides the image tag whose default is the chart's appVersion
|
||||||
|
tag: null
|
||||||
|
# -- Docker image pull policy
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
# -- Image pull secrets for Docker images
|
||||||
|
imagePullSecrets: []
|
||||||
|
|
||||||
|
# -- Annotations for the DaemonSet
|
||||||
|
annotations:
|
||||||
|
ignore-check.kube-linter.io/run-as-non-root: "This deployment needs to run as root user to modify log files"
|
||||||
|
ignore-check.kube-linter.io/writable-host-mount: "This deployment needs writable volume mount on host to capture logs"
|
||||||
|
|
||||||
|
# -- The update strategy for the DaemonSet
|
||||||
|
updateStrategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
|
||||||
|
# -- Pod labels
|
||||||
|
podLabels: {}
|
||||||
|
|
||||||
|
# -- Pod annotations
|
||||||
|
podAnnotations: {}
|
||||||
|
# prometheus.io/scrape: "true"
|
||||||
|
# prometheus.io/port: "http-metrics"
|
||||||
|
|
||||||
|
# -- The name of the PriorityClass
|
||||||
|
priorityClassName: null
|
||||||
|
|
||||||
|
# -- Liveness probe
|
||||||
|
livenessProbe: {}
|
||||||
|
|
||||||
|
# -- Readiness probe
|
||||||
|
# @default -- See `values.yaml`
|
||||||
|
readinessProbe:
|
||||||
|
failureThreshold: 5
|
||||||
|
httpGet:
|
||||||
|
path: /ready
|
||||||
|
port: http-metrics
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
timeoutSeconds: 1
|
||||||
|
|
||||||
|
# -- Resource requests and limits
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 1000m
|
||||||
|
memory: 500Mi
|
||||||
|
requests:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 256Mi
|
||||||
|
|
||||||
|
# -- The security context for pods
|
||||||
|
podSecurityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
runAsGroup: 0
|
||||||
|
|
||||||
|
# -- The security context for containers
|
||||||
|
containerSecurityContext:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
|
||||||
|
rbac:
|
||||||
|
# -- Specifies whether RBAC resources are to be created
|
||||||
|
create: true
|
||||||
|
# -- Specifies whether a PodSecurityPolicy is to be created
|
||||||
|
pspEnabled: false
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
# -- Specifies whether a ServiceAccount should be created
|
||||||
|
create: true
|
||||||
|
# -- The name of the ServiceAccount to use.
|
||||||
|
# If not set and `create` is true, a name is generated using the fullname template
|
||||||
|
name: null
|
||||||
|
# -- Image pull secrets for the service account
|
||||||
|
imagePullSecrets: []
|
||||||
|
# -- Annotations for the service account
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
# -- Node selector for pods
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
# -- Affinity configuration for pods
|
||||||
|
affinity: {}
|
||||||
|
|
||||||
|
# -- Tolerations for pods. By default, pods will be scheduled on master/control-plane nodes.
|
||||||
|
tolerations:
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
operator: Exists
|
||||||
|
effect: NoSchedule
|
||||||
|
- key: node-role.kubernetes.io/control-plane
|
||||||
|
operator: Exists
|
||||||
|
effect: NoSchedule
|
||||||
|
|
||||||
|
# -- Default volumes that are mounted into pods. In most cases, these should not be changed.
|
||||||
|
# Use `extraVolumes`/`extraVolumeMounts` for additional custom volumes.
|
||||||
|
# @default -- See `values.yaml`
|
||||||
|
defaultVolumes:
|
||||||
|
- name: containers
|
||||||
|
hostPath:
|
||||||
|
path: /var/lib/docker/containers
|
||||||
|
- name: pods
|
||||||
|
hostPath:
|
||||||
|
path: /var/log/pods
|
||||||
|
|
||||||
|
# -- Default volume mounts. Corresponds to `volumes`.
|
||||||
|
# @default -- See `values.yaml`
|
||||||
|
defaultVolumeMounts:
|
||||||
|
- name: containers
|
||||||
|
mountPath: /var/lib/docker/containers
|
||||||
|
readOnly: true
|
||||||
|
- name: pods
|
||||||
|
mountPath: /var/log/pods
|
||||||
|
readOnly: true
|
||||||
|
|
||||||
|
# Extra volumes to be added in addition to those specified under `defaultVolumes`.
|
||||||
|
extraVolumes: []
|
||||||
|
|
||||||
|
# Extra volume mounts together. Corresponds to `extraVolumes`.
|
||||||
|
extraVolumeMounts: []
|
||||||
|
|
||||||
|
# Extra args for the Promtail container.
|
||||||
|
extraArgs: []
|
||||||
|
# -- Example:
|
||||||
|
# -- extraArgs:
|
||||||
|
# -- - -client.external-labels=hostname=$(HOSTNAME)
|
||||||
|
|
||||||
|
# -- Extra environment variables
|
||||||
|
extraEnv: []
|
||||||
|
|
||||||
|
# -- Extra environment variables from secrets or configmaps
|
||||||
|
extraEnvFrom: []
|
||||||
|
|
||||||
|
# ServiceMonitor configuration
|
||||||
|
serviceMonitor:
|
||||||
|
# -- If enabled, ServiceMonitor resources for Prometheus Operator are created
|
||||||
|
enabled: false
|
||||||
|
# -- Alternative namespace for ServiceMonitor resources
|
||||||
|
namespace: null
|
||||||
|
# -- Namespace selector for ServiceMonitor resources
|
||||||
|
namespaceSelector: {}
|
||||||
|
# -- ServiceMonitor annotations
|
||||||
|
annotations: {}
|
||||||
|
# -- Additional ServiceMonitor labels
|
||||||
|
labels: {}
|
||||||
|
# -- ServiceMonitor scrape interval
|
||||||
|
interval: null
|
||||||
|
# -- ServiceMonitor scrape timeout in Go duration format (e.g. 15s)
|
||||||
|
scrapeTimeout: null
|
||||||
|
# -- ServiceMonitor relabel configs to apply to samples before scraping
|
||||||
|
# https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
|
||||||
|
relabelings: []
|
||||||
|
|
||||||
|
# -- Configure additional ports and services. For each configured port, a corresponding service is created.
|
||||||
|
# See values.yaml for details
|
||||||
|
extraPorts: {}
|
||||||
|
# syslog:
|
||||||
|
# name: tcp-syslog
|
||||||
|
# containerPort: 1514
|
||||||
|
# protocol: TCP
|
||||||
|
# service:
|
||||||
|
# type: ClusterIP
|
||||||
|
# clusterIP: null
|
||||||
|
# port: 1514
|
||||||
|
# externalIPs: []
|
||||||
|
# nodePort: null
|
||||||
|
# annotations: {}
|
||||||
|
# labels: {}
|
||||||
|
# loadBalancerIP: null
|
||||||
|
# loadBalancerSourceRanges: []
|
||||||
|
# externalTrafficPolicy: null
|
||||||
|
|
||||||
|
# -- PodSecurityPolicy configuration.
|
||||||
|
# @default -- See `values.yaml`
|
||||||
|
podSecurityPolicy:
|
||||||
|
privileged: true
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
|
volumes:
|
||||||
|
- 'secret'
|
||||||
|
- 'hostPath'
|
||||||
|
- 'downwardAPI'
|
||||||
|
hostNetwork: false
|
||||||
|
hostIPC: false
|
||||||
|
hostPID: false
|
||||||
|
runAsUser:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
seLinux:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
supplementalGroups:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
fsGroup:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
requiredDropCapabilities:
|
||||||
|
- ALL
|
||||||
|
|
||||||
|
# -- Section for crafting Promtails config file. The only directly relevant value is `config.file`
|
||||||
|
# which is a templated string that references the other values and snippets below this key.
|
||||||
|
# @default -- See `values.yaml`
|
||||||
|
config:
|
||||||
|
# -- The log level of the Promtail server
|
||||||
|
# Must be reference in `config.file` to configure `server.log_level`
|
||||||
|
# See default config in `values.yaml`
|
||||||
|
logLevel: info
|
||||||
|
# -- The port of the Promtail server
|
||||||
|
# Must be reference in `config.file` to configure `server.http_listen_port`
|
||||||
|
# See default config in `values.yaml`
|
||||||
|
serverPort: 3101
|
||||||
|
# -- The Loki address to post logs to.
|
||||||
|
# Must be reference in `config.file` to configure `client.url`.
|
||||||
|
# See default config in `values.yaml`
|
||||||
|
lokiAddress: http://{{ .Release.Name }}-loki:3100/loki/api/v1/push
|
||||||
|
# -- A section of reusable snippets that can be reference in `config.file`.
|
||||||
|
# Custom snippets may be added in order to reduce redundancy.
|
||||||
|
# This is especially helpful when multiple `kubernetes_sd_configs` are use which usually have large parts in common.
|
||||||
|
# @default -- See `values.yaml`
|
||||||
|
snippets:
|
||||||
|
pipelineStages:
|
||||||
|
- cri: {}
|
||||||
|
- match:
|
||||||
|
selector: '{app="k8s-triliovault"}'
|
||||||
|
stages:
|
||||||
|
- json:
|
||||||
|
expressions:
|
||||||
|
file: file
|
||||||
|
func: func
|
||||||
|
level: level
|
||||||
|
msg: msg
|
||||||
|
tvk_version: tvk_version
|
||||||
|
tvk_instance_id: tvk_instance_id
|
||||||
|
service_id: service_id
|
||||||
|
service_type: service_type
|
||||||
|
transaction_id: transaction_id
|
||||||
|
transaction_type: transaction_type
|
||||||
|
transaction_resource_name: transaction_resource_name
|
||||||
|
transaction_resource_namespace: transaction_resource_namespace
|
||||||
|
child_transaction_type: child_transaction_type
|
||||||
|
child_transaction_id: child_transaction_id
|
||||||
|
child_transaction_resource_name: child_transaction_resource_name
|
||||||
|
child_transaction_resource_namespace: child_transaction_resource_namespace
|
||||||
|
- labels:
|
||||||
|
file:
|
||||||
|
func:
|
||||||
|
level:
|
||||||
|
msg:
|
||||||
|
tvk_version:
|
||||||
|
tvk_instance_id:
|
||||||
|
service_id:
|
||||||
|
service_type:
|
||||||
|
transaction_id:
|
||||||
|
transaction_type:
|
||||||
|
transaction_resource_name:
|
||||||
|
transaction_resource_namespace:
|
||||||
|
child_transaction_type:
|
||||||
|
child_transaction_id:
|
||||||
|
child_transaction_resource_name:
|
||||||
|
child_transaction_resource_namespace:
|
||||||
|
common:
|
||||||
|
- action: replace
|
||||||
|
source_labels:
|
||||||
|
- __meta_kubernetes_pod_node_name
|
||||||
|
target_label: node_name
|
||||||
|
- action: replace
|
||||||
|
source_labels:
|
||||||
|
- __meta_kubernetes_namespace
|
||||||
|
target_label: namespace
|
||||||
|
- action: replace
|
||||||
|
replacement: $1
|
||||||
|
separator: /
|
||||||
|
source_labels:
|
||||||
|
- namespace
|
||||||
|
- app
|
||||||
|
target_label: job
|
||||||
|
- action: replace
|
||||||
|
source_labels:
|
||||||
|
- __meta_kubernetes_pod_name
|
||||||
|
target_label: pod
|
||||||
|
- action: replace
|
||||||
|
source_labels:
|
||||||
|
- __meta_kubernetes_pod_container_name
|
||||||
|
target_label: container
|
||||||
|
- action: replace
|
||||||
|
replacement: /var/log/pods/*$1/*.log
|
||||||
|
separator: /
|
||||||
|
source_labels:
|
||||||
|
- __meta_kubernetes_pod_uid
|
||||||
|
- __meta_kubernetes_pod_container_name
|
||||||
|
target_label: __path__
|
||||||
|
- action: replace
|
||||||
|
replacement: /var/log/pods/*$1/*.log
|
||||||
|
regex: true/(.*)
|
||||||
|
separator: /
|
||||||
|
source_labels:
|
||||||
|
- __meta_kubernetes_pod_annotationpresent_kubernetes_io_config_hash
|
||||||
|
- __meta_kubernetes_pod_annotation_kubernetes_io_config_hash
|
||||||
|
- __meta_kubernetes_pod_container_name
|
||||||
|
target_label: __path__
|
||||||
|
|
||||||
|
# If set to true, adds an additional label for the scrape job.
|
||||||
|
# This helps debug the Promtail config.
|
||||||
|
addScrapeJobLabel: false
|
||||||
|
|
||||||
|
# -- You can put here any keys that will be directly added to the config file's 'client' block.
|
||||||
|
# @default -- empty
|
||||||
|
extraClientConfigs: []
|
||||||
|
|
||||||
|
# -- You can put here any additional scrape configs you want to add to the config file.
|
||||||
|
# @default -- empty
|
||||||
|
extraScrapeConfigs: ""
|
||||||
|
|
||||||
|
# -- You can put here any additional relabel_configs to "kubernetes-pods" job
|
||||||
|
extraRelabelConfigs: []
|
||||||
|
|
||||||
|
scrapeConfigs: |
|
||||||
|
# See also https://github.com/grafana/loki/blob/master/production/ksonnet/promtail/scrape_config.libsonnet for reference
|
||||||
|
- job_name: kubernetes-pods
|
||||||
|
pipeline_stages:
|
||||||
|
{{- toYaml .Values.config.snippets.pipelineStages | nindent 4 }}
|
||||||
|
kubernetes_sd_configs:
|
||||||
|
- role: pod
|
||||||
|
relabel_configs:
|
||||||
|
- source_labels:
|
||||||
|
- __meta_kubernetes_pod_controller_name
|
||||||
|
regex: ([0-9a-z-.]+?)(-[0-9a-f]{8,10})?
|
||||||
|
action: replace
|
||||||
|
target_label: __tmp_controller_name
|
||||||
|
- source_labels:
|
||||||
|
- __meta_kubernetes_pod_label_app_kubernetes_io_name
|
||||||
|
- __meta_kubernetes_pod_label_app
|
||||||
|
- __tmp_controller_name
|
||||||
|
- __meta_kubernetes_pod_name
|
||||||
|
regex: ^;*([^;]+)(;.*)?$
|
||||||
|
action: replace
|
||||||
|
target_label: app
|
||||||
|
- source_labels:
|
||||||
|
- __meta_kubernetes_pod_label_app_kubernetes_io_component
|
||||||
|
- __meta_kubernetes_pod_label_component
|
||||||
|
regex: ^;*([^;]+)(;.*)?$
|
||||||
|
action: replace
|
||||||
|
target_label: component
|
||||||
|
{{- if .Values.config.snippets.addScrapeJobLabel }}
|
||||||
|
- replacement: kubernetes-pods
|
||||||
|
target_label: scrape_job
|
||||||
|
{{- end }}
|
||||||
|
{{- toYaml .Values.config.snippets.common | nindent 4 }}
|
||||||
|
{{- with .Values.config.snippets.extraRelabelConfigs }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
# -- Config file contents for Promtail.
|
||||||
|
# Must be configured as string.
|
||||||
|
# It is templated so it can be assembled from reusable snippets in order to avoid redundancy.
|
||||||
|
# @default -- See `values.yaml`
|
||||||
|
file: |
|
||||||
|
server:
|
||||||
|
log_level: {{ .Values.config.logLevel }}
|
||||||
|
http_listen_port: {{ .Values.config.serverPort }}
|
||||||
|
|
||||||
|
clients:
|
||||||
|
- url: {{ tpl .Values.config.lokiAddress . }}
|
||||||
|
{{- with .Values.config.snippets.extraClientConfigs }}
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
positions:
|
||||||
|
filename: /run/promtail/positions.yaml
|
||||||
|
|
||||||
|
scrape_configs:
|
||||||
|
{{- tpl .Values.config.snippets.scrapeConfigs . | nindent 2 }}
|
||||||
|
{{- tpl .Values.config.snippets.extraScrapeConfigs . | nindent 2 }}
|
||||||
|
|
||||||
|
networkPolicy:
|
||||||
|
# -- Specifies whether Network Policies should be created
|
||||||
|
enabled: false
|
||||||
|
metrics:
|
||||||
|
# -- Specifies the Pods which are allowed to access the metrics port.
|
||||||
|
# As this is cross-namespace communication, you also neeed the namespaceSelector.
|
||||||
|
podSelector: {}
|
||||||
|
# -- Specifies the namespaces which are allowed to access the metrics port
|
||||||
|
namespaceSelector: {}
|
||||||
|
# -- Specifies specific network CIDRs which are allowed to access the metrics port.
|
||||||
|
# In case you use namespaceSelector, you also have to specify your kubelet networks here.
|
||||||
|
# The metrics ports are also used for probes.
|
||||||
|
cidrs: []
|
||||||
|
k8sApi:
|
||||||
|
# -- Specify the k8s API endpoint port
|
||||||
|
port: 8443
|
||||||
|
# -- Specifies specific network CIDRs you want to limit access to
|
||||||
|
cidrs: []
|
||||||
|
|
||||||
|
# -- Extra K8s manifests to deploy
|
||||||
|
extraObjects: []
|
||||||
|
# - apiVersion: "kubernetes-client.io/v1"
|
||||||
|
# kind: ExternalSecret
|
||||||
|
# metadata:
|
||||||
|
# name: promtail-secrets
|
||||||
|
# spec:
|
||||||
|
# backendType: gcpSecretsManager
|
||||||
|
# data:
|
||||||
|
# - key: promtail-oauth2-creds
|
||||||
|
# name: client_secret
|
|
@ -0,0 +1,50 @@
|
||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "logging.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "logging.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride -}}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "logging.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
The service name to connect to Loki. Defaults to the same logic as "loki.fullname"
|
||||||
|
*/}}
|
||||||
|
{{- define "loki.serviceName" -}}
|
||||||
|
{{- if .Values.loki.serviceName -}}
|
||||||
|
{{- .Values.loki.serviceName -}}
|
||||||
|
{{- else if .Values.loki.fullnameOverride -}}
|
||||||
|
{{- .Values.loki.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default "loki" .Values.loki.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ template "logging.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "logging.name" . }}
|
||||||
|
chart: {{ template "logging.chart" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ template "logging.name" . }}
|
||||||
|
{{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
|
||||||
|
grafana_datasource: "1"
|
||||||
|
data:
|
||||||
|
logging-datasource.yaml: |-
|
||||||
|
apiVersion: 1
|
||||||
|
datasources:
|
||||||
|
{{- if .Values.loki.enabled }}
|
||||||
|
- name: Loki
|
||||||
|
type: loki
|
||||||
|
access: proxy
|
||||||
|
url: http://{{(include "loki.serviceName" .)}}:{{ .Values.loki.service.port }}
|
||||||
|
version: 1
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 0.1.0
|
||||||
|
dependencies:
|
||||||
|
- condition: prometheus.enabled
|
||||||
|
name: prometheus
|
||||||
|
repository: https://prometheus-community.github.io/helm-charts
|
||||||
|
version: ^15.8.7
|
||||||
|
description: Monitoring Stack designed to manage the K8s-TrilioVault Application's
|
||||||
|
Monitoring.
|
||||||
|
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
|
||||||
|
kubeVersion: '>=1.19.0-0'
|
||||||
|
maintainers:
|
||||||
|
- email: support@trilio.io
|
||||||
|
name: Trilio
|
||||||
|
name: monitoring
|
||||||
|
version: 0.1.0
|
|
@ -0,0 +1,22 @@
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 2.34.0
|
||||||
|
dependencies:
|
||||||
|
- condition: kubeStateMetrics.enabled
|
||||||
|
name: kube-state-metrics
|
||||||
|
repository: https://prometheus-community.github.io/helm-charts
|
||||||
|
version: 4.7.*
|
||||||
|
description: Prometheus is a monitoring system and time series database.
|
||||||
|
home: https://prometheus.io/
|
||||||
|
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
|
||||||
|
maintainers:
|
||||||
|
- email: support@trilio.io
|
||||||
|
name: Trilio
|
||||||
|
name: prometheus
|
||||||
|
sources:
|
||||||
|
- https://github.com/prometheus/alertmanager
|
||||||
|
- https://github.com/prometheus/prometheus
|
||||||
|
- https://github.com/prometheus/pushgateway
|
||||||
|
- https://github.com/prometheus/node_exporter
|
||||||
|
- https://github.com/kubernetes/kube-state-metrics
|
||||||
|
type: application
|
||||||
|
version: 15.8.7
|
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 2.4.1
|
||||||
|
description: Install kube-state-metrics to generate and expose cluster-level metrics
|
||||||
|
home: https://github.com/kubernetes/kube-state-metrics/
|
||||||
|
keywords:
|
||||||
|
- metric
|
||||||
|
- monitoring
|
||||||
|
- prometheus
|
||||||
|
- kubernetes
|
||||||
|
maintainers:
|
||||||
|
- email: support@trilio.io
|
||||||
|
name: Trilio
|
||||||
|
name: kube-state-metrics
|
||||||
|
sources:
|
||||||
|
- https://github.com/kubernetes/kube-state-metrics/
|
||||||
|
type: application
|
||||||
|
version: 4.7.0
|
|
@ -0,0 +1,10 @@
|
||||||
|
kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
|
||||||
|
The exposed metrics can be found here:
|
||||||
|
https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics
|
||||||
|
|
||||||
|
The metrics are exported on the HTTP endpoint /metrics on the listening port.
|
||||||
|
In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics
|
||||||
|
|
||||||
|
They are served either as plaintext or protobuf depending on the Accept header.
|
||||||
|
They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint.
|
||||||
|
|
|
@ -0,0 +1,82 @@
|
||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "kube-state-metrics.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "kube-state-metrics.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride -}}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use
|
||||||
|
*/}}
|
||||||
|
{{- define "kube-state-metrics.serviceAccountName" -}}
|
||||||
|
{{- if .Values.serviceAccount.create -}}
|
||||||
|
{{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ default "default" .Values.serviceAccount.name }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||||
|
*/}}
|
||||||
|
{{- define "kube-state-metrics.namespace" -}}
|
||||||
|
{{- if .Values.namespaceOverride -}}
|
||||||
|
{{- .Values.namespaceOverride -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- .Release.Namespace -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "kube-state-metrics.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Generate basic labels
|
||||||
|
*/}}
|
||||||
|
{{- define "kube-state-metrics.labels" }}
|
||||||
|
helm.sh/chart: {{ template "kube-state-metrics.chart" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/component: metrics
|
||||||
|
app.kubernetes.io/part-of: {{ template "kube-state-metrics.name" . }}
|
||||||
|
{{- include "kube-state-metrics.selectorLabels" . }}
|
||||||
|
{{- if .Chart.AppVersion }}
|
||||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.customLabels }}
|
||||||
|
{{ toYaml .Values.customLabels }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.releaseLabel }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Selector labels
|
||||||
|
*/}}
|
||||||
|
{{- define "kube-state-metrics.selectorLabels" }}
|
||||||
|
app.kubernetes.io/name: {{ include "kube-state-metrics.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
name: {{ template "kube-state-metrics.fullname" . }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
{{- if .Values.rbac.useExistingRole }}
|
||||||
|
name: {{ .Values.rbac.useExistingRole }}
|
||||||
|
{{- else }}
|
||||||
|
name: {{ template "kube-state-metrics.fullname" . }}
|
||||||
|
{{- end }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,156 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
{{- if .Values.autosharding.enabled }}
|
||||||
|
kind: StatefulSet
|
||||||
|
{{- else }}
|
||||||
|
kind: Deployment
|
||||||
|
{{- end }}
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kube-state-metrics.fullname" . }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
|
||||||
|
replicas: {{ .Values.replicas }}
|
||||||
|
{{- if .Values.autosharding.enabled }}
|
||||||
|
serviceName: {{ template "kube-state-metrics.fullname" . }}
|
||||||
|
updateStrategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
volumeClaimTemplates: []
|
||||||
|
{{- else }}
|
||||||
|
strategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
{{- end }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 8 }}
|
||||||
|
{{- if .Values.podAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.podAnnotations | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
hostNetwork: {{ .Values.hostNetwork }}
|
||||||
|
serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||||
|
{{- if .Values.securityContext.enabled }}
|
||||||
|
securityContext:
|
||||||
|
fsGroup: {{ .Values.securityContext.fsGroup }}
|
||||||
|
runAsGroup: {{ .Values.securityContext.runAsGroup }}
|
||||||
|
runAsUser: {{ .Values.securityContext.runAsUser }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.priorityClassName }}
|
||||||
|
priorityClassName: {{ .Values.priorityClassName }}
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}
|
||||||
|
{{- if .Values.autosharding.enabled }}
|
||||||
|
env:
|
||||||
|
- name: POD_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.name
|
||||||
|
- name: POD_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
{{- end }}
|
||||||
|
args:
|
||||||
|
{{- if .Values.extraArgs }}
|
||||||
|
{{- range .Values.extraArgs }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.service.port }}
|
||||||
|
- --port={{ .Values.service.port | default 8080}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.collectors }}
|
||||||
|
- --resources={{ .Values.collectors | join "," }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.metricLabelsAllowlist }}
|
||||||
|
- --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.metricAnnotationsAllowList }}
|
||||||
|
- --metric-annotations-allowlist={{ .Values.metricAnnotationsAllowList | join "," }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.metricAllowlist }}
|
||||||
|
- --metric-allowlist={{ .Values.metricAllowlist | join "," }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.metricDenylist }}
|
||||||
|
- --metric-denylist={{ .Values.metricDenylist | join "," }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.namespaces }}
|
||||||
|
- --namespaces={{ tpl (.Values.namespaces | join ",") $ }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.namespacesDenylist }}
|
||||||
|
- --namespaces-denylist={{ tpl (.Values.namespacesDenylist | join ",") $ }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.autosharding.enabled }}
|
||||||
|
- --pod=$(POD_NAME)
|
||||||
|
- --pod-namespace=$(POD_NAMESPACE)
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.kubeconfig.enabled }}
|
||||||
|
- --kubeconfig=/opt/k8s/.kube/config
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.selfMonitor.telemetryHost }}
|
||||||
|
- --telemetry-host={{ .Values.selfMonitor.telemetryHost }}
|
||||||
|
{{- end }}
|
||||||
|
- --telemetry-port={{ .Values.selfMonitor.telemetryPort | default 8081 }}
|
||||||
|
{{- if .Values.kubeconfig.enabled }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: kubeconfig
|
||||||
|
mountPath: /opt/k8s/.kube/
|
||||||
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||||
|
ports:
|
||||||
|
- containerPort: {{ .Values.service.port | default 8080}}
|
||||||
|
name: "http"
|
||||||
|
{{- if .Values.selfMonitor.enabled }}
|
||||||
|
- containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
|
||||||
|
name: "metrics"
|
||||||
|
{{- end }}
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: {{ .Values.service.port | default 8080}}
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
timeoutSeconds: 5
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /
|
||||||
|
port: {{ .Values.service.port | default 8080}}
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
timeoutSeconds: 5
|
||||||
|
{{- if .Values.resources }}
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.resources | indent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.containerSecurityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.containerSecurityContext | indent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{ toYaml .Values.affinity | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{ toYaml .Values.tolerations | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.kubeconfig.enabled}}
|
||||||
|
volumes:
|
||||||
|
- name: kubeconfig
|
||||||
|
secret:
|
||||||
|
secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,12 @@
|
||||||
|
{{- if .Values.kubeconfig.enabled -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
config: '{{ .Values.kubeconfig.secret }}'
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{{- if .Values.podDisruptionBudget -}}
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodDisruptionBudget
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kube-state-metrics.fullname" . }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }}
|
||||||
|
{{ toYaml .Values.podDisruptionBudget | indent 2 }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,39 @@
|
||||||
|
{{- if .Values.podSecurityPolicy.enabled }}
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kube-state-metrics.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
{{- if .Values.podSecurityPolicy.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
privileged: false
|
||||||
|
volumes:
|
||||||
|
- 'secret'
|
||||||
|
{{- if .Values.podSecurityPolicy.additionalVolumes }}
|
||||||
|
{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
hostNetwork: false
|
||||||
|
hostIPC: false
|
||||||
|
hostPID: false
|
||||||
|
runAsUser:
|
||||||
|
rule: 'MustRunAsNonRoot'
|
||||||
|
seLinux:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
supplementalGroups:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
# Forbid adding the root group.
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
fsGroup:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
# Forbid adding the root group.
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||||
|
rules:
|
||||||
|
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
|
||||||
|
{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
|
||||||
|
- apiGroups: ['policy']
|
||||||
|
{{- else }}
|
||||||
|
- apiGroups: ['extensions']
|
||||||
|
{{- end }}
|
||||||
|
resources: ['podsecuritypolicies']
|
||||||
|
verbs: ['use']
|
||||||
|
resourceNames:
|
||||||
|
- {{ template "kube-state-metrics.fullname" . }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- if and .Values.podSecurityPolicy.enabled .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: psp-{{ template "kube-state-metrics.fullname" . }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,187 @@
|
||||||
|
{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}}
|
||||||
|
{{- range (ternary (split "," .Values.namespaces) (list "") (eq $.Values.rbac.useClusterRole false)) }}
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
{{- if eq $.Values.rbac.useClusterRole false }}
|
||||||
|
kind: Role
|
||||||
|
{{- else }}
|
||||||
|
kind: ClusterRole
|
||||||
|
{{- end }}
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" $ | indent 4 }}
|
||||||
|
name: {{ template "kube-state-metrics.fullname" $ }}
|
||||||
|
{{- if eq $.Values.rbac.useClusterRole false }}
|
||||||
|
namespace: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
rules:
|
||||||
|
{{ if has "certificatesigningrequests" $.Values.collectors }}
|
||||||
|
- apiGroups: ["certificates.k8s.io"]
|
||||||
|
resources:
|
||||||
|
- certificatesigningrequests
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "configmaps" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- configmaps
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "cronjobs" $.Values.collectors }}
|
||||||
|
- apiGroups: ["batch"]
|
||||||
|
resources:
|
||||||
|
- cronjobs
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "daemonsets" $.Values.collectors }}
|
||||||
|
- apiGroups: ["extensions", "apps"]
|
||||||
|
resources:
|
||||||
|
- daemonsets
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "deployments" $.Values.collectors }}
|
||||||
|
- apiGroups: ["extensions", "apps"]
|
||||||
|
resources:
|
||||||
|
- deployments
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "endpoints" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- endpoints
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "horizontalpodautoscalers" $.Values.collectors }}
|
||||||
|
- apiGroups: ["autoscaling"]
|
||||||
|
resources:
|
||||||
|
- horizontalpodautoscalers
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "ingresses" $.Values.collectors }}
|
||||||
|
- apiGroups: ["extensions", "networking.k8s.io"]
|
||||||
|
resources:
|
||||||
|
- ingresses
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "jobs" $.Values.collectors }}
|
||||||
|
- apiGroups: ["batch"]
|
||||||
|
resources:
|
||||||
|
- jobs
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "limitranges" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- limitranges
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "mutatingwebhookconfigurations" $.Values.collectors }}
|
||||||
|
- apiGroups: ["admissionregistration.k8s.io"]
|
||||||
|
resources:
|
||||||
|
- mutatingwebhookconfigurations
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "namespaces" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- namespaces
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "networkpolicies" $.Values.collectors }}
|
||||||
|
- apiGroups: ["networking.k8s.io"]
|
||||||
|
resources:
|
||||||
|
- networkpolicies
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "nodes" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- nodes
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "persistentvolumeclaims" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- persistentvolumeclaims
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "persistentvolumes" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- persistentvolumes
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "poddisruptionbudgets" $.Values.collectors }}
|
||||||
|
- apiGroups: ["policy"]
|
||||||
|
resources:
|
||||||
|
- poddisruptionbudgets
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "pods" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "replicasets" $.Values.collectors }}
|
||||||
|
- apiGroups: ["extensions", "apps"]
|
||||||
|
resources:
|
||||||
|
- replicasets
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "replicationcontrollers" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- replicationcontrollers
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "resourcequotas" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- resourcequotas
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "secrets" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "services" $.Values.collectors }}
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources:
|
||||||
|
- services
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "statefulsets" $.Values.collectors }}
|
||||||
|
- apiGroups: ["apps"]
|
||||||
|
resources:
|
||||||
|
- statefulsets
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "storageclasses" $.Values.collectors }}
|
||||||
|
- apiGroups: ["storage.k8s.io"]
|
||||||
|
resources:
|
||||||
|
- storageclasses
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "validatingwebhookconfigurations" $.Values.collectors }}
|
||||||
|
- apiGroups: ["admissionregistration.k8s.io"]
|
||||||
|
resources:
|
||||||
|
- validatingwebhookconfigurations
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "volumeattachments" $.Values.collectors }}
|
||||||
|
- apiGroups: ["storage.k8s.io"]
|
||||||
|
resources:
|
||||||
|
- volumeattachments
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{ if has "verticalpodautoscalers" $.Values.collectors }}
|
||||||
|
- apiGroups: ["autoscaling.k8s.io"]
|
||||||
|
resources:
|
||||||
|
- verticalpodautoscalers
|
||||||
|
verbs: ["list", "watch"]
|
||||||
|
{{ end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
||||||
|
{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}}
|
||||||
|
{{- range (split "," $.Values.namespaces) }}
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" $ | indent 4 }}
|
||||||
|
name: {{ template "kube-state-metrics.fullname" $ }}
|
||||||
|
namespace: {{ . }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
{{- if (not $.Values.rbac.useExistingRole) }}
|
||||||
|
name: {{ template "kube-state-metrics.fullname" $ }}
|
||||||
|
{{- else }}
|
||||||
|
name: {{ $.Values.rbac.useExistingRole }}
|
||||||
|
{{- end }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "kube-state-metrics.serviceAccountName" $ }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" $ }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,38 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kube-state-metrics.fullname" . }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
annotations:
|
||||||
|
{{- if .Values.prometheusScrape }}
|
||||||
|
prometheus.io/scrape: '{{ .Values.prometheusScrape }}'
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.service.annotations }}
|
||||||
|
{{- toYaml .Values.service.annotations | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
type: "{{ .Values.service.type }}"
|
||||||
|
ports:
|
||||||
|
- name: "http"
|
||||||
|
protocol: TCP
|
||||||
|
port: {{ .Values.service.port | default 8080}}
|
||||||
|
{{- if .Values.service.nodePort }}
|
||||||
|
nodePort: {{ .Values.service.nodePort }}
|
||||||
|
{{- end }}
|
||||||
|
targetPort: {{ .Values.service.port | default 8080}}
|
||||||
|
{{ if .Values.selfMonitor.enabled }}
|
||||||
|
- name: "metrics"
|
||||||
|
protocol: TCP
|
||||||
|
port: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
|
||||||
|
targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }}
|
||||||
|
{{ end }}
|
||||||
|
{{- if .Values.service.loadBalancerIP }}
|
||||||
|
loadBalancerIP: "{{ .Values.service.loadBalancerIP }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.service.clusterIP }}
|
||||||
|
clusterIP: "{{ .Values.service.clusterIP }}"
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
{{- include "kube-state-metrics.selectorLabels" . | indent 4 }}
|
|
@ -0,0 +1,15 @@
|
||||||
|
{{- if .Values.serviceAccount.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
name: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
{{- if .Values.serviceAccount.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,66 @@
|
||||||
|
{{- if .Values.prometheus.monitor.enabled }}
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: ServiceMonitor
|
||||||
|
metadata:
|
||||||
|
name: {{ template "kube-state-metrics.fullname" . }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
{{- with .Values.prometheus.monitor.additionalLabels }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- if .Values.prometheus.monitor.selectorOverride -}}
|
||||||
|
{{ toYaml .Values.prometheus.monitor.selectorOverride | nindent 6 }}
|
||||||
|
{{ else }}
|
||||||
|
{{- include "kube-state-metrics.selectorLabels" . | indent 6 }}
|
||||||
|
{{- end }}
|
||||||
|
endpoints:
|
||||||
|
- port: http
|
||||||
|
{{- if .Values.prometheus.monitor.interval }}
|
||||||
|
interval: {{ .Values.prometheus.monitor.interval }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.scrapeTimeout }}
|
||||||
|
scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.honorLabels }}
|
||||||
|
honorLabels: true
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.metricRelabelings }}
|
||||||
|
metricRelabelings:
|
||||||
|
{{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.relabelings }}
|
||||||
|
relabelings:
|
||||||
|
{{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.selfMonitor.enabled }}
|
||||||
|
- port: metrics
|
||||||
|
{{- if .Values.prometheus.monitor.interval }}
|
||||||
|
interval: {{ .Values.prometheus.monitor.interval }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.scrapeTimeout }}
|
||||||
|
scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.proxyUrl }}
|
||||||
|
proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.honorLabels }}
|
||||||
|
honorLabels: true
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.metricRelabelings }}
|
||||||
|
metricRelabelings:
|
||||||
|
{{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.prometheus.monitor.relabelings }}
|
||||||
|
relabelings:
|
||||||
|
{{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,26 @@
|
||||||
|
{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- pods
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- apiGroups:
|
||||||
|
- apps
|
||||||
|
resourceNames:
|
||||||
|
- {{ template "kube-state-metrics.fullname" . }}
|
||||||
|
resources:
|
||||||
|
- statefulsets
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,17 @@
|
||||||
|
{{- if and .Values.autosharding.enabled .Values.rbac.create -}}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "kube-state-metrics.labels" . | indent 4 }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "kube-state-metrics.serviceAccountName" . }}
|
||||||
|
namespace: {{ template "kube-state-metrics.namespace" . }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,232 @@
|
||||||
|
# Default values for kube-state-metrics.
|
||||||
|
prometheusScrape: true
|
||||||
|
image:
|
||||||
|
repository: k8s.gcr.io/kube-state-metrics/kube-state-metrics
|
||||||
|
tag: v2.4.1
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
|
imagePullSecrets: []
|
||||||
|
# - name: "image-pull-secret"
|
||||||
|
|
||||||
|
# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data
|
||||||
|
# will be automatically sharded across <.Values.replicas> pods using the built-in
|
||||||
|
# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding
|
||||||
|
# This is an experimental feature and there are no stability guarantees.
|
||||||
|
autosharding:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
replicas: 1
|
||||||
|
|
||||||
|
# List of additional cli arguments to configure kube-state-metrics
|
||||||
|
# for example: --enable-gzip-encoding, --log-file, etc.
|
||||||
|
# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md
|
||||||
|
extraArgs: []
|
||||||
|
|
||||||
|
service:
|
||||||
|
port: 8080
|
||||||
|
# Default to clusterIP for backward compatibility
|
||||||
|
type: ClusterIP
|
||||||
|
nodePort: 0
|
||||||
|
loadBalancerIP: ""
|
||||||
|
clusterIP: ""
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
## Additional labels to add to all resources
|
||||||
|
customLabels: {}
|
||||||
|
# app: kube-state-metrics
|
||||||
|
|
||||||
|
## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box
|
||||||
|
releaseLabel: false
|
||||||
|
|
||||||
|
hostNetwork: false
|
||||||
|
|
||||||
|
rbac:
|
||||||
|
# If true, create & use RBAC resources
|
||||||
|
create: true
|
||||||
|
|
||||||
|
# Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here.
|
||||||
|
# useExistingRole: your-existing-role
|
||||||
|
|
||||||
|
# If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to)
|
||||||
|
useClusterRole: true
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
# Specifies whether a ServiceAccount should be created, require rbac true
|
||||||
|
create: true
|
||||||
|
# The name of the ServiceAccount to use.
|
||||||
|
# If not set and create is true, a name is generated using the fullname template
|
||||||
|
name:
|
||||||
|
# Reference to one or more secrets to be used when pulling images
|
||||||
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||||
|
imagePullSecrets: []
|
||||||
|
# ServiceAccount annotations.
|
||||||
|
# Use case: AWS EKS IAM roles for service accounts
|
||||||
|
# ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
|
||||||
|
annotations: {}
|
||||||
|
|
||||||
|
prometheus:
|
||||||
|
monitor:
|
||||||
|
enabled: false
|
||||||
|
additionalLabels: {}
|
||||||
|
namespace: ""
|
||||||
|
jobLabel: ""
|
||||||
|
interval: ""
|
||||||
|
scrapeTimeout: ""
|
||||||
|
proxyUrl: ""
|
||||||
|
selectorOverride: {}
|
||||||
|
honorLabels: false
|
||||||
|
metricRelabelings: []
|
||||||
|
relabelings: []
|
||||||
|
|
||||||
|
## Specify if a Pod Security Policy for kube-state-metrics must be created
|
||||||
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
|
||||||
|
##
|
||||||
|
podSecurityPolicy:
|
||||||
|
enabled: false
|
||||||
|
annotations: {}
|
||||||
|
## Specify pod annotations
|
||||||
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
|
||||||
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
|
||||||
|
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
|
||||||
|
##
|
||||||
|
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
||||||
|
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
|
||||||
|
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
|
||||||
|
|
||||||
|
additionalVolumes: []
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsGroup: 65534
|
||||||
|
runAsUser: 65534
|
||||||
|
fsGroup: 65534
|
||||||
|
|
||||||
|
## Specify security settings for a Container
|
||||||
|
## Allows overrides and additional options compared to (Pod) securityContext
|
||||||
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||||
|
containerSecurityContext: {}
|
||||||
|
|
||||||
|
## Node labels for pod assignment
|
||||||
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
## Affinity settings for pod assignment
|
||||||
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
||||||
|
affinity: {}
|
||||||
|
|
||||||
|
## Tolerations for pod assignment
|
||||||
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||||
|
tolerations: []
|
||||||
|
|
||||||
|
# Annotations to be added to the pod
|
||||||
|
podAnnotations: {}
|
||||||
|
|
||||||
|
## Assign a PriorityClassName to pods if set
|
||||||
|
# priorityClassName: ""
|
||||||
|
|
||||||
|
# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
|
||||||
|
podDisruptionBudget: {}
|
||||||
|
|
||||||
|
updateStrategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
|
||||||
|
# Comma-separated list of metrics to be exposed.
|
||||||
|
# This list comprises of exact metric names and/or regex patterns.
|
||||||
|
# The allowlist and denylist are mutually exclusive.
|
||||||
|
metricAllowlist: []
|
||||||
|
|
||||||
|
# Comma-separated list of metrics not to be enabled.
|
||||||
|
# This list comprises of exact metric names and/or regex patterns.
|
||||||
|
# The allowlist and denylist are mutually exclusive.
|
||||||
|
metricDenylist: []
|
||||||
|
|
||||||
|
# Comma-separated list of additional Kubernetes label keys that will be used in the resource's
|
||||||
|
# labels metric. By default the metric contains only name and namespace labels.
|
||||||
|
# To include additional labels, provide a list of resource names in their plural form and Kubernetes
|
||||||
|
# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'.
|
||||||
|
# A single '*' can be provided per resource instead to allow any labels, but that has
|
||||||
|
# severe performance implications (Example: '=pods=[*]').
|
||||||
|
metricLabelsAllowlist: []
|
||||||
|
# - namespaces=[k8s-label-1,k8s-label-n]
|
||||||
|
|
||||||
|
# Comma-separated list of Kubernetes annotations keys that will be used in the resource'
|
||||||
|
# labels metric. By default the metric contains only name and namespace labels.
|
||||||
|
# To include additional annotations provide a list of resource names in their plural form and Kubernetes
|
||||||
|
# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'.
|
||||||
|
# A single '*' can be provided per resource instead to allow any annotations, but that has
|
||||||
|
# severe performance implications (Example: '=pods=[*]').
|
||||||
|
metricAnnotationsAllowList: []
|
||||||
|
# - pods=[k8s-annotation-1,k8s-annotation-n]
|
||||||
|
|
||||||
|
# Available collectors for kube-state-metrics.
|
||||||
|
# By default, all available resources are enabled, comment out to disable.
|
||||||
|
collectors:
|
||||||
|
- certificatesigningrequests
|
||||||
|
- configmaps
|
||||||
|
- cronjobs
|
||||||
|
- daemonsets
|
||||||
|
- deployments
|
||||||
|
- endpoints
|
||||||
|
- horizontalpodautoscalers
|
||||||
|
- ingresses
|
||||||
|
- jobs
|
||||||
|
- limitranges
|
||||||
|
- mutatingwebhookconfigurations
|
||||||
|
- namespaces
|
||||||
|
- networkpolicies
|
||||||
|
- nodes
|
||||||
|
- persistentvolumeclaims
|
||||||
|
- persistentvolumes
|
||||||
|
- poddisruptionbudgets
|
||||||
|
- pods
|
||||||
|
- replicasets
|
||||||
|
- replicationcontrollers
|
||||||
|
- resourcequotas
|
||||||
|
- secrets
|
||||||
|
- services
|
||||||
|
- statefulsets
|
||||||
|
- storageclasses
|
||||||
|
- validatingwebhookconfigurations
|
||||||
|
- volumeattachments
|
||||||
|
# - verticalpodautoscalers # not a default resource, see also: https://github.com/kubernetes/kube-state-metrics#enabling-verticalpodautoscalers
|
||||||
|
|
||||||
|
# Enabling kubeconfig will pass the --kubeconfig argument to the container
|
||||||
|
kubeconfig:
|
||||||
|
enabled: false
|
||||||
|
# base64 encoded kube-config file
|
||||||
|
secret:
|
||||||
|
|
||||||
|
# Comma-separated list of namespaces to be enabled for collecting resources. By default all namespaces are collected.
|
||||||
|
namespaces: ""
|
||||||
|
|
||||||
|
# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set,
|
||||||
|
# only namespaces that are excluded in namespaces-denylist will be used.
|
||||||
|
namespacesDenylist: ""
|
||||||
|
|
||||||
|
## Override the deployment namespace
|
||||||
|
##
|
||||||
|
namespaceOverride: ""
|
||||||
|
|
||||||
|
resources:
|
||||||
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||||
|
# choice for the user. This also increases chances charts run on environments with little
|
||||||
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||||
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 128Mi
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 64Mi
|
||||||
|
|
||||||
|
## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role.
|
||||||
|
## For example: kubeTargetVersionOverride: 1.14.9
|
||||||
|
##
|
||||||
|
kubeTargetVersionOverride: ""
|
||||||
|
|
||||||
|
# Enable self metrics configuration for service and Service Monitor
|
||||||
|
# Default values for telemetry configuration can be overridden
|
||||||
|
selfMonitor:
|
||||||
|
enabled: false
|
||||||
|
# telemetryHost: 0.0.0.0
|
||||||
|
# telemetryPort: 8081
|
|
@ -0,0 +1,112 @@
|
||||||
|
{{- if .Values.server.enabled -}}
|
||||||
|
The Prometheus server can be accessed via port {{ .Values.server.service.servicePort }} on the following DNS name from within your cluster:
|
||||||
|
{{ template "prometheus.server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||||
|
|
||||||
|
{{ if .Values.server.ingress.enabled -}}
|
||||||
|
From outside the cluster, the server URL(s) are:
|
||||||
|
{{- range .Values.server.ingress.hosts }}
|
||||||
|
http://{{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
Get the Prometheus server URL by running these commands in the same shell:
|
||||||
|
{{- if contains "NodePort" .Values.server.service.type }}
|
||||||
|
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.server.fullname" . }})
|
||||||
|
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||||
|
echo http://$NODE_IP:$NODE_PORT
|
||||||
|
{{- else if contains "LoadBalancer" .Values.server.service.type }}
|
||||||
|
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||||
|
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.server.fullname" . }}'
|
||||||
|
|
||||||
|
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||||
|
echo http://$SERVICE_IP:{{ .Values.server.service.servicePort }}
|
||||||
|
{{- else if contains "ClusterIP" .Values.server.service.type }}
|
||||||
|
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.server.name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||||
|
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9090
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.server.persistentVolume.enabled }}
|
||||||
|
{{- else }}
|
||||||
|
#################################################################################
|
||||||
|
###### WARNING: Persistence is disabled!!! You will lose your data when #####
|
||||||
|
###### the Server pod is terminated. #####
|
||||||
|
#################################################################################
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ if .Values.alertmanager.enabled }}
|
||||||
|
The Prometheus alertmanager can be accessed via port {{ .Values.alertmanager.service.servicePort }} on the following DNS name from within your cluster:
|
||||||
|
{{ template "prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||||
|
|
||||||
|
{{ if .Values.alertmanager.ingress.enabled -}}
|
||||||
|
From outside the cluster, the alertmanager URL(s) are:
|
||||||
|
{{- range .Values.alertmanager.ingress.hosts }}
|
||||||
|
http://{{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
Get the Alertmanager URL by running these commands in the same shell:
|
||||||
|
{{- if contains "NodePort" .Values.alertmanager.service.type }}
|
||||||
|
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.alertmanager.fullname" . }})
|
||||||
|
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||||
|
echo http://$NODE_IP:$NODE_PORT
|
||||||
|
{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }}
|
||||||
|
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||||
|
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.alertmanager.fullname" . }}'
|
||||||
|
|
||||||
|
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.alertmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||||
|
echo http://$SERVICE_IP:{{ .Values.alertmanager.service.servicePort }}
|
||||||
|
{{- else if contains "ClusterIP" .Values.alertmanager.service.type }}
|
||||||
|
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.alertmanager.name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||||
|
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9093
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.alertmanager.persistentVolume.enabled }}
|
||||||
|
{{- else }}
|
||||||
|
#################################################################################
|
||||||
|
###### WARNING: Persistence is disabled!!! You will lose your data when #####
|
||||||
|
###### the AlertManager pod is terminated. #####
|
||||||
|
#################################################################################
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.nodeExporter.podSecurityPolicy.enabled }}
|
||||||
|
{{- else }}
|
||||||
|
#################################################################################
|
||||||
|
###### WARNING: Pod Security Policy has been moved to a global property. #####
|
||||||
|
###### use .Values.podSecurityPolicy.enabled with pod-based #####
|
||||||
|
###### annotations #####
|
||||||
|
###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) #####
|
||||||
|
#################################################################################
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ if .Values.pushgateway.enabled }}
|
||||||
|
The Prometheus PushGateway can be accessed via port {{ .Values.pushgateway.service.servicePort }} on the following DNS name from within your cluster:
|
||||||
|
{{ template "prometheus.pushgateway.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||||
|
|
||||||
|
{{ if .Values.pushgateway.ingress.enabled -}}
|
||||||
|
From outside the cluster, the pushgateway URL(s) are:
|
||||||
|
{{- range .Values.pushgateway.ingress.hosts }}
|
||||||
|
http://{{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
Get the PushGateway URL by running these commands in the same shell:
|
||||||
|
{{- if contains "NodePort" .Values.pushgateway.service.type }}
|
||||||
|
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.pushgateway.fullname" . }})
|
||||||
|
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||||
|
echo http://$NODE_IP:$NODE_PORT
|
||||||
|
{{- else if contains "LoadBalancer" .Values.pushgateway.service.type }}
|
||||||
|
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||||
|
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.pushgateway.fullname" . }}'
|
||||||
|
|
||||||
|
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||||
|
echo http://$SERVICE_IP:{{ .Values.pushgateway.service.servicePort }}
|
||||||
|
{{- else if contains "ClusterIP" .Values.pushgateway.service.type }}
|
||||||
|
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.pushgateway.name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||||
|
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9091
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
For more information on running Prometheus, visit:
|
||||||
|
https://prometheus.io/
|
|
@ -0,0 +1,288 @@
|
||||||
|
{{/* vim: set filetype=mustache: */}}
|
||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create unified labels for prometheus components
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.common.matchLabels" -}}
|
||||||
|
app: {{ template "prometheus.name" . }}
|
||||||
|
release: {{ .Release.Name }}
|
||||||
|
{{ include "k8s-triliovault-operator.labels" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "prometheus.common.metaLabels" -}}
|
||||||
|
chart: {{ template "prometheus.chart" . }}
|
||||||
|
heritage: {{ .Release.Service }}
|
||||||
|
{{ include "k8s-triliovault-operator.labels" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "prometheus.alertmanager.labels" -}}
|
||||||
|
{{ include "prometheus.alertmanager.matchLabels" . }}
|
||||||
|
{{ include "prometheus.common.metaLabels" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "prometheus.alertmanager.matchLabels" -}}
|
||||||
|
component: {{ .Values.alertmanager.name | quote }}
|
||||||
|
app.kubernetes.io/instance: {{ .Values.alertmanager.name | quote }}
|
||||||
|
{{ include "prometheus.common.matchLabels" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "prometheus.nodeExporter.labels" -}}
|
||||||
|
{{ include "prometheus.nodeExporter.matchLabels" . }}
|
||||||
|
{{ include "prometheus.common.metaLabels" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "prometheus.nodeExporter.matchLabels" -}}
|
||||||
|
component: {{ .Values.nodeExporter.name | quote }}
|
||||||
|
app.kubernetes.io/instance: {{ .Values.nodeExporter.name | quote }}
|
||||||
|
{{ include "prometheus.common.matchLabels" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "prometheus.pushgateway.labels" -}}
|
||||||
|
{{ include "prometheus.pushgateway.matchLabels" . }}
|
||||||
|
{{ include "prometheus.common.metaLabels" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "prometheus.pushgateway.matchLabels" -}}
|
||||||
|
component: {{ .Values.pushgateway.name | quote }}
|
||||||
|
app.kubernetes.io/instance: {{ .Values.pushgateway.name | quote }}
|
||||||
|
{{ include "prometheus.common.matchLabels" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "prometheus.server.labels" -}}
|
||||||
|
{{ include "prometheus.server.matchLabels" . }}
|
||||||
|
{{ include "prometheus.common.metaLabels" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "prometheus.server.matchLabels" -}}
|
||||||
|
component: {{ .Values.server.name | quote }}
|
||||||
|
app.kubernetes.io/instance: {{ .Values.server.name | quote }}
|
||||||
|
{{ include "prometheus.common.matchLabels" . }}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride -}}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a fully qualified alertmanager name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- define "prometheus.alertmanager.fullname" -}}
|
||||||
|
{{- if .Values.alertmanager.fullnameOverride -}}
|
||||||
|
{{- .Values.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s-%s" .Release.Name $name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a fully qualified node-exporter name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.nodeExporter.fullname" -}}
|
||||||
|
{{- if .Values.nodeExporter.fullnameOverride -}}
|
||||||
|
{{- .Values.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a fully qualified Prometheus server name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.server.fullname" -}}
|
||||||
|
{{- if .Values.server.fullnameOverride -}}
|
||||||
|
{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a fully qualified pushgateway name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.pushgateway.fullname" -}}
|
||||||
|
{{- if .Values.pushgateway.fullnameOverride -}}
|
||||||
|
{{- .Values.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s-%s" .Release.Name $name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Get KubeVersion removing pre-release information.
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.kubeVersion" -}}
|
||||||
|
{{- default .Capabilities.KubeVersion.Version (regexFind "v[0-9]+\\.[0-9]+\\.[0-9]+" .Capabilities.KubeVersion.Version) -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Return the appropriate apiVersion for deployment.
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.deployment.apiVersion" -}}
|
||||||
|
{{- print "apps/v1" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{/*
|
||||||
|
Return the appropriate apiVersion for daemonset.
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.daemonset.apiVersion" -}}
|
||||||
|
{{- print "apps/v1" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{/*
|
||||||
|
Return the appropriate apiVersion for networkpolicy.
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.networkPolicy.apiVersion" -}}
|
||||||
|
{{- print "networking.k8s.io/v1" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{/*
|
||||||
|
Return the appropriate apiVersion for podsecuritypolicy.
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.podSecurityPolicy.apiVersion" -}}
|
||||||
|
{{- print "policy/v1beta1" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{/*
|
||||||
|
Return the appropriate apiVersion for rbac.
|
||||||
|
*/}}
|
||||||
|
{{- define "rbac.apiVersion" -}}
|
||||||
|
{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
|
||||||
|
{{- print "rbac.authorization.k8s.io/v1" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{/*
|
||||||
|
Return the appropriate apiVersion for ingress.
|
||||||
|
*/}}
|
||||||
|
{{- define "ingress.apiVersion" -}}
|
||||||
|
{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19.x" (include "prometheus.kubeVersion" .)) -}}
|
||||||
|
{{- print "networking.k8s.io/v1" -}}
|
||||||
|
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
|
||||||
|
{{- print "networking.k8s.io/v1beta1" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- print "extensions/v1beta1" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Return if ingress is stable.
|
||||||
|
*/}}
|
||||||
|
{{- define "ingress.isStable" -}}
|
||||||
|
{{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Return if ingress supports ingressClassName.
|
||||||
|
*/}}
|
||||||
|
{{- define "ingress.supportsIngressClassName" -}}
|
||||||
|
{{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "prometheus.kubeVersion" .))) -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{/*
|
||||||
|
Return if ingress supports pathType.
|
||||||
|
*/}}
|
||||||
|
{{- define "ingress.supportsPathType" -}}
|
||||||
|
{{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "prometheus.kubeVersion" .))) -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use for the alertmanager component
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.serviceAccountName.alertmanager" -}}
|
||||||
|
{{- if .Values.serviceAccounts.alertmanager.create -}}
|
||||||
|
{{ default (include "prometheus.alertmanager.fullname" .) .Values.serviceAccounts.alertmanager.name }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ default "default" .Values.serviceAccounts.alertmanager.name }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use for the nodeExporter component
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.serviceAccountName.nodeExporter" -}}
|
||||||
|
{{- if .Values.serviceAccounts.nodeExporter.create -}}
|
||||||
|
{{ default (include "prometheus.nodeExporter.fullname" .) .Values.serviceAccounts.nodeExporter.name }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ default "default" .Values.serviceAccounts.nodeExporter.name }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use for the pushgateway component
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.serviceAccountName.pushgateway" -}}
|
||||||
|
{{- if .Values.serviceAccounts.pushgateway.create -}}
|
||||||
|
{{ default (include "prometheus.pushgateway.fullname" .) .Values.serviceAccounts.pushgateway.name }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ default "default" .Values.serviceAccounts.pushgateway.name }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use for the server component
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.serviceAccountName.server" -}}
|
||||||
|
{{- if .Values.serviceAccounts.server.create -}}
|
||||||
|
{{ default (include "prometheus.server.fullname" .) .Values.serviceAccounts.server.name }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ default "default" .Values.serviceAccounts.server.name }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Define the prometheus.namespace template if set with forceNamespace or .Release.Namespace is set
|
||||||
|
*/}}
|
||||||
|
{{- define "prometheus.namespace" -}}
|
||||||
|
{{- if .Values.forceNamespace -}}
|
||||||
|
{{ printf "namespace: %s" .Values.forceNamespace }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ printf "namespace: %s" .Release.Namespace }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,21 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.alertmanager.useClusterRole (not .Values.alertmanager.useExistingRole) -}}
|
||||||
|
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
rules:
|
||||||
|
{{- if .Values.podSecurityPolicy.enabled }}
|
||||||
|
- apiGroups:
|
||||||
|
- extensions
|
||||||
|
resources:
|
||||||
|
- podsecuritypolicies
|
||||||
|
verbs:
|
||||||
|
- use
|
||||||
|
resourceNames:
|
||||||
|
- {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{- else }}
|
||||||
|
[]
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.alertmanager.useClusterRole -}}
|
||||||
|
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "prometheus.serviceAccountName.alertmanager" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 4 }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
{{- if (not .Values.alertmanager.useExistingRole) }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{- else }}
|
||||||
|
name: {{ .Values.alertmanager.useExistingRole }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled (and (empty .Values.alertmanager.configMapOverrideName) (empty .Values.alertmanager.configFromSecret)) -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
data:
|
||||||
|
{{- $root := . -}}
|
||||||
|
{{- range $key, $value := .Values.alertmanagerFiles }}
|
||||||
|
{{- if $key | regexMatch ".*\\.ya?ml$" }}
|
||||||
|
{{ $key }}: |
|
||||||
|
{{ toYaml $value | default "{}" | indent 4 }}
|
||||||
|
{{- else }}
|
||||||
|
{{ $key }}: {{ toYaml $value | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,208 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled (not .Values.alertmanager.statefulSet.enabled) -}}
|
||||||
|
apiVersion: {{ template "prometheus.deployment.apiVersion" . }}
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.alertmanager.deploymentAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.alertmanager.deploymentAnnotations | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
|
||||||
|
replicas: {{ .Values.alertmanager.replicaCount }}
|
||||||
|
{{- if .Values.alertmanager.strategy }}
|
||||||
|
strategy:
|
||||||
|
{{ toYaml .Values.alertmanager.strategy | trim | indent 4 }}
|
||||||
|
{{ if eq .Values.alertmanager.strategy.type "Recreate" }}rollingUpdate: null{{ end }}
|
||||||
|
{{- end }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.alertmanager.podAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.alertmanager.podAnnotations | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 8 }}
|
||||||
|
{{- if .Values.alertmanager.podLabels}}
|
||||||
|
{{ toYaml .Values.alertmanager.podLabels | nindent 8 }}
|
||||||
|
{{- end}}
|
||||||
|
spec:
|
||||||
|
{{- if .Values.alertmanager.schedulerName }}
|
||||||
|
schedulerName: "{{ .Values.alertmanager.schedulerName }}"
|
||||||
|
{{- end }}
|
||||||
|
serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }}
|
||||||
|
{{- if .Values.alertmanager.extraInitContainers }}
|
||||||
|
initContainers:
|
||||||
|
{{ toYaml .Values.alertmanager.extraInitContainers | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.priorityClassName }}
|
||||||
|
priorityClassName: "{{ .Values.alertmanager.priorityClassName }}"
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
|
||||||
|
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
|
||||||
|
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
|
||||||
|
env:
|
||||||
|
{{- range $key, $value := .Values.alertmanager.extraEnv }}
|
||||||
|
- name: {{ $key }}
|
||||||
|
value: {{ $value }}
|
||||||
|
{{- end }}
|
||||||
|
- name: POD_IP
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
apiVersion: v1
|
||||||
|
fieldPath: status.podIP
|
||||||
|
args:
|
||||||
|
- --config.file=/etc/config/{{ .Values.alertmanager.configFileName }}
|
||||||
|
- --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }}
|
||||||
|
{{- if .Values.alertmanager.service.enableMeshPeer }}
|
||||||
|
- --cluster.listen-address=0.0.0.0:6783
|
||||||
|
- --cluster.advertise-address=[$(POD_IP)]:6783
|
||||||
|
{{- else }}
|
||||||
|
- --cluster.listen-address=
|
||||||
|
{{- end }}
|
||||||
|
{{- range $key, $value := .Values.alertmanager.extraArgs }}
|
||||||
|
- --{{ $key }}={{ $value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.baseURL }}
|
||||||
|
- --web.external-url={{ .Values.alertmanager.baseURL }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.alertmanager.clusterPeers }}
|
||||||
|
- --cluster.peer={{ . }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
ports:
|
||||||
|
- containerPort: 9093
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: {{ .Values.alertmanager.prefixURL }}/-/ready
|
||||||
|
port: 9093
|
||||||
|
{{- if .Values.alertmanager.probeHeaders }}
|
||||||
|
httpHeaders:
|
||||||
|
{{- range .Values.alertmanager.probeHeaders }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
value: {{ .value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
initialDelaySeconds: 30
|
||||||
|
timeoutSeconds: 30
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.alertmanager.resources | indent 12 }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /etc/config
|
||||||
|
- name: storage-volume
|
||||||
|
mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}"
|
||||||
|
subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}"
|
||||||
|
{{- range .Values.alertmanager.extraSecretMounts }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
mountPath: {{ .mountPath }}
|
||||||
|
subPath: {{ .subPath }}
|
||||||
|
readOnly: {{ .readOnly }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.alertmanager.extraConfigmapMounts }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
mountPath: {{ .mountPath }}
|
||||||
|
subPath: {{ .subPath }}
|
||||||
|
readOnly: {{ .readOnly }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.configmapReload.alertmanager.enabled }}
|
||||||
|
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }}
|
||||||
|
image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}"
|
||||||
|
imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}"
|
||||||
|
args:
|
||||||
|
- --volume-dir=/etc/config
|
||||||
|
- --webhook-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload
|
||||||
|
{{- range $key, $value := .Values.configmapReload.alertmanager.extraArgs }}
|
||||||
|
- --{{ $key }}={{ $value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.configmapReload.alertmanager.extraVolumeDirs }}
|
||||||
|
- --volume-dir={{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.configmapReload.alertmanager.containerPort }}
|
||||||
|
ports:
|
||||||
|
- containerPort: {{ .Values.configmapReload.alertmanager.containerPort }}
|
||||||
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /etc/config
|
||||||
|
readOnly: true
|
||||||
|
{{- range .Values.configmapReload.alertmanager.extraConfigmapMounts }}
|
||||||
|
- name: {{ $.Values.configmapReload.alertmanager.name }}-{{ .name }}
|
||||||
|
mountPath: {{ .mountPath }}
|
||||||
|
subPath: {{ .subPath }}
|
||||||
|
readOnly: {{ .readOnly }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.alertmanager.dnsConfig }}
|
||||||
|
dnsConfig:
|
||||||
|
{{ toYaml . | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.securityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.alertmanager.securityContext | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{ toYaml .Values.alertmanager.tolerations | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{ toYaml .Values.alertmanager.affinity | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
volumes:
|
||||||
|
- name: config-volume
|
||||||
|
{{- if empty .Values.alertmanager.configFromSecret }}
|
||||||
|
configMap:
|
||||||
|
name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
secret:
|
||||||
|
secretName: {{ .Values.alertmanager.configFromSecret }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.alertmanager.extraSecretMounts }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
secret:
|
||||||
|
secretName: {{ .secretName }}
|
||||||
|
{{- with .optional }}
|
||||||
|
optional: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.alertmanager.extraConfigmapMounts }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
configMap:
|
||||||
|
name: {{ .configMap }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.configmapReload.alertmanager.extraConfigmapMounts }}
|
||||||
|
- name: {{ $.Values.configmapReload.alertmanager.name }}-{{ .name }}
|
||||||
|
configMap:
|
||||||
|
name: {{ .configMap }}
|
||||||
|
{{- end }}
|
||||||
|
- name: storage-volume
|
||||||
|
{{- if .Values.alertmanager.persistentVolume.enabled }}
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ if .Values.alertmanager.persistentVolume.existingClaim }}{{ .Values.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
emptyDir:
|
||||||
|
{{- if .Values.alertmanager.emptyDir.sizeLimit }}
|
||||||
|
sizeLimit: {{ .Values.alertmanager.emptyDir.sizeLimit }}
|
||||||
|
{{- else }}
|
||||||
|
{}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,31 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.alertmanager.statefulSet.headless.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.alertmanager.statefulSet.headless.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.alertmanager.statefulSet.headless.labels }}
|
||||||
|
{{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}-headless
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
clusterIP: None
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
port: {{ .Values.alertmanager.statefulSet.headless.servicePort }}
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: 9093
|
||||||
|
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
|
||||||
|
- name: meshpeer
|
||||||
|
port: 6783
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: 6783
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
{{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,57 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled -}}
|
||||||
|
{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}}
|
||||||
|
{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}}
|
||||||
|
{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
|
||||||
|
{{- $releaseName := .Release.Name -}}
|
||||||
|
{{- $serviceName := include "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{- $servicePort := .Values.alertmanager.service.servicePort -}}
|
||||||
|
{{- $ingressPath := .Values.alertmanager.ingress.path -}}
|
||||||
|
{{- $ingressPathType := .Values.alertmanager.ingress.pathType -}}
|
||||||
|
{{- $extraPaths := .Values.alertmanager.ingress.extraPaths -}}
|
||||||
|
apiVersion: {{ template "ingress.apiVersion" . }}
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.alertmanager.ingress.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
{{- range $key, $value := .Values.alertmanager.ingress.extraLabels }}
|
||||||
|
{{ $key }}: {{ $value }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
{{- if and $ingressSupportsIngressClassName .Values.alertmanager.ingress.ingressClassName }}
|
||||||
|
ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }}
|
||||||
|
{{- end }}
|
||||||
|
rules:
|
||||||
|
{{- range .Values.alertmanager.ingress.hosts }}
|
||||||
|
{{- $url := splitList "/" . }}
|
||||||
|
- host: {{ first $url }}
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
{{ if $extraPaths }}
|
||||||
|
{{ toYaml $extraPaths | indent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
- path: {{ $ingressPath }}
|
||||||
|
{{- if $ingressSupportsPathType }}
|
||||||
|
pathType: {{ $ingressPathType }}
|
||||||
|
{{- end }}
|
||||||
|
backend:
|
||||||
|
{{- if $ingressApiIsStable }}
|
||||||
|
service:
|
||||||
|
name: {{ $serviceName }}
|
||||||
|
port:
|
||||||
|
number: {{ $servicePort }}
|
||||||
|
{{- else }}
|
||||||
|
serviceName: {{ $serviceName }}
|
||||||
|
servicePort: {{ $servicePort }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if .Values.alertmanager.ingress.tls }}
|
||||||
|
tls:
|
||||||
|
{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.networkPolicy.enabled -}}
|
||||||
|
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
|
||||||
|
ingress:
|
||||||
|
- from:
|
||||||
|
- podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus.server.matchLabels" . | nindent 12 }}
|
||||||
|
- ports:
|
||||||
|
- port: 9093
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{{- if .Values.alertmanager.podDisruptionBudget.enabled }}
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodDisruptionBudget
|
||||||
|
metadata:
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 6 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,46 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
|
||||||
|
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
{{- if .Values.alertmanager.podSecurityPolicy.annotations }}
|
||||||
|
{{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
privileged: false
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
requiredDropCapabilities:
|
||||||
|
- ALL
|
||||||
|
volumes:
|
||||||
|
- 'configMap'
|
||||||
|
- 'persistentVolumeClaim'
|
||||||
|
- 'emptyDir'
|
||||||
|
- 'secret'
|
||||||
|
allowedHostPaths:
|
||||||
|
- pathPrefix: /etc
|
||||||
|
readOnly: true
|
||||||
|
- pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }}
|
||||||
|
hostNetwork: false
|
||||||
|
hostPID: false
|
||||||
|
hostIPC: false
|
||||||
|
runAsUser:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
seLinux:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
supplementalGroups:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
# Forbid adding the root group.
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
fsGroup:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
# Forbid adding the root group.
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,37 @@
|
||||||
|
{{- if not .Values.alertmanager.statefulSet.enabled -}}
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.alertmanager.persistentVolume.enabled -}}
|
||||||
|
{{- if not .Values.alertmanager.persistentVolume.existingClaim -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.alertmanager.persistentVolume.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }}
|
||||||
|
{{- if .Values.alertmanager.persistentVolume.storageClass }}
|
||||||
|
{{- if (eq "-" .Values.alertmanager.persistentVolume.storageClass) }}
|
||||||
|
storageClassName: ""
|
||||||
|
{{- else }}
|
||||||
|
storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.persistentVolume.volumeBindingMode }}
|
||||||
|
volumeBindingMode: "{{ .Values.alertmanager.persistentVolume.volumeBindingMode }}"
|
||||||
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: "{{ .Values.alertmanager.persistentVolume.size }}"
|
||||||
|
{{- if .Values.alertmanager.persistentVolume.selector }}
|
||||||
|
selector:
|
||||||
|
{{- toYaml .Values.alertmanager.persistentVolume.selector | nindent 4 }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.rbac.create (eq .Values.alertmanager.useClusterRole false) (not .Values.alertmanager.useExistingRole) -}}
|
||||||
|
{{- range $.Values.alertmanager.namespaces }}
|
||||||
|
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" $ | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" $ }}
|
||||||
|
namespace: {{ . }}
|
||||||
|
rules:
|
||||||
|
{{- if $.Values.podSecurityPolicy.enabled }}
|
||||||
|
- apiGroups:
|
||||||
|
- extensions
|
||||||
|
resources:
|
||||||
|
- podsecuritypolicies
|
||||||
|
verbs:
|
||||||
|
- use
|
||||||
|
resourceNames:
|
||||||
|
- {{ template "prometheus.alertmanager.fullname" $ }}
|
||||||
|
{{- else }}
|
||||||
|
[]
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,23 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.rbac.create (eq .Values.alertmanager.useClusterRole false) -}}
|
||||||
|
{{ range $.Values.alertmanager.namespaces }}
|
||||||
|
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" $ | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" $ }}
|
||||||
|
namespace: {{ . }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "prometheus.serviceAccountName.alertmanager" $ }}
|
||||||
|
{{ include "prometheus.namespace" $ | indent 4 }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
{{- if (not $.Values.alertmanager.useExistingRole) }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" $ }}
|
||||||
|
{{- else }}
|
||||||
|
name: {{ $.Values.alertmanager.useExistingRole }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,53 @@
|
||||||
|
{{- if .Values.alertmanager.enabled -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.alertmanager.service.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.alertmanager.service.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.alertmanager.service.labels }}
|
||||||
|
{{ toYaml .Values.alertmanager.service.labels | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
{{- if .Values.alertmanager.service.clusterIP }}
|
||||||
|
clusterIP: {{ .Values.alertmanager.service.clusterIP }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.service.externalIPs }}
|
||||||
|
externalIPs:
|
||||||
|
{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.service.loadBalancerIP }}
|
||||||
|
loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.service.loadBalancerSourceRanges }}
|
||||||
|
loadBalancerSourceRanges:
|
||||||
|
{{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }}
|
||||||
|
- {{ $cidr }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
port: {{ .Values.alertmanager.service.servicePort }}
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: 9093
|
||||||
|
{{- if .Values.alertmanager.service.nodePort }}
|
||||||
|
nodePort: {{ .Values.alertmanager.service.nodePort }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.service.enableMeshPeer }}
|
||||||
|
- name: meshpeer
|
||||||
|
port: 6783
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: 6783
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
{{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }}
|
||||||
|
{{- if .Values.alertmanager.service.sessionAffinity }}
|
||||||
|
sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }}
|
||||||
|
{{- end }}
|
||||||
|
type: "{{ .Values.alertmanager.service.type }}"
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.serviceAccounts.alertmanager.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.serviceAccountName.alertmanager" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.serviceAccounts.alertmanager.annotations | indent 4 }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,188 @@
|
||||||
|
{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}}
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.alertmanager.statefulSet.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.alertmanager.statefulSet.annotations | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.alertmanager.statefulSet.labels}}
|
||||||
|
{{ toYaml .Values.alertmanager.statefulSet.labels | nindent 4 }}
|
||||||
|
{{- end}}
|
||||||
|
name: {{ template "prometheus.alertmanager.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
|
||||||
|
replicas: {{ .Values.alertmanager.replicaCount }}
|
||||||
|
podManagementPolicy: {{ .Values.alertmanager.statefulSet.podManagementPolicy }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.alertmanager.podAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.alertmanager.podAnnotations | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.alertmanager.labels" . | nindent 8 }}
|
||||||
|
{{- if .Values.alertmanager.podLabels}}
|
||||||
|
{{ toYaml .Values.alertmanager.podLabels | nindent 8 }}
|
||||||
|
{{- end}}
|
||||||
|
spec:
|
||||||
|
{{- if .Values.alertmanager.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{ toYaml .Values.alertmanager.affinity | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.schedulerName }}
|
||||||
|
schedulerName: "{{ .Values.alertmanager.schedulerName }}"
|
||||||
|
{{- end }}
|
||||||
|
serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }}
|
||||||
|
{{- if .Values.alertmanager.priorityClassName }}
|
||||||
|
priorityClassName: "{{ .Values.alertmanager.priorityClassName }}"
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
|
||||||
|
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
|
||||||
|
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
|
||||||
|
env:
|
||||||
|
{{- range $key, $value := .Values.alertmanager.extraEnv }}
|
||||||
|
- name: {{ $key }}
|
||||||
|
value: {{ $value }}
|
||||||
|
{{- end }}
|
||||||
|
- name: POD_IP
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
apiVersion: v1
|
||||||
|
fieldPath: status.podIP
|
||||||
|
args:
|
||||||
|
- --config.file=/etc/config/alertmanager.yml
|
||||||
|
- --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }}
|
||||||
|
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
|
||||||
|
- --cluster.advertise-address=[$(POD_IP)]:6783
|
||||||
|
- --cluster.listen-address=0.0.0.0:6783
|
||||||
|
{{- range $n := until (.Values.alertmanager.replicaCount | int) }}
|
||||||
|
- --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
- --cluster.listen-address=
|
||||||
|
{{- end }}
|
||||||
|
{{- range $key, $value := .Values.alertmanager.extraArgs }}
|
||||||
|
- --{{ $key }}={{ $value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.baseURL }}
|
||||||
|
- --web.external-url={{ .Values.alertmanager.baseURL }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
ports:
|
||||||
|
- containerPort: 9093
|
||||||
|
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
|
||||||
|
- containerPort: 6783
|
||||||
|
{{- end }}
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: {{ .Values.alertmanager.prefixURL }}/#/status
|
||||||
|
port: 9093
|
||||||
|
initialDelaySeconds: 30
|
||||||
|
timeoutSeconds: 30
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.alertmanager.resources | indent 12 }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /etc/config
|
||||||
|
- name: storage-volume
|
||||||
|
mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}"
|
||||||
|
subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}"
|
||||||
|
{{- range .Values.alertmanager.extraSecretMounts }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
mountPath: {{ .mountPath }}
|
||||||
|
subPath: {{ .subPath }}
|
||||||
|
readOnly: {{ .readOnly }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.configmapReload.alertmanager.enabled }}
|
||||||
|
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }}
|
||||||
|
image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}"
|
||||||
|
imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}"
|
||||||
|
args:
|
||||||
|
- --volume-dir=/etc/config
|
||||||
|
- --webhook-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload
|
||||||
|
{{- range $key, $value := .Values.configmapReload.alertmanager.extraArgs }}
|
||||||
|
- --{{ $key }}={{ $value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.configmapReload.alertmanager.port }}
|
||||||
|
ports:
|
||||||
|
- containerPort: {{ .Values.configmapReload.alertmanager.port }}
|
||||||
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /etc/config
|
||||||
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.securityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.alertmanager.securityContext | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{ toYaml .Values.alertmanager.tolerations | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
volumes:
|
||||||
|
- name: config-volume
|
||||||
|
{{- if empty .Values.alertmanager.configFromSecret }}
|
||||||
|
configMap:
|
||||||
|
name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
secret:
|
||||||
|
secretName: {{ .Values.alertmanager.configFromSecret }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.alertmanager.extraSecretMounts }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
secret:
|
||||||
|
secretName: {{ .secretName }}
|
||||||
|
{{- with .optional }}
|
||||||
|
optional: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.alertmanager.persistentVolume.enabled }}
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: storage-volume
|
||||||
|
{{- if .Values.alertmanager.persistentVolume.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 10 }}
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: "{{ .Values.alertmanager.persistentVolume.size }}"
|
||||||
|
{{- if .Values.server.persistentVolume.storageClass }}
|
||||||
|
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
|
||||||
|
storageClassName: ""
|
||||||
|
{{- else }}
|
||||||
|
storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
- name: storage-volume
|
||||||
|
emptyDir:
|
||||||
|
{{- if .Values.alertmanager.emptyDir.sizeLimit }}
|
||||||
|
sizeLimit: {{ .Values.alertmanager.emptyDir.sizeLimit }}
|
||||||
|
{{- else }}
|
||||||
|
{}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,150 @@
|
||||||
|
{{- if .Values.nodeExporter.enabled -}}
|
||||||
|
apiVersion: {{ template "prometheus.daemonset.apiVersion" . }}
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.nodeExporter.deploymentAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.nodeExporter.deploymentAnnotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }}
|
||||||
|
{{- if .Values.nodeExporter.updateStrategy }}
|
||||||
|
updateStrategy:
|
||||||
|
{{ toYaml .Values.nodeExporter.updateStrategy | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.nodeExporter.podAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.nodeExporter.podAnnotations | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.nodeExporter.labels" . | nindent 8 }}
|
||||||
|
{{- if .Values.nodeExporter.pod.labels }}
|
||||||
|
{{ toYaml .Values.nodeExporter.pod.labels | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
|
||||||
|
{{- if .Values.nodeExporter.extraInitContainers }}
|
||||||
|
initContainers:
|
||||||
|
{{ toYaml .Values.nodeExporter.extraInitContainers | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeExporter.priorityClassName }}
|
||||||
|
priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}"
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }}
|
||||||
|
image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}"
|
||||||
|
imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}"
|
||||||
|
args:
|
||||||
|
- --path.procfs=/host/proc
|
||||||
|
- --path.sysfs=/host/sys
|
||||||
|
{{- if .Values.nodeExporter.hostRootfs }}
|
||||||
|
- --path.rootfs=/host/root
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeExporter.hostNetwork }}
|
||||||
|
- --web.listen-address=:{{ .Values.nodeExporter.service.hostPort }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range $key, $value := .Values.nodeExporter.extraArgs }}
|
||||||
|
{{- if $value }}
|
||||||
|
- --{{ $key }}={{ $value }}
|
||||||
|
{{- else }}
|
||||||
|
- --{{ $key }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: metrics
|
||||||
|
{{- if .Values.nodeExporter.hostNetwork }}
|
||||||
|
containerPort: {{ .Values.nodeExporter.service.hostPort }}
|
||||||
|
{{- else }}
|
||||||
|
containerPort: 9100
|
||||||
|
{{- end }}
|
||||||
|
hostPort: {{ .Values.nodeExporter.service.hostPort }}
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.nodeExporter.resources | indent 12 }}
|
||||||
|
{{- if .Values.nodeExporter.container.securityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.nodeExporter.container.securityContext | indent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: proc
|
||||||
|
mountPath: /host/proc
|
||||||
|
readOnly: true
|
||||||
|
- name: sys
|
||||||
|
mountPath: /host/sys
|
||||||
|
readOnly: true
|
||||||
|
{{- if .Values.nodeExporter.hostRootfs }}
|
||||||
|
- name: root
|
||||||
|
mountPath: /host/root
|
||||||
|
mountPropagation: HostToContainer
|
||||||
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.nodeExporter.extraHostPathMounts }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
mountPath: {{ .mountPath }}
|
||||||
|
readOnly: {{ .readOnly }}
|
||||||
|
{{- if .mountPropagation }}
|
||||||
|
mountPropagation: {{ .mountPropagation }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.nodeExporter.extraConfigmapMounts }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
mountPath: {{ .mountPath }}
|
||||||
|
readOnly: {{ .readOnly }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeExporter.hostNetwork }}
|
||||||
|
hostNetwork: true
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeExporter.hostPID }}
|
||||||
|
hostPID: true
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeExporter.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{ toYaml .Values.nodeExporter.tolerations | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeExporter.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{ toYaml .Values.nodeExporter.nodeSelector | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.nodeExporter.dnsConfig }}
|
||||||
|
dnsConfig:
|
||||||
|
{{ toYaml . | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeExporter.securityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.nodeExporter.securityContext | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
volumes:
|
||||||
|
- name: proc
|
||||||
|
hostPath:
|
||||||
|
path: /proc
|
||||||
|
- name: sys
|
||||||
|
hostPath:
|
||||||
|
path: /sys
|
||||||
|
{{- if .Values.nodeExporter.hostRootfs }}
|
||||||
|
- name: root
|
||||||
|
hostPath:
|
||||||
|
path: /
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.nodeExporter.extraHostPathMounts }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
hostPath:
|
||||||
|
path: {{ .hostPath }}
|
||||||
|
{{- end }}
|
||||||
|
{{- range .Values.nodeExporter.extraConfigmapMounts }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
configMap:
|
||||||
|
name: {{ .configMap }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,55 @@
|
||||||
|
{{- if and .Values.nodeExporter.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
|
||||||
|
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
{{- if .Values.nodeExporter.podSecurityPolicy.annotations }}
|
||||||
|
{{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
privileged: false
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
requiredDropCapabilities:
|
||||||
|
- ALL
|
||||||
|
volumes:
|
||||||
|
- 'configMap'
|
||||||
|
- 'hostPath'
|
||||||
|
- 'secret'
|
||||||
|
allowedHostPaths:
|
||||||
|
- pathPrefix: /proc
|
||||||
|
readOnly: true
|
||||||
|
- pathPrefix: /sys
|
||||||
|
readOnly: true
|
||||||
|
- pathPrefix: /
|
||||||
|
readOnly: true
|
||||||
|
{{- range .Values.nodeExporter.extraHostPathMounts }}
|
||||||
|
- pathPrefix: {{ .hostPath }}
|
||||||
|
readOnly: {{ .readOnly }}
|
||||||
|
{{- end }}
|
||||||
|
hostNetwork: {{ .Values.nodeExporter.hostNetwork }}
|
||||||
|
hostPID: {{ .Values.nodeExporter.hostPID }}
|
||||||
|
hostIPC: false
|
||||||
|
runAsUser:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
seLinux:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
supplementalGroups:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
# Forbid adding the root group.
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
fsGroup:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
# Forbid adding the root group.
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
hostPorts:
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,17 @@
|
||||||
|
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
|
||||||
|
{{- if or (default .Values.nodeExporter.podSecurityPolicy.enabled false) (.Values.podSecurityPolicy.enabled) }}
|
||||||
|
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
rules:
|
||||||
|
- apiGroups: ['extensions']
|
||||||
|
resources: ['podsecuritypolicies']
|
||||||
|
verbs: ['use']
|
||||||
|
resourceNames:
|
||||||
|
- {{ template "prometheus.nodeExporter.fullname" . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
|
||||||
|
{{- if .Values.podSecurityPolicy.enabled }}
|
||||||
|
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{{- if and .Values.nodeExporter.enabled .Values.serviceAccounts.nodeExporter.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.serviceAccounts.nodeExporter.annotations | indent 4 }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,47 @@
|
||||||
|
{{- if .Values.nodeExporter.enabled -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.nodeExporter.service.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.nodeExporter.service.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.nodeExporter.service.labels }}
|
||||||
|
{{ toYaml .Values.nodeExporter.service.labels | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ template "prometheus.nodeExporter.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
{{- if .Values.nodeExporter.service.clusterIP }}
|
||||||
|
clusterIP: {{ .Values.nodeExporter.service.clusterIP }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeExporter.service.externalIPs }}
|
||||||
|
externalIPs:
|
||||||
|
{{ toYaml .Values.nodeExporter.service.externalIPs | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeExporter.service.loadBalancerIP }}
|
||||||
|
loadBalancerIP: {{ .Values.nodeExporter.service.loadBalancerIP }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.nodeExporter.service.loadBalancerSourceRanges }}
|
||||||
|
loadBalancerSourceRanges:
|
||||||
|
{{- range $cidr := .Values.nodeExporter.service.loadBalancerSourceRanges }}
|
||||||
|
- {{ $cidr }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: metrics
|
||||||
|
{{- if .Values.nodeExporter.hostNetwork }}
|
||||||
|
port: {{ .Values.nodeExporter.service.hostPort }}
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: {{ .Values.nodeExporter.service.hostPort }}
|
||||||
|
{{- else }}
|
||||||
|
port: {{ .Values.nodeExporter.service.servicePort }}
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: 9100
|
||||||
|
{{- end }}
|
||||||
|
selector:
|
||||||
|
{{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }}
|
||||||
|
type: "{{ .Values.nodeExporter.service.type }}"
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,21 @@
|
||||||
|
{{- if and .Values.pushgateway.enabled .Values.rbac.create -}}
|
||||||
|
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
rules:
|
||||||
|
{{- if .Values.podSecurityPolicy.enabled }}
|
||||||
|
- apiGroups:
|
||||||
|
- extensions
|
||||||
|
resources:
|
||||||
|
- podsecuritypolicies
|
||||||
|
verbs:
|
||||||
|
- use
|
||||||
|
resourceNames:
|
||||||
|
- {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
{{- else }}
|
||||||
|
[]
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- if and .Values.pushgateway.enabled .Values.rbac.create -}}
|
||||||
|
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "prometheus.serviceAccountName.pushgateway" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 4 }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,119 @@
|
||||||
|
{{- if .Values.pushgateway.enabled -}}
|
||||||
|
apiVersion: {{ template "prometheus.deployment.apiVersion" . }}
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.pushgateway.deploymentAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.pushgateway.deploymentAnnotations | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
{{- if .Values.schedulerName }}
|
||||||
|
schedulerName: "{{ .Values.schedulerName }}"
|
||||||
|
{{- end }}
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }}
|
||||||
|
replicas: {{ .Values.pushgateway.replicaCount }}
|
||||||
|
{{- if .Values.pushgateway.strategy }}
|
||||||
|
strategy:
|
||||||
|
{{ toYaml .Values.pushgateway.strategy | trim | indent 4 }}
|
||||||
|
{{ if eq .Values.pushgateway.strategy.type "Recreate" }}rollingUpdate: null{{ end }}
|
||||||
|
{{- end }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.pushgateway.podAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.pushgateway.podAnnotations | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 8 }}
|
||||||
|
{{- if .Values.pushgateway.podLabels }}
|
||||||
|
{{ toYaml .Values.pushgateway.podLabels | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }}
|
||||||
|
{{- if .Values.pushgateway.extraInitContainers }}
|
||||||
|
initContainers:
|
||||||
|
{{ toYaml .Values.pushgateway.extraInitContainers | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.pushgateway.priorityClassName }}
|
||||||
|
priorityClassName: "{{ .Values.pushgateway.priorityClassName }}"
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }}
|
||||||
|
image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}"
|
||||||
|
imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}"
|
||||||
|
args:
|
||||||
|
{{- range $key, $value := .Values.pushgateway.extraArgs }}
|
||||||
|
{{- $stringvalue := toString $value }}
|
||||||
|
{{- if eq $stringvalue "true" }}
|
||||||
|
- --{{ $key }}
|
||||||
|
{{- else }}
|
||||||
|
- --{{ $key }}={{ $value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- containerPort: 9091
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
{{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }}
|
||||||
|
path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/healthy
|
||||||
|
{{- else }}
|
||||||
|
path: /-/healthy
|
||||||
|
{{- end }}
|
||||||
|
port: 9091
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
timeoutSeconds: 10
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
{{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }}
|
||||||
|
path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/ready
|
||||||
|
{{- else }}
|
||||||
|
path: /-/ready
|
||||||
|
{{- end }}
|
||||||
|
port: 9091
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
timeoutSeconds: 10
|
||||||
|
resources:
|
||||||
|
{{ toYaml .Values.pushgateway.resources | indent 12 }}
|
||||||
|
{{- if .Values.pushgateway.persistentVolume.enabled }}
|
||||||
|
volumeMounts:
|
||||||
|
- name: storage-volume
|
||||||
|
mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}"
|
||||||
|
subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.pushgateway.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{ toYaml .Values.pushgateway.nodeSelector | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.pushgateway.dnsConfig }}
|
||||||
|
dnsConfig:
|
||||||
|
{{ toYaml . | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.pushgateway.securityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.pushgateway.securityContext | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.pushgateway.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{ toYaml .Values.pushgateway.tolerations | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.pushgateway.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{ toYaml .Values.pushgateway.affinity | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.pushgateway.persistentVolume.enabled }}
|
||||||
|
volumes:
|
||||||
|
- name: storage-volume
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,54 @@
|
||||||
|
{{- if and .Values.pushgateway.enabled .Values.pushgateway.ingress.enabled -}}
|
||||||
|
{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}}
|
||||||
|
{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}}
|
||||||
|
{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
|
||||||
|
{{- $releaseName := .Release.Name -}}
|
||||||
|
{{- $serviceName := include "prometheus.pushgateway.fullname" . }}
|
||||||
|
{{- $servicePort := .Values.pushgateway.service.servicePort -}}
|
||||||
|
{{- $ingressPath := .Values.pushgateway.ingress.path -}}
|
||||||
|
{{- $ingressPathType := .Values.pushgateway.ingress.pathType -}}
|
||||||
|
{{- $extraPaths := .Values.pushgateway.ingress.extraPaths -}}
|
||||||
|
apiVersion: {{ template "ingress.apiVersion" . }}
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.pushgateway.ingress.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.pushgateway.ingress.annotations | indent 4}}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
{{- if and $ingressSupportsIngressClassName .Values.pushgateway.ingress.ingressClassName }}
|
||||||
|
ingressClassName: {{ .Values.pushgateway.ingress.ingressClassName }}
|
||||||
|
{{- end }}
|
||||||
|
rules:
|
||||||
|
{{- range .Values.pushgateway.ingress.hosts }}
|
||||||
|
{{- $url := splitList "/" . }}
|
||||||
|
- host: {{ first $url }}
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
{{ if $extraPaths }}
|
||||||
|
{{ toYaml $extraPaths | indent 10 }}
|
||||||
|
{{- end }}
|
||||||
|
- path: {{ $ingressPath }}
|
||||||
|
{{- if $ingressSupportsPathType }}
|
||||||
|
pathType: {{ $ingressPathType }}
|
||||||
|
{{- end }}
|
||||||
|
backend:
|
||||||
|
{{- if $ingressApiIsStable }}
|
||||||
|
service:
|
||||||
|
name: {{ $serviceName }}
|
||||||
|
port:
|
||||||
|
number: {{ $servicePort }}
|
||||||
|
{{- else }}
|
||||||
|
serviceName: {{ $serviceName }}
|
||||||
|
servicePort: {{ $servicePort }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if .Values.pushgateway.ingress.tls }}
|
||||||
|
tls:
|
||||||
|
{{ toYaml .Values.pushgateway.ingress.tls | indent 4 }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{- if and .Values.pushgateway.enabled .Values.networkPolicy.enabled -}}
|
||||||
|
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }}
|
||||||
|
ingress:
|
||||||
|
- from:
|
||||||
|
- podSelector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus.server.matchLabels" . | nindent 12 }}
|
||||||
|
- ports:
|
||||||
|
- port: 9091
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{{- if .Values.pushgateway.podDisruptionBudget.enabled }}
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodDisruptionBudget
|
||||||
|
metadata:
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
maxUnavailable: {{ .Values.pushgateway.podDisruptionBudget.maxUnavailable }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 6 }}
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,42 @@
|
||||||
|
{{- if and .Values.pushgateway.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
|
||||||
|
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
annotations:
|
||||||
|
{{- if .Values.pushgateway.podSecurityPolicy.annotations }}
|
||||||
|
{{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
privileged: false
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
requiredDropCapabilities:
|
||||||
|
- ALL
|
||||||
|
volumes:
|
||||||
|
- 'persistentVolumeClaim'
|
||||||
|
- 'secret'
|
||||||
|
allowedHostPaths:
|
||||||
|
- pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }}
|
||||||
|
hostNetwork: false
|
||||||
|
hostPID: false
|
||||||
|
hostIPC: false
|
||||||
|
runAsUser:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
seLinux:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
supplementalGroups:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
# Forbid adding the root group.
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
fsGroup:
|
||||||
|
rule: 'MustRunAs'
|
||||||
|
ranges:
|
||||||
|
# Forbid adding the root group.
|
||||||
|
- min: 1
|
||||||
|
max: 65535
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,31 @@
|
||||||
|
{{- if .Values.pushgateway.persistentVolume.enabled -}}
|
||||||
|
{{- if not .Values.pushgateway.persistentVolume.existingClaim -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.pushgateway.persistentVolume.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }}
|
||||||
|
{{- if .Values.pushgateway.persistentVolume.storageClass }}
|
||||||
|
{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }}
|
||||||
|
storageClassName: ""
|
||||||
|
{{- else }}
|
||||||
|
storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.pushgateway.persistentVolume.volumeBindingMode }}
|
||||||
|
volumeBindingMode: "{{ .Values.pushgateway.persistentVolume.volumeBindingMode }}"
|
||||||
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: "{{ .Values.pushgateway.persistentVolume.size }}"
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,41 @@
|
||||||
|
{{- if .Values.pushgateway.enabled -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
{{- if .Values.pushgateway.service.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.pushgateway.service.annotations | indent 4}}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.pushgateway.service.labels }}
|
||||||
|
{{ toYaml .Values.pushgateway.service.labels | indent 4}}
|
||||||
|
{{- end }}
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
{{- if .Values.pushgateway.service.clusterIP }}
|
||||||
|
clusterIP: {{ .Values.pushgateway.service.clusterIP }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.pushgateway.service.externalIPs }}
|
||||||
|
externalIPs:
|
||||||
|
{{ toYaml .Values.pushgateway.service.externalIPs | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.pushgateway.service.loadBalancerIP }}
|
||||||
|
loadBalancerIP: {{ .Values.pushgateway.service.loadBalancerIP }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.pushgateway.service.loadBalancerSourceRanges }}
|
||||||
|
loadBalancerSourceRanges:
|
||||||
|
{{- range $cidr := .Values.pushgateway.service.loadBalancerSourceRanges }}
|
||||||
|
- {{ $cidr }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
port: {{ .Values.pushgateway.service.servicePort }}
|
||||||
|
protocol: TCP
|
||||||
|
targetPort: 9091
|
||||||
|
selector:
|
||||||
|
{{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }}
|
||||||
|
type: "{{ .Values.pushgateway.service.type }}"
|
||||||
|
{{- end }}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{{- if and .Values.pushgateway.enabled .Values.serviceAccounts.pushgateway.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.serviceAccountName.pushgateway" . }}
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.serviceAccounts.pushgateway.annotations | indent 4 }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{- if .Values.pushgateway.enabled -}}
|
||||||
|
{{- if .Values.pushgateway.verticalAutoscaler.enabled -}}
|
||||||
|
apiVersion: autoscaling.k8s.io/v1beta2
|
||||||
|
kind: VerticalPodAutoscaler
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}-vpa
|
||||||
|
{{ include "prometheus.namespace" . | indent 2 }}
|
||||||
|
spec:
|
||||||
|
targetRef:
|
||||||
|
apiVersion: "apps/v1"
|
||||||
|
kind: Deployment
|
||||||
|
name: {{ template "prometheus.pushgateway.fullname" . }}
|
||||||
|
updatePolicy:
|
||||||
|
updateMode: {{ .Values.pushgateway.verticalAutoscaler.updateMode | default "Off" | quote }}
|
||||||
|
resourcePolicy:
|
||||||
|
containerPolicies: {{ .Values.pushgateway.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }}
|
||||||
|
{{- end -}} {{/* if .Values.pushgateway.verticalAutoscaler.enabled */}}
|
||||||
|
{{- end -}} {{/* .Values.pushgateway.enabled */}}
|
|
@ -0,0 +1,48 @@
|
||||||
|
{{- if and .Values.server.enabled .Values.rbac.create (empty .Values.server.useExistingClusterRoleName) -}}
|
||||||
|
apiVersion: {{ template "rbac.apiVersion" . }}
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "prometheus.server.labels" . | nindent 4 }}
|
||||||
|
name: {{ template "prometheus.server.fullname" . }}
|
||||||
|
rules:
|
||||||
|
{{- if .Values.podSecurityPolicy.enabled }}
|
||||||
|
- apiGroups:
|
||||||
|
- extensions
|
||||||
|
resources:
|
||||||
|
- podsecuritypolicies
|
||||||
|
verbs:
|
||||||
|
- use
|
||||||
|
resourceNames:
|
||||||
|
- {{ template "prometheus.server.fullname" . }}
|
||||||
|
{{- end }}
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- nodes
|
||||||
|
- nodes/proxy
|
||||||
|
- nodes/metrics
|
||||||
|
- services
|
||||||
|
- endpoints
|
||||||
|
- pods
|
||||||
|
- ingresses
|
||||||
|
- configmaps
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- "extensions"
|
||||||
|
- "networking.k8s.io"
|
||||||
|
resources:
|
||||||
|
- ingresses/status
|
||||||
|
- ingresses
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- nonResourceURLs:
|
||||||
|
- "/metrics"
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
{{- end }}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue