andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #477 from kastenhq/k10-5.0.4 

Update Kasten K10 Chart version to 5.0.4
pull/480/head
Samuel Attwood 2022-08-02 02:36:29 -04:00 committed by GitHub
parent 76689cffc2 c3ae1de4d2
commit b97e7c56d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
133 changed files with 17987 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/k10/k10-5.0.400.tgz Normal file
View File

Binary file not shown.

15
charts/k10/k10/5.0.400/Chart.yaml Normal file
View File

@ -0,0 +1,15 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: K10
catalog.cattle.io/release-name: k10
apiVersion: v2
appVersion: 5.0.4
description: Kastens K10 Data Management Platform
home: https://kasten.io/
icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png
kubeVersion: '>= 1.17.0-0'
maintainers:
- email: support@kasten.io
name: kastenIO
name: k10
version: 5.0.400

231
charts/k10/k10/5.0.400/README.md Normal file
View File

@ -0,0 +1,231 @@
# Kasten's K10 Helm chart.
[Kasten's k10](https://docs.kasten.io/) is a data lifecycle management system for all your persistence.enabled container-based applications.
## TL;DR;
```console
$ helm install kasten/k10 --name=k10 --namespace=kasten-io
```
## Introduction
This chart bootstraps Kasten's K10 platform on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.7+ with Beta APIs enabled
## Installing the Chart
To install the chart on a [GKE](https://cloud.google.com/container-engine/) cluster
```console
$ helm install kasten/k10 --name=k10 --namespace=kasten-io
```
To install the chart on an [AWS](https://aws.amazon.com/) [kops](https://github.com/kubernetes/kops)-created cluster
```console
$ helm install kasten/k10 --name=k10 --namespace=kasten-io --set secrets.awsAccessKeyId="${AWS_ACCESS_KEY_ID}" \
--set secrets.awsSecretAccessKey="${AWS_SECRET_ACCESS_KEY}"
```
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `k10` application:
```console
$ helm delete k10 --purge
```
## Configuration
The following table lists the configurable parameters of the K10
chart and their default values.
Parameter | Description | Default
--- | --- | ---
`eula.accept`| Whether to enable accept EULA before installation | `false`
`eula.company` | Company name. Required field if EULA is accepted | `None`
`eula.email` | Contact email. Required field if EULA is accepted | `None`
`license` | License string obtained from Kasten | `None`
`rbac.create` | Whether to enable RBAC with a specific cluster role and binding for K10 | `true`
`scc.create` | Whether to create a SecurityContextConstraints for K10 ServiceAccounts | `false`
`services.dashboardbff.hostNetwork` | Whether the dashboardbff pods may use the node network | `false`
`services.executor.hostNetwork` | Whether the executor pods may use the node network | `false`
`services.aggregatedapis.hostNetwork` | Whether the aggregatedapis pods may use the node network | `false`
`serviceAccount.create`| Specifies whether a ServiceAccount should be created | `true`
`serviceAccount.name` | The name of the ServiceAccount to use. If not set, a name is derived using the release and chart names. | `None`
`ingress.create` | Specifies whether the K10 dashboard should be exposed via ingress | `false`
`ingress.class` | Cluster ingress controller class: `nginx`, `GCE` | `None`
`ingress.host` | FQDN (e.g., `k10.example.com`) for name-based virtual host | `None`
`ingress.urlPath` | URL path for K10 Dashboard (e.g., `/k10`) | `Release.Name`
`ingress.annotations` | Additional Ingress object annotations | `{}`
`ingress.tls.enabled` | Configures a TLS use for `ingress.host` | `false`
`ingress.tls.secretName` | Specifies a name of TLS secret | `None`
`ingress.pathType` | Specifies the path type for the ingress resource | `ImplementationSpecific`
`global.persistence.enabled` | Use PVS to persist data | `true`
`global.persistence.size` | Default global size of volumes for K10 persistent services | `20Gi`
`global.persistence.catalog.size` | Size of a volume for catalog service | `global.persistence.size`
`global.persistence.jobs.size` | Size of a volume for jobs service | `global.persistence.size`
`global.persistence.logging.size` | Size of a volume for logging service | `global.persistence.size`
`global.persistence.metering.size` | Size of a volume for metering service | `global.persistence.size`
`global.persistence.storageClass` | Specified StorageClassName will be used for PVCs | `None`
`global.airgapped.repository` | Specify the helm repository for offline (airgapped) installation | `''`
`global.imagePullSecret` | Provide secret which contains docker config for private repository. Use `k10-ecr` when secrets.dockerConfigPath is used. | `''`
`global.prometheus.external.host` | Provide external prometheus host name | `''`
`global.prometheus.external.port` | Provide external prometheus port number | `''`
`global.prometheus.external.baseURL` | Provide Base URL of external prometheus | `''`
`global.network.enable_ipv6` | Enable `IPv6` support for K10 | `false`
`secrets.awsAccessKeyId` | AWS access key ID (required for AWS deployment) | `None`
`secrets.awsSecretAccessKey` | AWS access key secret | `None`
`secrets.awsIamRole` | ARN of the AWS IAM role assumed by K10 to perform any AWS operation. | `None`
`secrets.googleApiKey` | Non-default base64 encoded GCP Service Account key file | `None`
`secrets.azureTenantId` | Azure tenant ID (required for Azure deployment) | `None`
`secrets.azureClientId` | Azure Service App ID | `None`
`secrets.azureClientSecret` | Azure Service APP secret | `None`
`secrets.azureResourceGroup` | Resource Group name that was created for the Kubernetes cluster | `None`
`secrets.azureSubscriptionID` | Subscription ID in your Azure tenant | `None`
`secrets.azureResourceMgrEndpoint` | Resource management endpoint for the Azure Stack instance | `None`
`secrets.azureADEndpoint` | Azure Active Directory login endpoint | `None`
`secrets.azureADResourceID` | Azure Active Directory resource ID to obtain AD tokens | `None`
`secrets.azureCloudEnvID` | Azure Cloud Environment ID | `None`
`secrets.vsphereEndpoint` | vSphere endpoint for login | `None`
`secrets.vsphereUsername` | vSphere username for login | `None`
`secrets.vspherePassword` | vSphere password for login | `None`
`secrets.dockerConfigPath` | Use --set-file secrets.dockerConfigPath=path_to_docker_config.yaml to specify docker config for image pull | `None`
`cacertconfigmap.name` | Name of the ConfigMap that contains a certificate for a trusted root certificate authority | `None`
`clusterName` | Cluster name for better logs visibility | `None`
`metering.awsRegion` | Sets AWS_REGION for metering service | `None`
`metering.mode` | Control license reporting (set to `airgap` for private-network installs) | `None`
`metering.reportCollectionPeriod` | Sets metric report collection period (in seconds) | `1800`
`metering.reportPushPeriod` | Sets metric report push period (in seconds) | `3600`
`metering.promoID` | Sets K10 promotion ID from marketing campaigns | `None`
`metering.awsMarketplace` | Sets AWS cloud metering license mode | `false`
`metering.awsManagedLicense` | Sets AWS managed license mode | `false`
`metering.redhatMarketplacePayg` | Sets Red Hat cloud metering license mode | `false`
`metering.licenseConfigSecretName` | Sets AWS managed license config secret | `None`
`externalGateway.create` | Configures an external gateway for K10 API services | `false`
`externalGateway.annotations` | Standard annotations for the services | `None`
`externalGateway.fqdn.name` | Domain name for the K10 API services | `None`
`externalGateway.fqdn.type` | Supported gateway type: `route53-mapper` or `external-dns` | `None`
`externalGateway.awsSSLCertARN` | ARN for the AWS ACM SSL certificate used in the K10 API server | `None`
`auth.basicAuth.enabled` | Configures basic authentication for the K10 dashboard | `false`
`auth.basicAuth.htpasswd` | A username and password pair separated by a colon character | `None`
`auth.basicAuth.secretName` | Name of an existing Secret that contains a file generated with htpasswd | `None`
`auth.k10AdminGroups` | A list of groups whose members are granted admin level access to K10's dashboard | `None`
`auth.k10AdminUsers` | A list of users who are granted admin level access to K10's dashboard | `None`
`auth.tokenAuth.enabled` | Configures token based authentication for the K10 dashboard | `false`
`auth.oidcAuth.enabled` | Configures Open ID Connect based authentication for the K10 dashboard | `false`
`auth.oidcAuth.providerURL` | URL for the OIDC Provider | `None`
`auth.oidcAuth.redirectURL` | URL to the K10 gateway service | `None`
`auth.oidcAuth.scopes` | Space separated OIDC scopes required for userinfo. Example: "profile email" | `None`
`auth.oidcAuth.prompt` | The type of prompt to be used during authentication (none, consent, login or select_account) | `select_account`
`auth.oidcAuth.clientID` | Client ID given by the OIDC provider for K10 | `None`
`auth.oidcAuth.clientSecret` | Client secret given by the OIDC provider for K10 | `None`
`auth.oidcAuth.usernameClaim` | The claim to be used as the username | `sub`
`auth.oidcAuth.usernamePrefix` | Prefix that has to be used with the username obtained from the username claim | `None`
`auth.oidcAuth.groupClaim` | Name of a custom OpenID Connect claim for specifying user groups | `None`
`auth.oidcAuth.groupPrefix` | All groups will be prefixed with this value to prevent conflicts | `None`
`auth.openshift.enabled` | Enables access to the K10 dashboard by authenticating with the OpenShift OAuth server | `false`
`auth.openshift.serviceAccount` | Name of the service account that represents an OAuth client | `None`
`auth.openshift.clientSecret` | The token corresponding to the service account | `None`
`auth.openshift.dashboardURL` | The URL used for accessing K10's dashboard | `None`
`auth.openshift.openshiftURL` | The URL for accessing OpenShift's API server | `None`
`auth.openshift.insecureCA` | To turn off SSL verification of connections to OpenShift | `false`
`auth.openshift.useServiceAccountCA` | Set this to true to use the CA certificate corresponding to the Service Account ``auth.openshift.serviceAccount`` usually found at ``/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`` | `false`
`auth.ldap.enabled` | Configures Active Directory/LDAP based authentication for the K10 dashboard | `false`
`auth.ldap.restartPod` | To force a restart of the authentication service pod (useful when updating authentication config) | `false`
`auth.ldap.dashboardURL` | The URL used for accessing K10's dashboard | `None`
`auth.ldap.host` | Host and optional port of the AD/LDAP server in the form `host:port` | `None`
`auth.ldap.insecureNoSSL` | Required if the AD/LDAP host is not using TLS | `false`
`auth.ldap.insecureSkipVerifySSL` | To turn off SSL verification of connections to the AD/LDAP host | `false`
`auth.ldap.startTLS` | When set to true, ldap:// is used to connect to the server followed by creation of a TLS session. When set to false, ldaps:// is used. | `false`
`auth.ldap.bindDN` | The Distinguished Name(username) used for connecting to the AD/LDAP host | `None`
`auth.ldap.bindPW` | The password corresponding to the `bindDN` for connecting to the AD/LDAP host | `None`
`auth.ldap.bindPWSecretName` | The name of the secret that contains the password corresponding to the `bindDN` for connecting to the AD/LDAP host | `None`
`auth.ldap.userSearch.baseDN` | The base Distinguished Name to start the AD/LDAP search from | `None`
`auth.ldap.userSearch.filter` | Optional filter to apply when searching the directory | `None`
`auth.ldap.userSearch.username` | Attribute used for comparing user entries when searching the directory | `None`
`auth.ldap.userSearch.idAttr` | AD/LDAP attribute in a user's entry that should map to the user ID field in a token | `None`
`auth.ldap.userSearch.emailAttr` | AD/LDAP attribute in a user's entry that should map to the email field in a token | `None`
`auth.ldap.userSearch.nameAttr` | AD/LDAP attribute in a user's entry that should map to the name field in a token | `None`
`auth.ldap.userSearch.preferredUsernameAttr` | AD/LDAP attribute in a user's entry that should map to the preferred_username field in a token | `None`
`auth.ldap.groupSearch.baseDN` | The base Distinguished Name to start the AD/LDAP group search from | `None`
`auth.ldap.groupSearch.filter` | Optional filter to apply when searching the directory for groups | `None`
`auth.ldap.groupSearch.nameAttr` | The AD/LDAP attribute that represents a group's name in the directory | `None`
`auth.ldap.groupSearch.userMatchers` | List of field pairs that are used to match a user to a group. | `None`
`auth.ldap.groupSearch.userMatchers.userAttr` | Attribute in the user's entry that must match with the `groupAttr` while searching for groups | `None`
`auth.ldap.groupSearch.userMatchers.groupAttr` | Attribute in the group's entry that must match with the `userAttr` while searching for groups | `None`
`auth.groupAllowList` | A list of groups whose members are allowed access to K10's dashboard | `None`
`services.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for K10 service containers | `{"runAsUser" : 1000, "fsGroup": 1000}`
`services.securityContext.runAsUser` | User ID K10 service containers run as| `1000`
`services.securityContext.runAsGroup` | Group ID K10 service containers run as| `1000`
`services.securityContext.fsGroup` | FSGroup that owns K10 service container volumes | `1000`
`injectKanisterSidecar.enabled` | Enable Kanister sidecar injection for workload pods | `false`
`injectKanisterSidecar.namespaceSelector.matchLabels` | Set of labels to select namespaces in which sidecar injection is enabled for workloads | `{}`
`injectKanisterSidecar.objectSelector.matchLabels` | Set of labels to filter workload objects in which the sidecar is injected | `{}`
`injectKanisterSidecar.webhookServer.port` | Port number on which the mutating webhook server accepts request | `8080`
`gateway.insecureDisableSSLVerify` | Specifies whether to disable SSL verification for gateway pods | `false`
`gateway.exposeAdminPort` | Specifies whether to expose Admin port for gateway service | `true`
`genericVolumeSnapshot.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for Generic Volume Snapshot restore pods | `{}`
`prometheus.server.enabled` | If false, K10's Prometheus server will not be created, reducing the dashboard's functionality. | `true`
`prometheus.server.persistentVolume.enabled` | If true, K10 Prometheus server will create a Persistent Volume Claim | `true`
`prometheus.server.persistentVolume.size` | K10 Prometheus server data Persistent Volume size | `30Gi`
`prometheus.server.persistentVolume.storageClass` | StorageClassName used to create Prometheus PVC. Setting this option overwrites global StorageClass value | `""`
`prometheus.server.retention` | (optional) K10 Prometheus data retention | `"30d"`
`prometheus.server.baseURL` | (optional) K10 Prometheus external url path at which the server can be accessed | `/k10/prometheus/`
`prometheus.server.prefixURL` | (optional) K10 Prometheus prefix slug at which the server can be accessed | `/k10/prometheus/`
`grafana.enabled` | (optional) If false Grafana will not be available | `true`
`grafana.prometheusPrefixURL` | (optional) URL for Prometheus datasource in Grafana (must match `prometheus.server.prefixURL`) | `/k10/prometheus/`
`resources.<podName>.<containerName>.[requests\|limits].[cpu\|memory]` | Overwrite default K10 [container resource requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | varies by container
`route.enabled` | Specifies whether the K10 dashboard should be exposed via route | `false`
`route.host` | FQDN (e.g., `.k10.example.com`) for name-based virtual host | `""`
`route.path` | URL path for K10 Dashboard (e.g., `/k10`) | `/`
`route.annotations` | Additional Route object annotations | `{}`
`route.labels` | Additional Route object labels | `{}`
`route.tls.enabled` | Configures a TLS use for `route.host` | `false`
`route.tls.insecureEdgeTerminationPolicy` | Specifies behavior for insecure scheme traffic | `Redirect`
`route.tls.termination` | Specifies the TLS termination of the route | `edge`
`apigateway.serviceResolver` | Specifies the resolver used for service discovery in the API gateway (`dns` or `endpoint`) | `dns`
`limiter.genericVolumeSnapshots` | Limit of concurrent generic volume snapshot create operations | `10`
`limiter.genericVolumeCopies` | Limit of concurrent generic volume snapshot copy operations | `10`
`limiter.genericVolumeRestores` | Limit of concurrent generic volume snapshot restore operations | `10`
`limiter.csiSnapshots` | Limit of concurrent CSI snapshot create operations | `10`
`limiter.providerSnapshots` | Limit of concurrent cloud provider create operations | `10`
`cluster.domainName` | Specifies the domain name of the cluster | `cluster.local`
`kanister.backupTimeout` | Specifies timeout to set on Kanister backup operations | `45`
`kanister.restoreTimeout` | Specifies timeout to set on Kanister restore operations | `600`
`kanister.deleteTimeout` | Specifies timeout to set on Kanister delete operations | `45`
`kanister.hookTimeout` | Specifies timeout to set on Kanister pre-hook and post-hook operations | `20`
`kanister.checkRepoTimeout` | Specifies timeout to set on Kanister checkRepo operations | `20`
`kanister.statsTimeout` | Specifies timeout to set on Kanister stats operations | `20`
`kanister.efsPostRestoreTimeout` | Specifies timeout to set on Kanister efsPostRestore operations | `45`
`awsConfig.assumeRoleDuration` | Duration of a session token generated by AWS for an IAM role. The minimum value is 15 minutes and the maximum value is the maximum duration setting for that IAM role. For documentation about how to view and edit the maximum session duration for an IAM role see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session. The value accepts a number along with a single character ``m``(for minutes) or ``h`` (for hours) Examples: 60m or 2h | `''`
`awsConfig.efsBackupVaultName` | Specifies the AWS EFS backup vault name | `k10vault`
`vmWare.taskTimeoutMin` | Specifies the timeout for VMWare operations | `60`
`encryption.primaryKey.awsCmkKeyId` | Specifies the AWS CMK key ID for encrypting K10 Primary Key | `None`
## Helm tips and tricks
There is a way of setting values via a yaml file instead of using `--set`.
You can copy/paste values into a file (e.g., my_values.yaml):
```yaml
secrets:
awsAccessKeyId: ${AWS_ACCESS_KEY_ID}
awsSecretAccessKey: ${AWS_SECRET_ACCESS_KEY}
```
and then run:
```bash
envsubst < my_values.yaml > my_values_out.yaml && helm install helm/k10 -f my_values_out.yaml
```
To use non-default GCP ServiceAccount (SA) credentials, the credentials JSON file needs to be encoded into a base64 string.
```bash
sa_key=$(base64 -w0 sa-key.json)
helm install kasten/k10 --name=k10 --namespace=kasten-io --set secrets.googleApiKey=$sa_key
```

5
charts/k10/k10/5.0.400/app-readme.md Normal file
View File

@ -0,0 +1,5 @@
The K10 data management platform, purpose-built for Kubernetes, provides enterprise operations teams an easy-to-use, scalable, and secure system for backup/restore, disaster recovery, and mobility of Kubernetes applications.
K10s application-centric approach and deep integrations with relational and NoSQL databases, Kubernetes distributions, and all clouds provide teams the freedom of infrastructure choice without sacrificing operational simplicity. Policy-driven and extensible, K10 provides a native Kubernetes API and includes features such as full-spectrum consistency, database integrations, automatic application discovery, multi-cloud mobility, and a powerful web-based user interface.
For more information, refer to the docs [https://docs.kasten.io/](https://docs.kasten.io/)

23
charts/k10/k10/5.0.400/charts/grafana/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.vscode
.project
.idea/
*.tmproj
OWNERS

22
charts/k10/k10/5.0.400/charts/grafana/Chart.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: v2
appVersion: 8.5.0
description: The leading tool for querying and visualizing time series and metrics.
home: https://grafana.net
icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
kubeVersion: ^1.8.0-0
maintainers:
- email: zanhsieh@gmail.com
name: zanhsieh
- email: rluckie@cisco.com
name: rtluckie
- email: maor.friedman@redhat.com
name: maorfr
- email: miroslav.hadzhiev@gmail.com
name: Xtigyro
- email: mail@torstenwalter.de
name: torstenwalter
name: grafana
sources:
- https://github.com/grafana/grafana
type: application
version: 6.29.2

567
charts/k10/k10/5.0.400/charts/grafana/README.md Normal file
View File

@ -0,0 +1,567 @@
# Grafana Helm Chart
* Installs the web dashboarding system [Grafana](http://grafana.org/)
## Get Repo Info
```console
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update
```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
## Installing the Chart
To install the chart with the release name `my-release`:
```console
helm install my-release grafana/grafana
```
## Uninstalling the Chart
To uninstall/delete the my-release deployment:
```console
helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Upgrading an existing Release to a new major version
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
incompatible breaking change needing manual actions.
### To 4.0.0 (And 3.12.1)
This version requires Helm >= 2.12.0.
### To 5.0.0
You have to add --force to your helm upgrade command as the labels of the chart have changed.
### To 6.0.0
This version requires Helm >= 3.1.0.
## Configuration
| Parameter | Description | Default |
|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------|
| `replicas` | Number of nodes | `1` |
| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` |
| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` |
| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` |
| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` |
| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`|
| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` |
| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
| `image.repository` | Image repository | `grafana/grafana` |
| `image.tag` | Image tag (`Must be >= 5.0.0`) | `8.2.5` |
| `image.sha` | Image sha (optional) | `2acf04c016c77ca2e89af3536367ce847ee326effb933121881c7c89781051d3` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Image pull secrets (can be templated) | `[]` |
| `service.enabled` | Enable grafana service | `true` |
| `service.type` | Kubernetes service type | `ClusterIP` |
| `service.port` | Kubernetes port where service is exposed | `80` |
| `service.portName` | Name of the port on the service | `service` |
| `service.targetPort` | Internal service is port | `3000` |
| `service.nodePort` | Kubernetes service nodePort | `nil` |
| `service.annotations` | Service annotations (can be templated) | `{}` |
| `service.labels` | Custom labels | `{}` |
| `service.clusterIP` | internal cluster service IP | `nil` |
| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` |
| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` |
| `service.externalIPs` | service external IP addresses | `[]` |
| `headlessService` | Create a headless service | `false` |
| `extraExposePorts` | Additional service ports for sidecar containers| `[]` |
| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` |
| `ingress.enabled` | Enables Ingress | `false` |
| `ingress.annotations` | Ingress annotations (values are templated) | `{}` |
| `ingress.labels` | Custom labels | `{}` |
| `ingress.path` | Ingress accepted path | `/` |
| `ingress.pathType` | Ingress type of path | `Prefix` |
| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
| `ingress.tls` | Ingress TLS configuration | `[]` |
| `resources` | CPU/Memory resource requests/limits | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Toleration labels for pod assignment | `[]` |
| `affinity` | Affinity settings for pod assignment | `{}` |
| `extraInitContainers` | Init containers to add to the grafana pod | `{}` |
| `extraContainers` | Sidecar containers to add to the grafana pod | `""` |
| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` |
| `extraLabels` | Custom labels for all manifests | `{}` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
| `global.persistence.enabled` | Use persistent volume to store data | `false` |
| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` |
| `global.persistence.size` | Size of persistent volume claim | `20Gi` |
| `persistence.existingClaim` | Use an existing PVC to persist data (can be templated) | `nil` |
| `global.persistence.storageClass` | Type of persistent volume claim | `nil` |
| `global.persistence.accessMode` | Persistence access modes | `[ReadWriteOnce]` |
| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` |
| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` |
| `persistence.subPath` | Mount a sub dir of the persistent volume (can be templated) | `nil` |
| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` |
| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` |
| `initChownData.enabled` | If false, don't reset data ownership at startup | true |
| `initChownData.image.repository` | init-chown-data container image repository | `busybox` |
| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` |
| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` |
| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` |
| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` |
| `schedulerName` | Alternate scheduler name | `nil` |
| `env` | Extra environment variables passed to pods | `{}` |
| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` |
| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
| `envFromSecrets` | List of Kubernetes secrets (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` |
| `envFromConfigMaps` | List of Kubernetes ConfigMaps (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` |
| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` |
| `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` |
| `extraSecretMounts` | Additional grafana server secret mounts | `[]` |
| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` |
| `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` |
| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` |
| `plugins` | Plugins to be loaded along with Grafana | `[]` |
| `datasources` | Configure grafana datasources (passed through tpl) | `{}` |
| `notifiers` | Configure grafana notifiers | `{}` |
| `dashboardProviders` | Configure grafana dashboard providers | `{}` |
| `dashboards` | Dashboards to import | `{}` |
| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` |
| `grafana.ini` | Grafana's primary configuration | `{}` |
| `ldap.enabled` | Enable LDAP authentication | `false` |
| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` |
| `ldap.config` | Grafana's LDAP configuration | `""` |
| `annotations` | Deployment annotations | `{}` |
| `labels` | Deployment labels | `{}` |
| `podAnnotations` | Pod annotations | `{}` |
| `podLabels` | Pod labels | `{}` |
| `podPortName` | Name of the grafana port on the pod | `grafana` |
| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` |
| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` |
| `sidecar.image.tag` | Sidecar image tag | `1.15.6` |
| `sidecar.image.sha` | Sidecar image sha (optional) | `""` |
| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` |
| `sidecar.resources` | Sidecar resources | `{}` |
| `sidecar.securityContext` | Sidecar securityContext | `{}` |
| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` |
| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` |
| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` |
| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` |
| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` |
| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` |
| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` |
| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` |
| `sidecar.dashboards.provider.type` | Provider type | `file` |
| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` |
| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` |
| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` |
| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` |
| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` |
| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` |
| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` |
| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` |
| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` |
| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` |
| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` |
| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` |
| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
| `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` |
| `sidecar.datasources.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` |
| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` |
| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` |
| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` |
| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` |
| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` |
| `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` |
| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` |
| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` |
| `serviceAccount.autoMount` | Automount the service account token in the pod| `true` |
| `serviceAccount.annotations` | ServiceAccount annotations | |
| `serviceAccount.create` | Create service account | `true` |
| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` |
| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` |
| `rbac.create` | Create and use RBAC resources | `true` |
| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` |
| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` |
| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
| `command` | Define command to be executed by grafana container at startup | `nil` |
| `testFramework.enabled` | Whether to create test-related resources | `true` |
| `testFramework.image` | `test-framework` image repository. | `bats/bats` |
| `testFramework.tag` | `test-framework` image tag. | `v1.4.1` |
| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` |
| `testFramework.securityContext` | `test-framework` securityContext | `{}` |
| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` |
| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` |
| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` |
| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` |
| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` |
| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` |
| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) |
| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | |
| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` |
| `serviceMonitor.path` | Path to scrape | `/metrics` |
| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` |
| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` |
| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` |
| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` |
| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` |
| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` |
| `imageRenderer.image.tag` | image-renderer Image tag | `latest` |
| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
| `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` |
| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` |
| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` |
| `imageRenderer.service.portName` | image-renderer service port name | `http` |
| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` |
| `imageRenderer.grafanaProtocol` | Protocol to use for image renderer callback url | `http` |
| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` |
| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` |
| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` |
| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` |
| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` |
| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` |
| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` |
| `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` |
| `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` |
| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` |
| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` |
| `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` |
### Example ingress with path
With grafana 6.3 and above
```yaml
grafana.ini:
server:
domain: monitoring.example.com
root_url: "%(protocol)s://%(domain)s/grafana"
serve_from_sub_path: true
ingress:
enabled: true
hosts:
- "monitoring.example.com"
path: "/grafana"
```
### Example of extraVolumeMounts
Volume can be type persistentVolumeClaim or hostPath but not both at same time.
If none existingClaim or hostPath argument is givent then type is emptyDir.
```yaml
- extraVolumeMounts:
- name: plugins
mountPath: /var/lib/grafana/plugins
subPath: configs/grafana/plugins
existingClaim: existing-grafana-claim
readOnly: false
- name: dashboards
mountPath: /var/lib/grafana/dashboards
hostPath: /usr/shared/grafana/dashboards
readOnly: false
```
## Import dashboards
There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method:
```yaml
dashboards:
default:
some-dashboard:
json: |
{
"annotations":
...
# Complete json file here
...
"title": "Some Dashboard",
"uid": "abcd1234",
"version": 1
}
custom-dashboard:
# This is a path to a file inside the dashboards directory inside the chart directory
file: dashboards/custom-dashboard.json
prometheus-stats:
# Ref: https://grafana.com/dashboards/2
gnetId: 2
revision: 2
datasource: Prometheus
local-dashboard:
url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json
```
## BASE64 dashboards
Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit)
A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk.
If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk.
### Gerrit use case
Gerrit API for download files has the following schema: <https://yourgerritserver/a/{project-name}/branches/{branch-id}/files/{file-id}/content> where {project-name} and
{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard
the url value is <https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content>
## Sidecar for dashboards
If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana
pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with
a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written
to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported
dashboards are deleted/updated.
A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside
one configmap is currently not properly mirrored in grafana.
Example dashboard config:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sample-grafana-dashboard
labels:
grafana_dashboard: "1"
data:
k8s-dashboard.json: |-
[...]
```
## Sidecar for datasources
If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
the data sources in grafana can be imported.
Secrets are recommended over configmaps for this usecase because datasources usually contain private
data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
```yaml
datasources:
datasources.yaml:
apiVersion: 1
datasources:
# <string, required> name of the datasource. Required
- name: Graphite
# <string, required> datasource type. Required
type: graphite
# <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
access: proxy
# <int> org id. will default to orgId 1 if not specified
orgId: 1
# <string> url
url: http://localhost:8080
# <string> database password, if used
password:
# <string> database user, if used
user:
# <string> database name, if used
database:
# <bool> enable/disable basic auth
basicAuth:
# <string> basic auth username
basicAuthUser:
# <string> basic auth password
basicAuthPassword:
# <bool> enable/disable with credentials headers
withCredentials:
# <bool> mark as default datasource. Max one per org
isDefault:
# <map> fields that will be converted to json and stored in json_data
jsonData:
graphiteVersion: "1.1"
tlsAuth: true
tlsAuthWithCACert: true
# <string> json object of data that will be encrypted.
secureJsonData:
tlsCACert: "..."
tlsClientCert: "..."
tlsClientKey: "..."
version: 1
# <bool> allow users to edit datasources from the UI.
editable: false
```
## Sidecar for notifiers
If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana
pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in
those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
the notification channels in grafana can be imported. The secrets must be created before
`helm install` so that the notifiers init container can list the secrets.
Secrets are recommended over configmaps for this usecase because alert notification channels usually contain
private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels):
```yaml
notifiers:
- name: notification-channel-1
type: slack
uid: notifier1
# either
org_id: 2
# or
org_name: Main Org.
is_default: true
send_reminder: true
frequency: 1h
disable_resolve_message: false
# See `Supported Settings` section for settings supporter for each
# alert notification type.
settings:
recipient: 'XXX'
token: 'xoxb'
uploadImage: true
url: https://slack.com
delete_notifiers:
- name: notification-channel-1
uid: notifier1
org_id: 2
- name: notification-channel-2
# default org_id: 1
```
## How to serve Grafana with a path prefix (/grafana)
In order to serve Grafana with a prefix (e.g., <http://example.com/grafana>), add the following to your values.yaml.
```yaml
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/use-regex: "true"
path: /grafana/?(.*)
hosts:
- k8s.example.dev
grafana.ini:
server:
root_url: http://localhost:3000/grafana # this host can be localhost
```
## How to securely reference secrets in grafana.ini
This example uses Grafana uses [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets.
In grafana.ini:
```yaml
grafana.ini:
[auth.generic_oauth]
enabled = true
client_id = $__file{/etc/secrets/auth_generic_oauth/client_id}
client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret}
```
Existing secret, or created along with helm:
```yaml
---
apiVersion: v1
kind: Secret
metadata:
name: auth-generic-oauth-secret
type: Opaque
stringData:
client_id: <value>
client_secret: <value>
```
Include in the `extraSecretMounts` configuration flag:
```yaml
- extraSecretMounts:
- name: auth-generic-oauth-secret-mount
secretName: auth-generic-oauth-secret
defaultMode: 0440
mountPath: /etc/secrets/auth_generic_oauth
readOnly: true
```
### extraSecretMounts using a Container Storage Interface (CSI) provider
This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure)
```yaml
- extraSecretMounts:
- name: secrets-store-inline
mountPath: /run/secrets
readOnly: true
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "my-provider"
nodePublishSecretRef:
name: akv-creds
```
## Image Renderer Plug-In
This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/README.md#run-in-docker)
```yaml
imageRenderer:
enabled: true
```
### Image Renderer NetworkPolicy
By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance
### High Availability for unified alerting
If you want to run Grafana in a high availability cluster you need to enable
the headless service by setting `headlessService: true` in your `values.yaml`
file.
As next step you have to setup the `grafana.ini` in your `values.yaml` in a way
that it will make use of the headless service to obtain all the IPs of the
cluster. You should replace ``{{ Name }}`` with the name of your helm deployment.
```yaml
grafana.ini:
...
unified_alerting:
enabled: true
ha_peers: {{ Name }}-headless:9094
alerting:
enabled: false
```

54
charts/k10/k10/5.0.400/charts/grafana/templates/NOTES.txt Normal file
View File

@ -0,0 +1,54 @@
1. Get your '{{ .Values.adminUser }}' user password by running:
kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo
2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local
{{ if .Values.ingress.enabled }}
If you bind grafana to 80, please update values in values.yaml and reinstall:
```
securityContext:
runAsUser: 0
runAsGroup: 0
fsGroup: 0
command:
- "setcap"
- "'cap_net_bind_service=+ep'"
- "/usr/sbin/grafana-server &&"
- "sh"
- "/run.sh"
```
Details refer to https://grafana.com/docs/installation/configuration/#http-port.
Or grafana would always crash.
From outside the cluster, the server URL(s) are:
{{- range .Values.ingress.hosts }}
http://{{ . }}
{{- end }}
{{ else }}
Get the Grafana URL to visit by running these commands in the same shell:
{{ if contains "NodePort" .Values.service.type -}}
export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{ else if contains "LoadBalancer" .Values.service.type -}}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
http://$SERVICE_IP:{{ .Values.service.port -}}
{{ else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app={{ template "grafana.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000
{{- end }}
{{- end }}
3. Login with the password from step 1 and the username: {{ .Values.adminUser }}
{{- if not .Values.global.persistence.enabled }}
#################################################################################
###### WARNING: Persistence is disabled!!! You will lose your data when #####
###### the Grafana pod is terminated. #####
#################################################################################
{{- end }}

3
charts/k10/k10/5.0.400/charts/grafana/templates/_definitions.tpl Normal file
View File

@ -0,0 +1,3 @@
{{/* Autogenerated, do NOT modify */}}
{{- define "k10.grafanaImageTag" -}}8.5.0{{- end -}}
{{- define "k10.grafanaInitContainerImageTag" -}}8.6-854{{- end -}}

235
charts/k10/k10/5.0.400/charts/grafana/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,235 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "grafana.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "grafana.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "grafana.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account
*/}}
{{- define "grafana.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "grafana.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- define "grafana.serviceAccountNameTest" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }}
{{- else -}}
{{ default "default" .Values.serviceAccount.nameTest }}
{{- end -}}
{{- end -}}
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
*/}}
{{- define "grafana.namespace" -}}
{{- if .Values.namespaceOverride -}}
{{- .Values.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "grafana.labels" -}}
helm.sh/chart: {{ include "grafana.chart" . }}
{{ include "grafana.selectorLabels" . }}
{{- if or .Chart.AppVersion .Values.image.tag }}
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.extraLabels }}
{{ toYaml .Values.extraLabels }}
{{- end }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "grafana.selectorLabels" -}}
app: {{ include "grafana.name" . }}
release: {{ .Release.Name }}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "grafana.imageRenderer.labels" -}}
helm.sh/chart: {{ include "grafana.chart" . }}
{{ include "grafana.imageRenderer.selectorLabels" . }}
{{- if or .Chart.AppVersion .Values.image.tag }}
app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels ImageRenderer
*/}}
{{- define "grafana.imageRenderer.selectorLabels" -}}
app: {{ include "grafana.name" . }}-image-renderer
release: {{ .Release.Name }}
{{- end -}}
{{/*
Looks if there's an existing secret and reuse its password. If not it generates
new password and use it.
*/}}
{{- define "grafana.password" -}}
{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}}
{{- if $secret -}}
{{- index $secret "data" "admin-password" -}}
{{- else -}}
{{- (randAlphaNum 40) | b64enc | quote -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for rbac.
*/}}
{{- define "grafana.rbac.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
{{- print "rbac.authorization.k8s.io/v1" -}}
{{- else -}}
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "grafana.ingress.apiVersion" -}}
{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) -}}
{{- print "networking.k8s.io/v1" -}}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return if ingress is stable.
*/}}
{{- define "grafana.ingress.isStable" -}}
{{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" -}}
{{- end -}}
{{/*
Return if ingress supports ingressClassName.
*/}}
{{- define "grafana.ingress.supportsIngressClassName" -}}
{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}}
{{- end -}}
{{/*
Return if ingress supports pathType.
*/}}
{{- define "grafana.ingress.supportsPathType" -}}
{{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}}
{{- end -}}
{{/*
Figure out the grafana image tag
based on the value of global.upstreamCertifiedImages
*/}}
{{- define "get.grafanaImageTag"}}
{{- if .Values.global.airgapped.repository }}
{{- printf "k10-%s" (include "k10.grafanaImageTag" .) }}
{{- else }}
{{- printf "%s" (include "k10.grafanaImageTag" .) }}
{{- end }}
{{- end }}
{{- define "get.grafanaImageRepo" }}
{{- if .Values.global.upstreamCertifiedImages }}
{{- printf "%s/%s/grafana" .Values.k10image.registry .Values.k10image.repository }}
{{- else }}
{{- print .Values.image.repository }}
{{- end }}
{{- end }}
{{/*
Figure out the config based on
the value of airgapped.repository
*/}}
{{- define "get.grafanaServerimage" }}
{{- if not .Values.global.rhMarketPlace }}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/grafana:%s" .Values.global.airgapped.repository (include "get.grafanaImageTag" .) }}
{{- else }}
{{- printf "%s:%s" (include "get.grafanaImageRepo" .) (include "get.grafanaImageTag" .) }}
{{- end }}
{{- else }}
{{- printf "%s" .Values.global.images.grafana }}
{{- end -}}
{{- end }}
{{/*
Figure out the grafana init container busy box image tag
based on the value of global.airgapped.repository
*/}}
{{- define "get.grafanaInitContainerImageTag"}}
{{- if .Values.global.airgapped.repository }}
{{- printf "k10-%s" (include "k10.grafanaInitContainerImageTag" .) }}
{{- else }}
{{- printf "%s" (include "k10.grafanaInitContainerImageTag" .) }}
{{- end }}
{{- end }}
{{- define "get.grafanaInitContainerImageRepo" }}
{{- if .Values.global.upstreamCertifiedImages }}
{{- printf "%s/%s/ubi-minimal" .Values.k10image.registry .Values.k10image.repository }}
{{- else }}
{{- print .Values.ubi.image.repository }}
{{- end }}
{{- end }}
{{/*
Figure out the config based on
the value of airgapped.repository
*/}}
{{- define "get.grafanaInitContainerImage" }}
{{- if not .Values.global.rhMarketPlace }}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/ubi-minimal:%s" .Values.global.airgapped.repository (include "get.grafanaInitContainerImageTag" .) }}
{{- else }}
{{- printf "%s:%s" (include "get.grafanaInitContainerImageRepo" .) (include "get.grafanaInitContainerImageTag" .) }}
{{- end }}
{{- else }}
{{- printf "%s:%s" (include "get.grafanaInitContainerImageRepo" .) (include "get.grafanaInitContainerImageTag" .) }}
{{- end }}
{{- end }}

744
charts/k10/k10/5.0.400/charts/grafana/templates/_pod.tpl Normal file
View File

@ -0,0 +1,744 @@
{{- define "grafana.pod" -}}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "grafana.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }}
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 2 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{ toYaml .Values.hostAliases | indent 2 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if ( or .Values.global.persistence.enabled .Values.dashboards .Values.sidecar.notifiers.enabled .Values.extraInitContainers (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources)) }}
initContainers:
{{- end }}
{{- if ( and .Values.global.persistence.enabled .Values.initChownData.enabled ) }}
- name: init-chown-data
image: "{{ include "get.grafanaInitContainerImage" . }}"
imagePullPolicy: {{ .Values.ubi.image.pullPolicy }}
securityContext:
runAsNonRoot: false
runAsUser: 0
command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"]
resources:
{{ toYaml .Values.initChownData.resources | indent 6 }}
volumeMounts:
- name: storage
mountPath: "/var/lib/grafana"
{{- if .Values.persistence.subPath }}
subPath: {{ tpl .Values.persistence.subPath . }}
{{- end }}
{{- end }}
{{- if .Values.dashboards }}
- name: download-dashboards
{{- if .Values.downloadDashboardsImage.sha }}
image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}"
{{- else }}
image: "{{ include "get.grafanaInitContainerImage" . }}"
{{- end }}
imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }}
command: ["/bin/sh"]
args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh" ]
resources:
{{ toYaml .Values.downloadDashboards.resources | indent 6 }}
env:
{{- range $key, $value := .Values.downloadDashboards.env }}
- name: "{{ $key }}"
value: "{{ $value }}"
{{- end }}
{{- if .Values.downloadDashboards.envFromSecret }}
envFrom:
- secretRef:
name: {{ tpl .Values.downloadDashboards.envFromSecret . }}
{{- end }}
volumeMounts:
- name: config
mountPath: "/etc/grafana/download_dashboards.sh"
subPath: download_dashboards.sh
- name: storage
mountPath: "/var/lib/grafana"
{{- if .Values.persistence.subPath }}
subPath: {{ tpl .Values.persistence.subPath . }}
{{- end }}
{{- range .Values.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- end }}
{{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }}
- name: {{ template "grafana.name" . }}-init-sc-datasources
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
- name: METHOD
value: "LIST"
- name: LABEL
value: "{{ .Values.sidecar.datasources.label }}"
{{- if .Values.sidecar.datasources.labelValue }}
- name: LABEL_VALUE
value: {{ quote .Values.sidecar.datasources.labelValue }}
{{- end }}
- name: FOLDER
value: "/etc/grafana/provisioning/datasources"
- name: RESOURCE
value: {{ quote .Values.sidecar.datasources.resource }}
{{- if .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
{{- end }}
{{- if .Values.sidecar.datasources.searchNamespace }}
- name: NAMESPACE
value: "{{ .Values.sidecar.datasources.searchNamespace | join "," }}"
{{- end }}
{{- if .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ .Values.sidecar.skipTlsVerify }}"
{{- end }}
resources:
{{ toYaml .Values.sidecar.resources | indent 6 }}
{{- if .Values.sidecar.securityContext }}
securityContext:
{{- toYaml .Values.sidecar.securityContext | nindent 6 }}
{{- end }}
volumeMounts:
- name: sc-datasources-volume
mountPath: "/etc/grafana/provisioning/datasources"
{{- end }}
{{- if .Values.sidecar.notifiers.enabled }}
- name: {{ template "grafana.name" . }}-sc-notifiers
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
- name: METHOD
value: LIST
- name: LABEL
value: "{{ .Values.sidecar.notifiers.label }}"
- name: FOLDER
value: "/etc/grafana/provisioning/notifiers"
- name: RESOURCE
value: {{ quote .Values.sidecar.notifiers.resource }}
{{- if .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
{{- end }}
{{- if .Values.sidecar.notifiers.searchNamespace }}
- name: NAMESPACE
value: "{{ .Values.sidecar.notifiers.searchNamespace | join "," }}"
{{- end }}
{{- if .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ .Values.sidecar.skipTlsVerify }}"
{{- end }}
{{- if .Values.sidecar.livenessProbe }}
livenessProbe:
{{ toYaml .Values.livenessProbe | indent 6 }}
{{- end }}
{{- if .Values.sidecar.readinessProbe }}
readinessProbe:
{{ toYaml .Values.readinessProbe | indent 6 }}
{{- end }}
resources:
{{ toYaml .Values.sidecar.resources | indent 6 }}
{{- if .Values.sidecar.securityContext }}
securityContext:
{{- toYaml .Values.sidecar.securityContext | nindent 6 }}
{{- end }}
volumeMounts:
- name: sc-notifiers-volume
mountPath: "/etc/grafana/provisioning/notifiers"
{{- end}}
{{- if .Values.extraInitContainers }}
{{ tpl (toYaml .Values.extraInitContainers) . | indent 2 }}
{{- end }}
{{- if (or .Values.global.imagePullSecret .Values.image.pullSecrets) }}
imagePullSecrets:
{{- if .Values.global.imagePullSecret }}
- name: {{ .Values.global.imagePullSecret }}
{{- end }}
{{- $root := . }}
{{- range .Values.image.pullSecrets }}
- name: {{ tpl . $root }}
{{- end}}
{{- end }}
{{- if not .Values.enableKubeBackwardCompatibility }}
enableServiceLinks: {{ .Values.enableServiceLinks }}
{{- end }}
containers:
{{- if .Values.sidecar.dashboards.enabled }}
- name: {{ template "grafana.name" . }}-sc-dashboard
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
- name: METHOD
value: {{ .Values.sidecar.dashboards.watchMethod }}
- name: LABEL
value: "{{ .Values.sidecar.dashboards.label }}"
{{- if .Values.sidecar.dashboards.labelValue }}
- name: LABEL_VALUE
value: {{ quote .Values.sidecar.dashboards.labelValue }}
{{- end }}
- name: FOLDER
value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}"
- name: RESOURCE
value: {{ quote .Values.sidecar.dashboards.resource }}
{{- if .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
{{- end }}
{{- if .Values.sidecar.dashboards.searchNamespace }}
- name: NAMESPACE
value: "{{ .Values.sidecar.dashboards.searchNamespace | join "," }}"
{{- end }}
{{- if .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ .Values.sidecar.skipTlsVerify }}"
{{- end }}
{{- if .Values.sidecar.dashboards.folderAnnotation }}
- name: FOLDER_ANNOTATION
value: "{{ .Values.sidecar.dashboards.folderAnnotation }}"
{{- end }}
{{- if .Values.sidecar.dashboards.script }}
- name: SCRIPT
value: "{{ .Values.sidecar.dashboards.script }}"
{{- end }}
{{- if .Values.sidecar.dashboards.watchServerTimeout }}
- name: WATCH_SERVER_TIMEOUT
value: "{{ .Values.sidecar.dashboards.watchServerTimeout }}"
{{- end }}
{{- if .Values.sidecar.dashboards.watchClientTimeout }}
- name: WATCH_CLIENT_TIMEOUT
value: "{{ .Values.sidecar.dashboards.watchClientTimeout }}"
{{- end }}
{{- if .Values.sidecar.livenessProbe }}
livenessProbe:
{{ toYaml .Values.livenessProbe | indent 6 }}
{{- end }}
{{- if .Values.sidecar.readinessProbe }}
readinessProbe:
{{ toYaml .Values.readinessProbe | indent 6 }}
{{- end }}
resources:
{{ toYaml .Values.sidecar.resources | indent 6 }}
{{- if .Values.sidecar.securityContext }}
securityContext:
{{- toYaml .Values.sidecar.securityContext | nindent 6 }}
{{- end }}
volumeMounts:
- name: sc-dashboard-volume
mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
{{- if .Values.sidecar.dashboards.extraMounts }}
{{- toYaml .Values.sidecar.dashboards.extraMounts | trim | nindent 6}}
{{- end }}
{{- end}}
{{- if .Values.sidecar.datasources.enabled }}
- name: {{ template "grafana.name" . }}-sc-datasources
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
- name: METHOD
value: {{ .Values.sidecar.datasources.watchMethod }}
- name: LABEL
value: "{{ .Values.sidecar.datasources.label }}"
{{- if .Values.sidecar.datasources.labelValue }}
- name: LABEL_VALUE
value: {{ quote .Values.sidecar.datasources.labelValue }}
{{- end }}
- name: FOLDER
value: "/etc/grafana/provisioning/datasources"
- name: RESOURCE
value: {{ quote .Values.sidecar.datasources.resource }}
{{- if .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
{{- end }}
{{- if .Values.sidecar.datasources.searchNamespace }}
- name: NAMESPACE
value: "{{ .Values.sidecar.datasources.searchNamespace | join "," }}"
{{- end }}
{{- if .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ .Values.sidecar.skipTlsVerify }}"
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.userKey | default "admin-user" }}
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.passwordKey | default "admin-password" }}
{{- end }}
{{- if not .Values.sidecar.datasources.skipReload }}
- name: REQ_URL
value: {{ .Values.sidecar.datasources.reloadURL }}
- name: REQ_METHOD
value: POST
{{- end }}
{{- if .Values.sidecar.livenessProbe }}
livenessProbe:
{{ toYaml .Values.livenessProbe | indent 6 }}
{{- end }}
{{- if .Values.sidecar.readinessProbe }}
readinessProbe:
{{ toYaml .Values.readinessProbe | indent 6 }}
{{- end }}
resources:
{{ toYaml .Values.sidecar.resources | indent 6 }}
{{- if .Values.sidecar.securityContext }}
securityContext:
{{- toYaml .Values.sidecar.securityContext | nindent 6 }}
{{- end }}
volumeMounts:
- name: sc-datasources-volume
mountPath: "/etc/grafana/provisioning/datasources"
{{- end}}
{{- if .Values.sidecar.plugins.enabled }}
- name: {{ template "grafana.name" . }}-sc-plugins
{{- if .Values.sidecar.image.sha }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}"
{{- else }}
image: "{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }}
env:
- name: METHOD
value: {{ .Values.sidecar.plugins.watchMethod }}
- name: LABEL
value: "{{ .Values.sidecar.plugins.label }}"
{{- if .Values.sidecar.plugins.labelValue }}
- name: LABEL_VALUE
value: {{ quote .Values.sidecar.plugins.labelValue }}
{{- end }}
- name: FOLDER
value: "/etc/grafana/provisioning/plugins"
- name: RESOURCE
value: {{ quote .Values.sidecar.plugins.resource }}
{{- if .Values.sidecar.enableUniqueFilenames }}
- name: UNIQUE_FILENAMES
value: "{{ .Values.sidecar.enableUniqueFilenames }}"
{{- end }}
{{- if .Values.sidecar.plugins.searchNamespace }}
- name: NAMESPACE
value: "{{ .Values.sidecar.plugins.searchNamespace | join "," }}"
{{- end }}
{{- if .Values.sidecar.skipTlsVerify }}
- name: SKIP_TLS_VERIFY
value: "{{ .Values.sidecar.skipTlsVerify }}"
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_USERNAME
valueFrom:
secretKeyRef:
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.userKey | default "admin-user" }}
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: REQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.passwordKey | default "admin-password" }}
{{- end }}
{{- if not .Values.sidecar.plugins.skipReload }}
- name: REQ_URL
value: {{ .Values.sidecar.plugins.reloadURL }}
- name: REQ_METHOD
value: POST
{{- end }}
{{- if .Values.sidecar.livenessProbe }}
livenessProbe:
{{ toYaml .Values.livenessProbe | indent 6 }}
{{- end }}
{{- if .Values.sidecar.readinessProbe }}
readinessProbe:
{{ toYaml .Values.readinessProbe | indent 6 }}
{{- end }}
resources:
{{ toYaml .Values.sidecar.resources | indent 6 }}
{{- if .Values.sidecar.securityContext }}
securityContext:
{{- toYaml .Values.sidecar.securityContext | nindent 6 }}
{{- end }}
volumeMounts:
- name: sc-plugins-volume
mountPath: "/etc/grafana/provisioning/plugins"
{{- end}}
- name: {{ .Chart.Name }}
{{- if .Values.image.sha }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}"
{{- else }}
image: "{{ include "get.grafanaServerimage" . }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.command }}
command:
{{- range .Values.command }}
- {{ . }}
{{- end }}
{{- end}}
{{- if .Values.containerSecurityContext }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 6 }}
{{- end }}
volumeMounts:
- name: config
mountPath: "/etc/grafana/grafana.ini"
subPath: grafana.ini
{{- if .Values.ldap.enabled }}
- name: ldap
mountPath: "/etc/grafana/ldap.toml"
subPath: ldap.toml
{{- end }}
{{- $root := . }}
{{- range .Values.extraConfigmapMounts }}
- name: {{ tpl .name $root }}
mountPath: {{ tpl .mountPath $root }}
subPath: {{ (tpl .subPath $root) | default "" }}
readOnly: {{ .readOnly }}
{{- end }}
- name: storage
mountPath: "/var/lib/grafana"
{{- if .Values.persistence.subPath }}
subPath: {{ tpl .Values.persistence.subPath . }}
{{- end }}
{{- if .Values.dashboards }}
{{- range $provider, $dashboards := .Values.dashboards }}
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
- name: dashboards-{{ $provider }}
mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
subPath: "{{ $key }}.json"
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{- if .Values.dashboardsConfigMaps }}
{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }}
- name: dashboards-{{ . }}
mountPath: "/var/lib/grafana/dashboards/{{ . }}"
{{- end }}
{{- end }}
{{/* Mounting default datasources in pod as yaml */}}
- name: config
mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
subPath: "datasources.yaml"
{{- if .Values.notifiers }}
{{- range (keys .Values.notifiers | sortAlpha) }}
- name: config
mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}"
subPath: {{ . | quote }}
{{- end }}
{{- end }}
{{- if .Values.dashboardProviders }}
{{- range (keys .Values.dashboardProviders | sortAlpha) }}
- name: config
mountPath: "/etc/grafana/provisioning/dashboards/{{ . }}"
subPath: {{ . | quote }}
{{- end }}
{{- end }}
{{- if .Values.sidecar.dashboards.enabled }}
- name: sc-dashboard-volume
mountPath: {{ .Values.sidecar.dashboards.folder | quote }}
{{ if .Values.sidecar.dashboards.SCProvider }}
- name: sc-dashboard-provider
mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml"
subPath: provider.yaml
{{- end}}
{{- end}}
{{- if .Values.sidecar.datasources.enabled }}
- name: sc-datasources-volume
mountPath: "/etc/grafana/provisioning/datasources"
{{- end}}
{{- if .Values.sidecar.plugins.enabled }}
- name: sc-plugins-volume
mountPath: "/etc/grafana/provisioning/plugins"
{{- end}}
{{- if .Values.sidecar.notifiers.enabled }}
- name: sc-notifiers-volume
mountPath: "/etc/grafana/provisioning/notifiers"
{{- end}}
{{- range .Values.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
subPath: {{ .subPath | default "" }}
{{- end }}
{{- range .Values.extraVolumeMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath | default "" }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.extraEmptyDirMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
{{- end }}
ports:
- name: {{ .Values.service.portName }}
containerPort: {{ .Values.service.port }}
protocol: TCP
- name: {{ .Values.podPortName }}
containerPort: 3000
protocol: TCP
env:
{{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.userKey | default "admin-user" }}
{{- end }}
{{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }}
key: {{ .Values.admin.passwordKey | default "admin-password" }}
{{- end }}
{{- if .Values.plugins }}
- name: GF_INSTALL_PLUGINS
valueFrom:
configMapKeyRef:
name: {{ template "grafana.fullname" . }}
key: plugins
{{- end }}
{{- if .Values.smtp.existingSecret }}
- name: GF_SMTP_USER
valueFrom:
secretKeyRef:
name: {{ .Values.smtp.existingSecret }}
key: {{ .Values.smtp.userKey | default "user" }}
- name: GF_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.smtp.existingSecret }}
key: {{ .Values.smtp.passwordKey | default "password" }}
{{- end }}
{{- if .Values.imageRenderer.enabled }}
- name: GF_RENDERING_SERVER_URL
value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render
- name: GF_RENDERING_CALLBACK_URL
value: {{ .Values.imageRenderer.grafanaProtocol }}://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }}
{{- end }}
- name: GF_PATHS_DATA
value: {{ (get .Values "grafana.ini").paths.data }}
- name: GF_PATHS_LOGS
value: {{ (get .Values "grafana.ini").paths.logs }}
- name: GF_PATHS_PLUGINS
value: {{ (get .Values "grafana.ini").paths.plugins }}
- name: GF_PATHS_PROVISIONING
value: {{ (get .Values "grafana.ini").paths.provisioning }}
{{- range $key, $value := .Values.envValueFrom }}
- name: {{ $key | quote }}
valueFrom:
{{ tpl (toYaml $value) $ | indent 10 }}
{{- end }}
{{- range $key, $value := .Values.env }}
- name: "{{ tpl $key $ }}"
value: "{{ tpl (print $value) $ }}"
{{- end }}
{{- if or .Values.envFromSecret (or .Values.envRenderSecret .Values.envFromSecrets) .Values.envFromConfigMaps }}
envFrom:
{{- if .Values.envFromSecret }}
- secretRef:
name: {{ tpl .Values.envFromSecret . }}
{{- end }}
{{- if .Values.envRenderSecret }}
- secretRef:
name: {{ template "grafana.fullname" . }}-env
{{- end }}
{{- range .Values.envFromSecrets }}
- secretRef:
name: {{ tpl .name $ }}
optional: {{ .optional | default false }}
{{- end }}
{{- range .Values.envFromConfigMaps }}
- configMapRef:
name: {{ tpl .name $ }}
optional: {{ .optional | default false }}
{{- end }}
{{- end }}
livenessProbe:
{{ toYaml .Values.livenessProbe | indent 6 }}
readinessProbe:
{{ toYaml .Values.readinessProbe | indent 6 }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{ tpl (.Values.lifecycleHooks | toYaml) . | nindent 6 }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 6 }}
{{- with .Values.extraContainers }}
{{ tpl . $ | indent 2 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 2 }}
{{- end }}
{{- $root := . }}
{{- with .Values.affinity }}
affinity:
{{ tpl (toYaml .) $root | indent 2 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 2 }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ template "grafana.fullname" . }}
{{- $root := . }}
{{- range .Values.extraConfigmapMounts }}
- name: {{ tpl .name $root }}
configMap:
name: {{ tpl .configMap $root }}
{{- end }}
{{- if .Values.dashboards }}
{{- range (keys .Values.dashboards | sortAlpha) }}
- name: dashboards-{{ . }}
configMap:
name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }}
{{- end }}
{{- end }}
{{- if .Values.dashboardsConfigMaps }}
{{ $root := . }}
{{- range $provider, $name := .Values.dashboardsConfigMaps }}
- name: dashboards-{{ $provider }}
configMap:
name: {{ tpl $name $root }}
{{- end }}
{{- end }}
{{- if .Values.ldap.enabled }}
- name: ldap
secret:
{{- if .Values.ldap.existingSecret }}
secretName: {{ .Values.ldap.existingSecret }}
{{- else }}
secretName: {{ template "grafana.fullname" . }}
{{- end }}
items:
- key: ldap-toml
path: ldap.toml
{{- end }}
{{- if and .Values.global.persistence.enabled (eq .Values.persistence.type "pvc") }}
- name: storage
persistentVolumeClaim:
claimName: {{ tpl (.Values.persistence.existingClaim | default (include "grafana.fullname" .)) . }}
{{- else if and .Values.global.persistence.enabled (eq .Values.persistence.type "statefulset") }}
# nothing
{{- else }}
- name: storage
{{- if .Values.persistence.inMemory.enabled }}
emptyDir:
medium: Memory
{{- if .Values.persistence.inMemory.sizeLimit }}
sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }}
{{- end -}}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end -}}
{{- if .Values.sidecar.dashboards.enabled }}
- name: sc-dashboard-volume
{{- if .Values.sidecar.dashboards.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.sidecar.dashboards.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- if .Values.sidecar.dashboards.SCProvider }}
- name: sc-dashboard-provider
configMap:
name: {{ template "grafana.fullname" . }}-config-dashboards
{{- end }}
{{- end }}
{{- if .Values.sidecar.datasources.enabled }}
- name: sc-datasources-volume
{{- if .Values.sidecar.datasources.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.sidecar.datasources.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end -}}
{{- if .Values.sidecar.plugins.enabled }}
- name: sc-plugins-volume
{{- if .Values.sidecar.plugins.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.sidecar.plugins.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end -}}
{{- if .Values.sidecar.notifiers.enabled }}
- name: sc-notifiers-volume
{{- if .Values.sidecar.notifiers.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.sidecar.notifiers.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end -}}
{{- range .Values.extraSecretMounts }}
{{- if .secretName }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
defaultMode: {{ .defaultMode }}
{{- else if .projected }}
- name: {{ .name }}
projected: {{- toYaml .projected | nindent 6 }}
{{- else if .csi }}
- name: {{ .name }}
csi: {{- toYaml .csi | nindent 6 }}
{{- end }}
{{- end }}
{{- range .Values.extraVolumeMounts }}
- name: {{ .name }}
{{- if .existingClaim }}
persistentVolumeClaim:
claimName: {{ .existingClaim }}
{{- else if .hostPath }}
hostPath:
path: {{ .hostPath }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- range .Values.extraEmptyDirMounts }}
- name: {{ .name }}
emptyDir: {}
{{- end -}}
{{- if .Values.extraContainerVolumes }}
{{ toYaml .Values.extraContainerVolumes | indent 2 }}
{{- end }}
{{- end }}

27
charts/k10/k10/5.0.400/charts/grafana/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- if .Values.enabled }}
{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "grafana.fullname" . }}-clusterrole
{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraClusterRoleRules) }}
rules:
{{- if or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled }}
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
{{- end}}
{{- with .Values.rbac.extraClusterRoleRules }}
{{ toYaml . | indent 0 }}
{{- end}}
{{- else }}
rules: []
{{- end}}
{{- end}}
{{- end}}

26
charts/k10/k10/5.0.400/charts/grafana/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if .Values.enabled }}
{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "grafana.fullname" . }}-clusterrolebinding
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "grafana.serviceAccountName" . }}
namespace: {{ template "grafana.namespace" . }}
roleRef:
kind: ClusterRole
{{- if (not .Values.rbac.useExistingRole) }}
name: {{ template "grafana.fullname" . }}-clusterrole
{{- else }}
name: {{ .Values.rbac.useExistingRole }}
{{- end }}
apiGroup: rbac.authorization.k8s.io
{{- end -}}
{{- end -}}

31
charts/k10/k10/5.0.400/charts/grafana/templates/configmap-dashboard-provider.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- if .Values.enabled }}
{{- if .Values.sidecar.dashboards.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "grafana.fullname" . }}-config-dashboards
namespace: {{ template "grafana.namespace" . }}
data:
provider.yaml: |-
apiVersion: 1
providers:
- name: '{{ .Values.sidecar.dashboards.provider.name }}'
orgId: {{ .Values.sidecar.dashboards.provider.orgid }}
{{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
folder: '{{ .Values.sidecar.dashboards.provider.folder }}'
{{- end}}
type: {{ .Values.sidecar.dashboards.provider.type }}
disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }}
allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }}
updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }}
options:
foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }}
path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}
{{- end}}
{{- end}}

109
charts/k10/k10/5.0.400/charts/grafana/templates/configmap.yaml Normal file
View File

@ -0,0 +1,109 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
data:
# Adding default prometheus datasource for grafana
datasources.yaml: |
apiVersion: 1
datasources:
- access: proxy
editable: false
isDefault: true
name: Prometheus
type: prometheus
{{- if and .Values.global.prometheus.external.host .Values.global.prometheus.external.port }}
url: {{ printf "http://%s:%s/%s" .Values.global.prometheus.external.host .Values.global.prometheus.external.port .Values.global.prometheus.external.baseURL | trimSuffix "/" }}
{{- else }}
url: http://{{ .Values.prometheusName | trimSuffix "/" }}-exp/{{ .Values.prometheusPrefixURL | trimPrefix "/" }}
{{- end }}
jsonData:
timeInterval: '1m'
{{- if .Values.plugins }}
plugins: {{ join "," .Values.plugins }}
{{- end }}
grafana.ini: |
{{- range $key, $value := index .Values "grafana.ini" }}
[{{ $key }}]
{{- range $elem, $elemVal := $value }}
{{- if kindIs "invalid" $elemVal }}
{{ $elem }} =
{{- else if kindIs "string" $elemVal }}
{{ $elem }} = {{ tpl $elemVal $ }}
{{- else }}
{{ $elem }} = {{ $elemVal }}
{{- end }}
{{- end }}
{{- end }}
[server]
root_url=/{{ include "k10.ingressPath" . | trimSuffix "/"}}/grafana
serve_from_sub_path=true
{{- if .Values.datasources }}
{{ $root := . }}
{{- range $key, $value := .Values.datasources }}
{{ $key }}: |
{{ tpl (toYaml $value | indent 4) $root }}
{{- end -}}
{{- end -}}
{{- if .Values.notifiers }}
{{- range $key, $value := .Values.notifiers }}
{{ $key }}: |
{{ toYaml $value | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.dashboardProviders }}
{{- range $key, $value := .Values.dashboardProviders }}
{{ $key }}: |
{{ toYaml $value | indent 4 }}
{{- end -}}
{{- end -}}
{{- if .Values.dashboards }}
download_dashboards.sh: |
#!/usr/bin/env sh
set -euf
{{- if .Values.dashboardProviders }}
{{- range $key, $value := .Values.dashboardProviders }}
{{- range $value.providers }}
mkdir -p {{ .options.path }}
{{- end }}
{{- end }}
{{- end }}
{{ $dashboardProviders := .Values.dashboardProviders }}
{{- range $provider, $dashboards := .Values.dashboards }}
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
curl -skf \
--connect-timeout 60 \
--max-time 60 \
{{- if not $value.b64content }}
-H "Accept: application/json" \
{{- if $value.token }}
-H "Authorization: token {{ $value.token }}" \
{{- end }}
-H "Content-Type: application/json;charset=UTF-8" \
{{ end }}
{{- $dpPath := "" -}}
{{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers -}}
{{- if eq $kd.name $provider -}}
{{- $dpPath = $kd.options.path -}}
{{- end -}}
{{- end -}}
{{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \
> "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json"
{{- end }}
{{- end -}}
{{- end }}
{{- end }}
{{- end }}

37
charts/k10/k10/5.0.400/charts/grafana/templates/dashboards-json-configmap.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.enabled }}
{{- if .Values.dashboards }}
{{ $files := .Files }}
{{- range $provider, $dashboards := .Values.dashboards }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }}
namespace: {{ template "grafana.namespace" $ }}
labels:
{{- include "grafana.labels" $ | nindent 4 }}
dashboard-provider: {{ $provider }}
{{- if $dashboards }}
data:
{{- $dashboardFound := false }}
{{- range $key, $value := $dashboards }}
{{- if (or (hasKey $value "json") (hasKey $value "file")) }}
{{- $dashboardFound = true }}
{{ print $key | indent 2 }}.json:
{{- if hasKey $value "json" }}
|-
{{ $value.json | indent 6 }}
{{- end }}
{{- if hasKey $value "file" }}
{{ toYaml ( $files.Get $value.file ) | indent 4}}
{{- end }}
{{- end }}
{{- end }}
{{- if not $dashboardFound }}
{}
{{- end }}
{{- end }}
---
{{- end }}
{{- end }}
{{- end }}

52
charts/k10/k10/5.0.400/charts/grafana/templates/deployment.yaml Normal file
View File

@ -0,0 +1,52 @@
{{- if .Values.enabled }}
{{ if (or (not .Values.global.persistence.enabled) (eq .Values.persistence.type "pvc")) }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- if .Values.labels }}
{{ toYaml .Values.labels | indent 4 }}
{{- end }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }}
replicas: {{ .Values.replicas }}
{{- end }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "grafana.selectorLabels" . | nindent 6 }}
{{- with .Values.deploymentStrategy }}
strategy:
{{ toYaml . | trim | indent 4 }}
{{- end }}
template:
metadata:
labels:
{{- include "grafana.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.envRenderSecret }}
checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.podAnnotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- include "grafana.pod" . | nindent 6 }}
{{- end }}
{{- end }}

4
charts/k10/k10/5.0.400/charts/grafana/templates/extra-manifests.yaml Normal file
View File

@ -0,0 +1,4 @@
{{ range .Values.extraObjects }}
---
{{ tpl (toYaml .) $ }}
{{ end }}

24
charts/k10/k10/5.0.400/charts/grafana/templates/headless-service.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- if .Values.enabled }}
{{- if or .Values.headlessService (and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset"))}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "grafana.fullname" . }}-headless
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
clusterIP: None
selector:
{{- include "grafana.selectorLabels" . | nindent 4 }}
type: ClusterIP
ports:
- protocol: TCP
port: 3000
targetPort: 3000
{{- end }}
{{- end }}

22
charts/k10/k10/5.0.400/charts/grafana/templates/hpa.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if .Values.enabled }}
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "grafana.fullname" . }}
labels:
app: {{ template "grafana.name" . }}
helm.sh/chart: {{ template "grafana.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "grafana.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{ toYaml .Values.autoscaling.metrics | indent 4 }}
{{- end }}
{{- end }}

123
charts/k10/k10/5.0.400/charts/grafana/templates/image-renderer-deployment.yaml Normal file
View File

@ -0,0 +1,123 @@
{{- if .Values.enabled }}
{{ if .Values.imageRenderer.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "grafana.fullname" . }}-image-renderer
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.imageRenderer.labels" . | nindent 4 }}
{{- if .Values.imageRenderer.labels }}
{{ toYaml .Values.imageRenderer.labels | indent 4 }}
{{- end }}
{{- with .Values.imageRenderer.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.imageRenderer.replicas }}
revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
{{- with .Values.imageRenderer.deploymentStrategy }}
strategy:
{{ toYaml . | trim | indent 4 }}
{{- end }}
template:
metadata:
labels:
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }}
{{- with .Values.imageRenderer.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.imageRenderer.podAnnotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- if .Values.imageRenderer.schedulerName }}
schedulerName: "{{ .Values.imageRenderer.schedulerName }}"
{{- end }}
{{- if .Values.imageRenderer.serviceAccountName }}
serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}"
{{- end }}
{{- if .Values.imageRenderer.securityContext }}
securityContext:
{{- toYaml .Values.imageRenderer.securityContext | nindent 8 }}
{{- end }}
{{- if .Values.imageRenderer.hostAliases }}
hostAliases:
{{- toYaml .Values.imageRenderer.hostAliases | nindent 8 }}
{{- end }}
{{- if .Values.imageRenderer.priorityClassName }}
priorityClassName: {{ .Values.imageRenderer.priorityClassName }}
{{- end }}
{{- if .Values.imageRenderer.image.pullSecrets }}
imagePullSecrets:
{{- $root := . }}
{{- range .Values.imageRenderer.image.pullSecrets }}
- name: {{ tpl . $root }}
{{- end}}
{{- end }}
containers:
- name: {{ .Chart.Name }}-image-renderer
{{- if .Values.imageRenderer.image.sha }}
image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}"
{{- else }}
image: "{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }}
{{- if .Values.imageRenderer.command }}
command:
{{- range .Values.imageRenderer.command }}
- {{ . }}
{{- end }}
{{- end}}
ports:
- name: {{ .Values.imageRenderer.service.portName }}
containerPort: {{ .Values.imageRenderer.service.port }}
protocol: TCP
livenessProbe:
httpGet:
path: /
port: {{ .Values.imageRenderer.service.portName }}
env:
- name: HTTP_PORT
value: {{ .Values.imageRenderer.service.port | quote }}
{{- range $key, $value := .Values.imageRenderer.env }}
- name: {{ $key | quote }}
value: {{ $value | quote }}
{{- end }}
securityContext:
capabilities:
drop: ['all']
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: image-renderer-tmpfs
{{- with .Values.imageRenderer.resources }}
resources:
{{ toYaml . | indent 12 }}
{{- end }}
{{- with .Values.imageRenderer.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- $root := . }}
{{- with .Values.imageRenderer.affinity }}
affinity:
{{ tpl (toYaml .) $root | indent 8 }}
{{- end }}
{{- with .Values.imageRenderer.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: image-renderer-tmpfs
emptyDir: {}
{{- end }}
{{- end }}

78
charts/k10/k10/5.0.400/charts/grafana/templates/image-renderer-network-policy.yaml Normal file
View File

@ -0,0 +1,78 @@
{{- if .Values.enabled }}
{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "grafana.fullname" . }}-image-renderer-ingress
namespace: {{ template "grafana.namespace" . }}
annotations:
comment: Limit image-renderer ingress traffic from grafana
spec:
podSelector:
matchLabels:
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
{{- if .Values.imageRenderer.podLabels }}
{{ toYaml .Values.imageRenderer.podLabels | nindent 6 }}
{{- end }}
policyTypes:
- Ingress
ingress:
- ports:
- port: {{ .Values.imageRenderer.service.port }}
protocol: TCP
from:
- namespaceSelector:
matchLabels:
name: {{ template "grafana.namespace" . }}
podSelector:
matchLabels:
{{- include "grafana.selectorLabels" . | nindent 14 }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | nindent 14 }}
{{- end }}
{{ end }}
{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "grafana.fullname" . }}-image-renderer-egress
namespace: {{ template "grafana.namespace" . }}
annotations:
comment: Limit image-renderer egress traffic to grafana
spec:
podSelector:
matchLabels:
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }}
{{- if .Values.imageRenderer.podLabels }}
{{ toYaml .Values.imageRenderer.podLabels | nindent 6 }}
{{- end }}
policyTypes:
- Egress
egress:
# allow dns resolution
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
# talk only to grafana
- ports:
- port: {{ .Values.service.port }}
protocol: TCP
to:
- namespaceSelector:
matchLabels:
name: {{ template "grafana.namespace" . }}
podSelector:
matchLabels:
{{- include "grafana.selectorLabels" . | nindent 14 }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | nindent 14 }}
{{- end }}
{{ end }}
{{- end}}

32
charts/k10/k10/5.0.400/charts/grafana/templates/image-renderer-service.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- if .Values.enabled }}
{{ if .Values.imageRenderer.enabled }}
{{ if .Values.imageRenderer.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "grafana.fullname" . }}-image-renderer
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.imageRenderer.labels" . | nindent 4 }}
{{- if .Values.imageRenderer.service.labels }}
{{ toYaml .Values.imageRenderer.service.labels | indent 4 }}
{{- end }}
{{- with .Values.imageRenderer.service.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
type: ClusterIP
{{- if .Values.imageRenderer.service.clusterIP }}
clusterIP: {{ .Values.imageRenderer.service.clusterIP }}
{{end}}
ports:
- name: {{ .Values.imageRenderer.service.portName }}
port: {{ .Values.imageRenderer.service.port }}
protocol: TCP
targetPort: {{ .Values.imageRenderer.service.targetPort }}
selector:
{{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }}
{{ end }}
{{ end }}
{{- end}}

80
charts/k10/k10/5.0.400/charts/grafana/templates/ingress.yaml Normal file
View File

@ -0,0 +1,80 @@
{{- if .Values.enabled }}
{{- if .Values.ingress.enabled -}}
{{- $ingressApiIsStable := eq (include "grafana.ingress.isStable" .) "true" -}}
{{- $ingressSupportsIngressClassName := eq (include "grafana.ingress.supportsIngressClassName" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "grafana.ingress.supportsPathType" .) "true" -}}
{{- $fullName := include "grafana.fullname" . -}}
{{- $servicePort := .Values.service.port -}}
{{- $ingressPath := .Values.ingress.path -}}
{{- $ingressPathType := .Values.ingress.pathType -}}
{{- $extraPaths := .Values.ingress.extraPaths -}}
apiVersion: {{ include "grafana.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- if .Values.ingress.labels }}
{{ toYaml .Values.ingress.labels | indent 4 }}
{{- end }}
{{- if .Values.ingress.annotations }}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ tpl $value $ | quote }}
{{- end }}
{{- end }}
spec:
{{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
{{- end -}}
{{- if .Values.ingress.tls }}
tls:
{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }}
{{- end }}
rules:
{{- if .Values.ingress.hosts }}
{{- range .Values.ingress.hosts }}
- host: {{ tpl . $}}
http:
paths:
{{- if $extraPaths }}
{{ toYaml $extraPaths | indent 10 }}
{{- end }}
- path: {{ $ingressPath }}
{{- if $ingressSupportsPathType }}
pathType: {{ $ingressPathType }}
{{- end }}
backend:
{{- if $ingressApiIsStable }}
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- else }}
- http:
paths:
- backend:
{{- if $ingressApiIsStable }}
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- if $ingressPath }}
path: {{ $ingressPath }}
{{- end }}
{{- if $ingressSupportsPathType }}
pathType: {{ $ingressPathType }}
{{- end }}
{{- end -}}
{{- end }}
{{- end }}

18
charts/k10/k10/5.0.400/charts/grafana/templates/networkpolicy.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.enabled }}
{{ if .Values.service.enabled}}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "grafana.name" . }}-network-policy
namespace: {{ template "grafana.namespace" . }}
spec:
podSelector:
matchLabels:
release: {{ .Release.Name }}
app: {{ template "grafana.name" . }}
ingress:
- { }
egress:
- { }
{{- end }}
{{- end }}

24
charts/k10/k10/5.0.400/charts/grafana/templates/poddisruptionbudget.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- if .Values.enabled }}
{{- if .Values.podDisruptionBudget }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- if .Values.labels }}
{{ toYaml .Values.labels | indent 4 }}
{{- end }}
spec:
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "grafana.selectorLabels" . | nindent 6 }}
{{- end }}
{{- end }}

51
charts/k10/k10/5.0.400/charts/grafana/templates/podsecuritypolicy.yaml Normal file
View File

@ -0,0 +1,51 @@
{{- if .Values.enabled }}
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "grafana.fullname" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
{{- if .Values.rbac.pspUseAppArmor }}
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
# Default set from Docker, with DAC_OVERRIDE and CHOWN
- ALL
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'csi'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
{{- end }}
{{- end }}

33
charts/k10/k10/5.0.400/charts/grafana/templates/pvc.yaml Normal file
View File

@ -0,0 +1,33 @@
{{- if .Values.enabled }}
{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.persistence.finalizers }}
finalizers:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.global.persistence.accessMode }}
resources:
requests:
storage: {{ default .Values.global.persistence.size .Values.global.persistence.grafana.size | quote }}
{{- if .Values.global.persistence.storageClass }}
storageClassName: {{ .Values.global.persistence.storageClass }}
{{- end -}}
{{- with .Values.persistence.selectorLabels }}
selector:
matchLabels:
{{ toYaml . | indent 6 }}
{{- end }}
{{- end }}
{{- end}}

34
charts/k10/k10/5.0.400/charts/grafana/templates/role.yaml Normal file
View File

@ -0,0 +1,34 @@
{{- if .Values.enabled }}
{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}}
apiVersion: {{ template "grafana.rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- if or .Values.rbac.pspEnabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.rbac.extraRoleRules))) }}
rules:
{{- if .Values.rbac.pspEnabled }}
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "grafana.fullname" . }}]
{{- end }}
{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled .Values.sidecar.datasources.enabled) }}
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps", "secrets"]
verbs: ["get", "watch", "list"]
{{- end }}
{{- with .Values.rbac.extraRoleRules }}
{{ toYaml . | indent 0 }}
{{- end}}
{{- else }}
rules: []
{{- end }}
{{- end }}
{{- end}}

27
charts/k10/k10/5.0.400/charts/grafana/templates/rolebinding.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- if .Values.enabled }}
{{- if .Values.rbac.create -}}
apiVersion: {{ template "grafana.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
{{- if (not .Values.rbac.useExistingRole) }}
name: {{ template "grafana.fullname" . }}
{{- else }}
name: {{ .Values.rbac.useExistingRole }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "grafana.serviceAccountName" . }}
namespace: {{ template "grafana.namespace" . }}
{{- end -}}
{{- end}}

16
charts/k10/k10/5.0.400/charts/grafana/templates/secret-env.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if .Values.enabled }}
{{- if .Values.envRenderSecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "grafana.fullname" . }}-env
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
type: Opaque
data:
{{- range $key, $val := .Values.envRenderSecret }}
{{ $key }}: {{ $val | b64enc | quote }}
{{- end -}}
{{- end }}
{{- end}}

28
charts/k10/k10/5.0.400/charts/grafana/templates/secret.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if .Values.enabled }}
{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
type: Opaque
data:
{{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }}
admin-user: {{ .Values.adminUser | b64enc | quote }}
{{- if .Values.adminPassword }}
admin-password: {{ .Values.adminPassword | b64enc | quote }}
{{- else }}
admin-password: {{ template "grafana.password" . }}
{{- end }}
{{- end }}
{{- if not .Values.ldap.existingSecret }}
ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

62
charts/k10/k10/5.0.400/charts/grafana/templates/service.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- if .Values.enabled }}
{{ if .Values.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- if .Values.service.labels }}
{{ toYaml .Values.service.labels | indent 4 }}
{{- end }}
annotations:
getambassador.io/config: |
---
apiVersion: getambassador.io/v3alpha1
kind: Mapping
name: grafana-server-mapping
prefix: /{{- include "k10.ingressPath" . | trimSuffix "/" }}/grafana/
rewrite: /
service: {{ template "grafana.fullname" .}}:{{ .Values.service.port }}
timeout_ms: 15000
hostname: "*"
ambassador_id: [ {{ include "k10.ambassadorId" . }} ]
spec:
{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
type: ClusterIP
{{- if .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP }}
{{end}}
{{- else if eq .Values.service.type "LoadBalancer" }}
type: {{ .Values.service.type }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- else }}
type: {{ .Values.service.type }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{ toYaml .Values.service.externalIPs | indent 4 }}
{{- end }}
ports:
- name: {{ .Values.service.portName }}
port: {{ .Values.service.port }}
protocol: TCP
targetPort: {{ .Values.service.targetPort }}
{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
nodePort: {{.Values.service.nodePort}}
{{ end }}
{{- if .Values.extraExposePorts }}
{{- tpl (toYaml .Values.extraExposePorts) . | indent 4 }}
{{- end }}
selector:
{{- include "grafana.selectorLabels" . | nindent 4 }}
{{- end }}
{{- end }}

16
charts/k10/k10/5.0.400/charts/grafana/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if .Values.enabled }}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- $root := . }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{ tpl (toYaml . | indent 4) $root }}
{{- end }}
name: {{ template "grafana.serviceAccountName" . }}
namespace: {{ template "grafana.namespace" . }}
{{- end }}
{{- end}}

46
charts/k10/k10/5.0.400/charts/grafana/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,46 @@
{{- if .Values.enabled }}
{{- if .Values.serviceMonitor.enabled }}
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "grafana.fullname" . }}
{{- if .Values.serviceMonitor.namespace }}
namespace: {{ .Values.serviceMonitor.namespace }}
{{- else }}
namespace: {{ template "grafana.namespace" . }}
{{- end }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- if .Values.serviceMonitor.labels }}
{{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: {{ .Values.service.portName }}
{{- with .Values.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
honorLabels: true
path: {{ .Values.serviceMonitor.path }}
scheme: {{ .Values.serviceMonitor.scheme }}
{{- if .Values.serviceMonitor.tlsConfig }}
tlsConfig:
{{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }}
{{- end }}
{{- if .Values.serviceMonitor.relabelings }}
relabelings:
{{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }}
{{- end }}
jobLabel: "{{ .Release.Name }}"
selector:
matchLabels:
{{- include "grafana.selectorLabels" . | nindent 8 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
{{- end }}
{{- end}}

55
charts/k10/k10/5.0.400/charts/grafana/templates/statefulset.yaml Normal file
View File

@ -0,0 +1,55 @@
{{- if .Values.enabled }}
{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "grafana.fullname" . }}
namespace: {{ template "grafana.namespace" . }}
labels:
{{- include "grafana.labels" . | nindent 4 }}
{{- with .Values.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
{{- include "grafana.selectorLabels" . | nindent 6 }}
serviceName: {{ template "grafana.fullname" . }}-headless
template:
metadata:
labels:
{{- include "grafana.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }}
checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }}
{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.podAnnotations }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
{{- include "grafana.pod" . | nindent 6 }}
volumeClaimTemplates:
- metadata:
name: storage
spec:
accessModes:
- {{ .Values.global.persistence.accessMode }}
storageClassName: {{ .Values.global.persistence.storageClass }}
resources:
requests:
storage: {{ .Values.global.persistence.size }}
{{- with .Values.persistence.selectorLabels }}
selector:
matchLabels:
{{ toYaml . | indent 10 }}
{{- end }}
{{- end }}
{{- end}}

3277
charts/k10/k10/5.0.400/charts/grafana/values.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

28
charts/k10/k10/5.0.400/charts/prometheus/Chart.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: v2
appVersion: 2.34.0
dependencies:
- condition: kubeStateMetrics.enabled
name: kube-state-metrics
repository: https://prometheus-community.github.io/helm-charts
version: 4.7.*
description: Prometheus is a monitoring system and time series database.
home: https://prometheus.io/
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
maintainers:
- email: gianrubio@gmail.com
name: gianrubio
- email: zanhsieh@gmail.com
name: zanhsieh
- email: miroslav.hadzhiev@gmail.com
name: Xtigyro
- email: naseem@transit.app
name: naseemkullah
name: prometheus
sources:
- https://github.com/prometheus/alertmanager
- https://github.com/prometheus/prometheus
- https://github.com/prometheus/pushgateway
- https://github.com/prometheus/node_exporter
- https://github.com/kubernetes/kube-state-metrics
type: application
version: 15.8.5

226
charts/k10/k10/5.0.400/charts/prometheus/README.md Normal file
View File

@ -0,0 +1,226 @@
# Prometheus
[Prometheus](https://prometheus.io/), a [Cloud Native Computing Foundation](https://cncf.io/) project, is a systems and service monitoring system. It collects metrics from configured targets at given intervals, evaluates rule expressions, displays the results, and can trigger alerts if some condition is observed to be true.
This chart bootstraps a [Prometheus](https://prometheus.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
## Prerequisites
- Kubernetes 1.16+
- Helm 3+
## Get Repo Info
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
## Install Chart
```console
helm install [RELEASE_NAME] prometheus-community/prometheus
```
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Dependencies
By default this chart installs additional, dependent charts:
- [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics)
To disable the dependency during installation, set `kubeStateMetrics.enabled` to `false`.
_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
## Uninstall Chart
```console
helm uninstall [RELEASE_NAME]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
## Upgrading Chart
```console
helm upgrade [RELEASE_NAME] [CHART] --install
```
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
### To 15.0
Version 15.0.0 changes the relabeling config, aligning it with the [Prometheus community conventions](https://github.com/prometheus/prometheus/pull/9832). If you've made manual changes to the relabeling config, you have to adapt your changes.
Before you update please execute the following command, to be able to update kube-state-metrics:
```bash
kubectl delete deployments.apps -l app.kubernetes.io/instance=prometheus,app.kubernetes.io/name=kube-state-metrics --cascade=orphan
```
### To 9.0
Version 9.0 adds a new option to enable or disable the Prometheus Server. This supports the use case of running a Prometheus server in one k8s cluster and scraping exporters in another cluster while using the same chart for each deployment. To install the server `server.enabled` must be set to `true`.
### To 5.0
As of version 5.0, this chart uses Prometheus 2.x. This version of prometheus introduces a new data format and is not compatible with prometheus 1.x. It is recommended to install this as a new release, as updating existing releases will not work. See the [prometheus docs](https://prometheus.io/docs/prometheus/latest/migration/#storage) for instructions on retaining your old data.
Prometheus version 2.x has made changes to alertmanager, storage and recording rules. Check out the migration guide [here](https://prometheus.io/docs/prometheus/2.0/migration/).
Users of this chart will need to update their alerting rules to the new format before they can upgrade.
### Example Migration
Assuming you have an existing release of the prometheus chart, named `prometheus-old`. In order to update to prometheus 2.x while keeping your old data do the following:
1. Update the `prometheus-old` release. Disable scraping on every component besides the prometheus server, similar to the configuration below:
```yaml
alertmanager:
enabled: false
alertmanagerFiles:
alertmanager.yml: ""
kubeStateMetrics:
enabled: false
nodeExporter:
enabled: false
pushgateway:
enabled: false
server:
extraArgs:
storage.local.retention: 720h
serverFiles:
alerts: ""
prometheus.yml: ""
rules: ""
```
1. Deploy a new release of the chart with version 5.0+ using prometheus 2.x. In the values.yaml set the scrape config as usual, and also add the `prometheus-old` instance as a remote-read target.
```yaml
prometheus.yml:
...
remote_read:
- url: http://prometheus-old/api/v1/read
...
```
Old data will be available when you query the new prometheus instance.
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands:
```console
helm show values prometheus-community/prometheus
```
You may similarly use the above configuration commands on each chart [dependency](#dependencies) to see it's configurations.
### Scraping Pod Metrics via Annotations
This chart uses a default configuration that causes prometheus to scrape a variety of kubernetes resource types, provided they have the correct annotations. In this section we describe how to configure pods to be scraped; for information on how other resource types can be scraped you can do a `helm template` to get the kubernetes resource definitions, and then reference the prometheus configuration in the ConfigMap against the prometheus documentation for [relabel_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) and [kubernetes_sd_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#kubernetes_sd_config).
In order to get prometheus to scrape pods, you must add annotations to the the pods as below:
```yaml
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: /metrics
prometheus.io/port: "8080"
```
You should adjust `prometheus.io/path` based on the URL that your pod serves metrics from. `prometheus.io/port` should be set to the port that your pod serves metrics from. Note that the values for `prometheus.io/scrape` and `prometheus.io/port` must be enclosed in double quotes.
### Sharing Alerts Between Services
Note that when [installing](#install-chart) or [upgrading](#upgrading-chart) you may use multiple values override files. This is particularly useful when you have alerts belonging to multiple services in the cluster. For example,
```yaml
# values.yaml
# ...
# service1-alert.yaml
serverFiles:
alerts:
service1:
- alert: anAlert
# ...
# service2-alert.yaml
serverFiles:
alerts:
service2:
- alert: anAlert
# ...
```
```console
helm install [RELEASE_NAME] prometheus-community/prometheus -f values.yaml -f service1-alert.yaml -f service2-alert.yaml
```
### RBAC Configuration
Roles and RoleBindings resources will be created automatically for `server` service.
To manually setup RBAC you need to set the parameter `rbac.create=false` and specify the service account to be used for each service by setting the parameters: `serviceAccounts.{{ component }}.create` to `false` and `serviceAccounts.{{ component }}.name` to the name of a pre-existing service account.
> **Tip**: You can refer to the default `*-clusterrole.yaml` and `*-clusterrolebinding.yaml` files in [templates](templates/) to customize your own.
### ConfigMap Files
AlertManager is configured through [alertmanager.yml](https://prometheus.io/docs/alerting/configuration/). This file (and any others listed in `alertmanagerFiles`) will be mounted into the `alertmanager` pod.
Prometheus is configured through [prometheus.yml](https://prometheus.io/docs/operating/configuration/). This file (and any others listed in `serverFiles`) will be mounted into the `server` pod.
### Ingress TLS
If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [cert-manager](https://github.com/jetstack/cert-manager)), please refer to the documentation for that mechanism.
To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret in the namespace:
```console
kubectl create secret tls prometheus-server-tls --cert=path/to/tls.cert --key=path/to/tls.key
```
Include the secret's name, along with the desired hostnames, in the alertmanager/server Ingress TLS section of your custom `values.yaml` file:
```yaml
server:
ingress:
## If true, Prometheus server Ingress will be created
##
enabled: true
## Prometheus server Ingress hostnames
## Must be provided if Ingress is enabled
##
hosts:
- prometheus.domain.com
## Prometheus server Ingress TLS configuration
## Secrets must be manually created in the namespace
##
tls:
- secretName: prometheus-server-tls
hosts:
- prometheus.domain.com
```
### NetworkPolicy
Enabling Network Policy for Prometheus will secure connections to Alert Manager and Kube State Metrics by only accepting connections from Prometheus Server. All inbound connections to Prometheus Server are still allowed.
To enable network policy for Prometheus, install a networking plugin that implements the Kubernetes NetworkPolicy spec, and set `networkPolicy.enabled` to true.
If NetworkPolicy is enabled for Prometheus' scrape targets, you may also need to manually create a networkpolicy which allows it.

112
charts/k10/k10/5.0.400/charts/prometheus/templates/NOTES.txt Normal file
View File

@ -0,0 +1,112 @@
{{- if .Values.server.enabled -}}
The Prometheus server can be accessed via port {{ .Values.server.service.servicePort }} on the following DNS name from within your cluster:
{{ template "prometheus.server.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.server.ingress.enabled -}}
From outside the cluster, the server URL(s) are:
{{- range .Values.server.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else }}
Get the Prometheus server URL by running these commands in the same shell:
{{- if contains "NodePort" .Values.server.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.server.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.server.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.server.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.server.service.servicePort }}
{{- else if contains "ClusterIP" .Values.server.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.server.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9090
{{- end }}
{{- end }}
{{- if .Values.server.persistentVolume.enabled }}
{{- else }}
#################################################################################
###### WARNING: Persistence is disabled!!! You will lose your data when #####
###### the Server pod is terminated. #####
#################################################################################
{{- end }}
{{- end }}
{{ if .Values.alertmanager.enabled }}
The Prometheus alertmanager can be accessed via port {{ .Values.alertmanager.service.servicePort }} on the following DNS name from within your cluster:
{{ template "prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.alertmanager.ingress.enabled -}}
From outside the cluster, the alertmanager URL(s) are:
{{- range .Values.alertmanager.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else }}
Get the Alertmanager URL by running these commands in the same shell:
{{- if contains "NodePort" .Values.alertmanager.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.alertmanager.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.alertmanager.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.alertmanager.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.alertmanager.service.servicePort }}
{{- else if contains "ClusterIP" .Values.alertmanager.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.alertmanager.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9093
{{- end }}
{{- end }}
{{- if .Values.alertmanager.persistentVolume.enabled }}
{{- else }}
#################################################################################
###### WARNING: Persistence is disabled!!! You will lose your data when #####
###### the AlertManager pod is terminated. #####
#################################################################################
{{- end }}
{{- end }}
{{- if .Values.nodeExporter.podSecurityPolicy.enabled }}
{{- else }}
#################################################################################
###### WARNING: Pod Security Policy has been moved to a global property. #####
###### use .Values.podSecurityPolicy.enabled with pod-based #####
###### annotations #####
###### (e.g. .Values.nodeExporter.podSecurityPolicy.annotations) #####
#################################################################################
{{- end }}
{{ if .Values.pushgateway.enabled }}
The Prometheus PushGateway can be accessed via port {{ .Values.pushgateway.service.servicePort }} on the following DNS name from within your cluster:
{{ template "prometheus.pushgateway.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
{{ if .Values.pushgateway.ingress.enabled -}}
From outside the cluster, the pushgateway URL(s) are:
{{- range .Values.pushgateway.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else }}
Get the PushGateway URL by running these commands in the same shell:
{{- if contains "NodePort" .Values.pushgateway.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus.pushgateway.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.pushgateway.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "prometheus.pushgateway.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus.pushgateway.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.pushgateway.service.servicePort }}
{{- else if contains "ClusterIP" .Values.pushgateway.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus.name" . }},component={{ .Values.pushgateway.name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9091
{{- end }}
{{- end }}
{{- end }}
For more information on running Prometheus, visit:
https://prometheus.io/

3
charts/k10/k10/5.0.400/charts/prometheus/templates/_definitions.tpl Normal file
View File

@ -0,0 +1,3 @@
{{/* Autogenerated, do NOT modify */}}
{{- define "k10.prometheusImageTag" -}}v2.34.0{{- end -}}
{{- define "k10.prometheusConfigMapReloaderImageTag" -}}v0.5.0{{- end -}}

400
charts/k10/k10/5.0.400/charts/prometheus/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,400 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "prometheus.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "prometheus.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create unified labels for prometheus components
*/}}
{{- define "prometheus.common.matchLabels" -}}
app: {{ template "prometheus.name" . }}
release: {{ .Release.Name }}
{{- end -}}
{{- define "prometheus.common.metaLabels" -}}
chart: {{ template "prometheus.chart" . }}
heritage: {{ .Release.Service }}
{{- end -}}
{{- define "prometheus.alertmanager.labels" -}}
{{ include "prometheus.alertmanager.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.alertmanager.matchLabels" -}}
component: {{ .Values.alertmanager.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.nodeExporter.labels" -}}
{{ include "prometheus.nodeExporter.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.nodeExporter.matchLabels" -}}
component: {{ .Values.nodeExporter.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.pushgateway.labels" -}}
{{ include "prometheus.pushgateway.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.pushgateway.matchLabels" -}}
component: {{ .Values.pushgateway.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{- define "prometheus.server.labels" -}}
{{ include "prometheus.server.matchLabels" . }}
{{ include "prometheus.common.metaLabels" . }}
{{- end -}}
{{- define "prometheus.server.matchLabels" -}}
component: {{ .Values.server.name | quote }}
{{ include "prometheus.common.matchLabels" . }}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Figure out the config based on
the value of airgapped.repository
*/}}
{{- define "get.cmreloadimage" }}
{{- if not .Values.global.rhMarketPlace }}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/configmap-reload:%s" .Values.global.airgapped.repository (include "get.cmReloadImageTag" .) }}
{{- else }}
{{- printf "%s:%s" (include "get.cmReloadImageRepo" .) (include "get.cmReloadImageTag" .) }}
{{- end }}
{{- else }}
{{- printf "%s" (get .Values.global.images "configmap-reload") }}
{{- end -}}
{{- end }}
{{/*
Figure out the config based on
the value of airgapped.repository
*/}}
{{- define "get.serverimage" }}
{{- if not .Values.global.rhMarketPlace }}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/prometheus:%s" .Values.global.airgapped.repository (include "get.promImageTag" .) }}
{{- else }}
{{- printf "%s:%s" (include "get.promImageRepo" .) (include "get.promImageTag" .) }}
{{- end }}
{{- else }}
{{- printf "%s" (get .Values.global.images "prometheus") }}
{{- end -}}
{{- end }}
{{/*
Figure out the configmap-reload image tag
based on the value of global.upstreamCertifiedImages
*/}}
{{- define "get.cmReloadImageTag"}}
{{- if .Values.global.upstreamCertifiedImages }}
{{- if .Values.global.airgapped.repository }}
{{- printf "k10-%s-rh-ubi" (include "k10.prometheusConfigMapReloaderImageTag" .) }}
{{- else }}
{{- printf "%s-rh-ubi" (include "k10.prometheusConfigMapReloaderImageTag" .) }}
{{- end }}
{{- else }}
{{- if .Values.global.airgapped.repository }}
{{- printf "k10-%s" (include "k10.prometheusConfigMapReloaderImageTag" .) }}
{{- else }}
{{- printf "%s" (include "k10.prometheusConfigMapReloaderImageTag" .) }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Figure out the prometheus image tag
based on the value of global.upstreamCertifiedImages
*/}}
{{- define "get.promImageTag"}}
{{- if .Values.global.upstreamCertifiedImages }}
{{- if .Values.global.airgapped.repository }}
{{- printf "k10-%s-rh-ubi" (include "k10.prometheusImageTag" .) }}
{{- else }}
{{- printf "%s-rh-ubi" (include "k10.prometheusImageTag" .) }}
{{- end }}
{{- else }}
{{- if .Values.global.airgapped.repository }}
{{- printf "k10-%s" (include "k10.prometheusImageTag" .) }}
{{- else }}
{{- printf "%s" (include "k10.prometheusImageTag" .) }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Figure out the configmap-reload image repo
based on the value of global.upstreamCertifiedImages
*/}}
{{- define "get.cmReloadImageRepo" }}
{{- if .Values.global.upstreamCertifiedImages }}
{{- printf "%s/%s/configmap-reload" .Values.k10image.registry .Values.k10image.repository }}
{{- else }}
{{- print .Values.configmapReload.prometheus.image.repository }}
{{- end }}
{{- end }}
{{/*
Figure out the prom image repo
based on the value of global.upstreamCertifiedImages
*/}}
{{- define "get.promImageRepo" }}
{{- if .Values.global.upstreamCertifiedImages }}
{{- printf "%s/%s/prometheus" .Values.k10image.registry .Values.k10image.repository }}
{{- else }}
{{- print .Values.server.image.repository }}
{{- end }}
{{- end }}
{{/*
Create a fully qualified alertmanager name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.alertmanager.fullname" -}}
{{- if .Values.alertmanager.fullnameOverride -}}
{{- .Values.alertmanager.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.alertmanager.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified node-exporter name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.nodeExporter.fullname" -}}
{{- if .Values.nodeExporter.fullnameOverride -}}
{{- .Values.nodeExporter.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeExporter.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified Prometheus server name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.server.fullname" -}}
{{- if .Values.server.fullnameOverride -}}
{{- .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified Prometheus server clusterrole name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.server.clusterrolefullname" -}}
{{- if .Values.server.clusterRoleNameOverride -}}
{{- .Values.server.clusterRoleNameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- if .Values.server.fullnameOverride -}}
{{- printf "%s-%s" .Release.Name .Values.server.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.server.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a fully qualified pushgateway name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "prometheus.pushgateway.fullname" -}}
{{- if .Values.pushgateway.fullnameOverride -}}
{{- .Values.pushgateway.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.pushgateway.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Get KubeVersion removing pre-release information.
*/}}
{{- define "prometheus.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version (regexFind "v[0-9]+\\.[0-9]+\\.[0-9]+" .Capabilities.KubeVersion.Version) -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "prometheus.deployment.apiVersion" -}}
{{- print "apps/v1" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for daemonset.
*/}}
{{- define "prometheus.daemonset.apiVersion" -}}
{{- print "apps/v1" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "prometheus.networkPolicy.apiVersion" -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podsecuritypolicy.
*/}}
{{- define "prometheus.podSecurityPolicy.apiVersion" -}}
{{- print "policy/v1beta1" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for rbac.
*/}}
{{- define "rbac.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
{{- print "rbac.authorization.k8s.io/v1" -}}
{{- else -}}
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "ingress.apiVersion" -}}
{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19.x" (include "prometheus.kubeVersion" .)) -}}
{{- print "networking.k8s.io/v1" -}}
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return if ingress is stable.
*/}}
{{- define "ingress.isStable" -}}
{{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}}
{{- end -}}
{{/*
Return if ingress supports ingressClassName.
*/}}
{{- define "ingress.supportsIngressClassName" -}}
{{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "prometheus.kubeVersion" .))) -}}
{{- end -}}
{{/*
Return if ingress supports pathType.
*/}}
{{- define "ingress.supportsPathType" -}}
{{- or (eq (include "ingress.isStable" .) "true") (and (eq (include "ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "prometheus.kubeVersion" .))) -}}
{{- end -}}
{{/*
Create the name of the service account to use for the alertmanager component
*/}}
{{- define "prometheus.serviceAccountName.alertmanager" -}}
{{- if .Values.serviceAccounts.alertmanager.create -}}
{{ default (include "prometheus.alertmanager.fullname" .) .Values.serviceAccounts.alertmanager.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.alertmanager.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the nodeExporter component
*/}}
{{- define "prometheus.serviceAccountName.nodeExporter" -}}
{{- if .Values.serviceAccounts.nodeExporter.create -}}
{{ default (include "prometheus.nodeExporter.fullname" .) .Values.serviceAccounts.nodeExporter.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.nodeExporter.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the pushgateway component
*/}}
{{- define "prometheus.serviceAccountName.pushgateway" -}}
{{- if .Values.serviceAccounts.pushgateway.create -}}
{{ default (include "prometheus.pushgateway.fullname" .) .Values.serviceAccounts.pushgateway.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.pushgateway.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use for the server component
*/}}
{{- define "prometheus.serviceAccountName.server" -}}
{{- if .Values.serviceAccounts.server.create -}}
{{ default (include "prometheus.server.fullname" .) .Values.serviceAccounts.server.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.server.name }}
{{- end -}}
{{- end -}}
{{/*
Define the prometheus.namespace template if set with forceNamespace or .Release.Namespace is set
*/}}
{{- define "prometheus.namespace" -}}
{{- if .Values.forceNamespace -}}
{{ printf "namespace: %s" .Values.forceNamespace }}
{{- else -}}
{{ printf "namespace: %s" .Release.Namespace }}
{{- end -}}
{{- end -}}

21
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/clusterrole.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.alertmanager.useClusterRole (not .Values.alertmanager.useExistingRole) -}}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.alertmanager.fullname" . }}
{{- else }}
[]
{{- end }}
{{- end }}

20
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.alertmanager.useClusterRole -}}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.alertmanager" . }}
{{ include "prometheus.namespace" . | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
{{- if (not .Values.alertmanager.useExistingRole) }}
name: {{ template "prometheus.alertmanager.fullname" . }}
{{- else }}
name: {{ .Values.alertmanager.useExistingRole }}
{{- end }}
{{- end }}

19
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/cm.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if and .Values.alertmanager.enabled (and (empty .Values.alertmanager.configMapOverrideName) (empty .Values.alertmanager.configFromSecret)) -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
data:
{{- $root := . -}}
{{- range $key, $value := .Values.alertmanagerFiles }}
{{- if $key | regexMatch ".*\\.ya?ml$" }}
{{ $key }}: |
{{ toYaml $value | default "{}" | indent 4 }}
{{- else }}
{{ $key }}: {{ toYaml $value | indent 4 }}
{{- end }}
{{- end -}}
{{- end -}}

208
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/deploy.yaml Normal file
View File

@ -0,0 +1,208 @@
{{- if and .Values.alertmanager.enabled (not .Values.alertmanager.statefulSet.enabled) -}}
apiVersion: {{ template "prometheus.deployment.apiVersion" . }}
kind: Deployment
metadata:
{{- if .Values.alertmanager.deploymentAnnotations }}
annotations:
{{ toYaml .Values.alertmanager.deploymentAnnotations | nindent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
selector:
matchLabels:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
replicas: {{ .Values.alertmanager.replicaCount }}
{{- if .Values.alertmanager.strategy }}
strategy:
{{ toYaml .Values.alertmanager.strategy | trim | indent 4 }}
{{ if eq .Values.alertmanager.strategy.type "Recreate" }}rollingUpdate: null{{ end }}
{{- end }}
template:
metadata:
{{- if .Values.alertmanager.podAnnotations }}
annotations:
{{ toYaml .Values.alertmanager.podAnnotations | nindent 8 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 8 }}
{{- if .Values.alertmanager.podLabels}}
{{ toYaml .Values.alertmanager.podLabels | nindent 8 }}
{{- end}}
spec:
{{- if .Values.alertmanager.schedulerName }}
schedulerName: "{{ .Values.alertmanager.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }}
{{- if .Values.alertmanager.extraInitContainers }}
initContainers:
{{ toYaml .Values.alertmanager.extraInitContainers | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.priorityClassName }}
priorityClassName: "{{ .Values.alertmanager.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
env:
{{- range $key, $value := .Values.alertmanager.extraEnv }}
- name: {{ $key }}
value: {{ $value }}
{{- end }}
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
args:
- --config.file=/etc/config/{{ .Values.alertmanager.configFileName }}
- --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }}
{{- if .Values.alertmanager.service.enableMeshPeer }}
- --cluster.listen-address=0.0.0.0:6783
- --cluster.advertise-address=[$(POD_IP)]:6783
{{- else }}
- --cluster.listen-address=
{{- end }}
{{- range $key, $value := .Values.alertmanager.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.alertmanager.baseURL }}
- --web.external-url={{ .Values.alertmanager.baseURL }}
{{- end }}
{{- range .Values.alertmanager.clusterPeers }}
- --cluster.peer={{ . }}
{{- end }}
ports:
- containerPort: 9093
readinessProbe:
httpGet:
path: {{ .Values.alertmanager.prefixURL }}/-/ready
port: 9093
{{- if .Values.alertmanager.probeHeaders }}
httpHeaders:
{{- range .Values.alertmanager.probeHeaders }}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
{{- end }}
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
{{ toYaml .Values.alertmanager.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}"
subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}"
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.alertmanager.extraConfigmapMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.configmapReload.alertmanager.enabled }}
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }}
image: "{{ .Values.configmapReload.alertmanager.image.repository }}:{{ .Values.configmapReload.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload
{{- range $key, $value := .Values.configmapReload.alertmanager.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- range .Values.configmapReload.alertmanager.extraVolumeDirs }}
- --volume-dir={{ . }}
{{- end }}
{{- if .Values.configmapReload.alertmanager.containerPort }}
ports:
- containerPort: {{ .Values.configmapReload.alertmanager.containerPort }}
{{- end }}
resources:
{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- range .Values.configmapReload.alertmanager.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.alertmanager.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.nodeSelector }}
nodeSelector:
{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.alertmanager.dnsConfig }}
dnsConfig:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.securityContext }}
securityContext:
{{ toYaml .Values.alertmanager.securityContext | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.tolerations }}
tolerations:
{{ toYaml .Values.alertmanager.tolerations | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.affinity }}
affinity:
{{ toYaml .Values.alertmanager.affinity | indent 8 }}
{{- end }}
volumes:
- name: config-volume
{{- if empty .Values.alertmanager.configFromSecret }}
configMap:
name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
{{- else }}
secret:
secretName: {{ .Values.alertmanager.configFromSecret }}
{{- end }}
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- with .optional }}
optional: {{ . }}
{{- end }}
{{- end }}
{{- range .Values.alertmanager.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.configmapReload.alertmanager.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.alertmanager.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
- name: storage-volume
{{- if .Values.alertmanager.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.alertmanager.persistentVolume.existingClaim }}{{ .Values.alertmanager.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
{{- else }}
emptyDir:
{{- if .Values.alertmanager.emptyDir.sizeLimit }}
sizeLimit: {{ .Values.alertmanager.emptyDir.sizeLimit }}
{{- else }}
{}
{{- end -}}
{{- end -}}
{{- end }}

31
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/headless-svc.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.alertmanager.statefulSet.headless.annotations }}
annotations:
{{ toYaml .Values.alertmanager.statefulSet.headless.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
{{- if .Values.alertmanager.statefulSet.headless.labels }}
{{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.alertmanager.fullname" . }}-headless
{{ include "prometheus.namespace" . | indent 2 }}
spec:
clusterIP: None
ports:
- name: http
port: {{ .Values.alertmanager.statefulSet.headless.servicePort }}
protocol: TCP
targetPort: 9093
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
- name: meshpeer
port: 6783
protocol: TCP
targetPort: 6783
{{- end }}
selector:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }}
{{- end }}

57
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/ingress.yaml Normal file
View File

@ -0,0 +1,57 @@
{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled -}}
{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}}
{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
{{- $releaseName := .Release.Name -}}
{{- $serviceName := include "prometheus.alertmanager.fullname" . }}
{{- $servicePort := .Values.alertmanager.service.servicePort -}}
{{- $ingressPath := .Values.alertmanager.ingress.path -}}
{{- $ingressPathType := .Values.alertmanager.ingress.pathType -}}
{{- $extraPaths := .Values.alertmanager.ingress.extraPaths -}}
apiVersion: {{ template "ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.alertmanager.ingress.annotations }}
annotations:
{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
{{- range $key, $value := .Values.alertmanager.ingress.extraLabels }}
{{ $key }}: {{ $value }}
{{- end }}
name: {{ template "prometheus.alertmanager.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
{{- if and $ingressSupportsIngressClassName .Values.alertmanager.ingress.ingressClassName }}
ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }}
{{- end }}
rules:
{{- range .Values.alertmanager.ingress.hosts }}
{{- $url := splitList "/" . }}
- host: {{ first $url }}
http:
paths:
{{ if $extraPaths }}
{{ toYaml $extraPaths | indent 10 }}
{{- end }}
- path: {{ $ingressPath }}
{{- if $ingressSupportsPathType }}
pathType: {{ $ingressPathType }}
{{- end }}
backend:
{{- if $ingressApiIsStable }}
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- if .Values.alertmanager.ingress.tls }}
tls:
{{ toYaml .Values.alertmanager.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}

20
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/netpol.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if and .Values.alertmanager.enabled .Values.networkPolicy.enabled -}}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.alertmanager.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 12 }}
- ports:
- port: 9093
{{- end -}}

14
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/pdb.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if .Values.alertmanager.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "prometheus.alertmanager.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
spec:
maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }}
selector:
matchLabels:
{{- include "prometheus.alertmanager.labels" . | nindent 6 }}
{{- end }}

46
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/psp.yaml Normal file
View File

@ -0,0 +1,46 @@
{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.alertmanager.fullname" . }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
annotations:
{{- if .Values.alertmanager.podSecurityPolicy.annotations }}
{{ toYaml .Values.alertmanager.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'persistentVolumeClaim'
- 'emptyDir'
- 'secret'
allowedHostPaths:
- pathPrefix: /etc
readOnly: true
- pathPrefix: {{ .Values.alertmanager.persistentVolume.mountPath }}
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: true
{{- end }}

43
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/pvc.yaml Normal file
View File

@ -0,0 +1,43 @@
{{- if not .Values.alertmanager.statefulSet.enabled -}}
{{- if and .Values.alertmanager.enabled .Values.alertmanager.persistentVolume.enabled -}}
{{- if not .Values.alertmanager.persistentVolume.existingClaim -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.alertmanager.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
accessModes:
{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }}
{{- if .Values.alertmanager.persistentVolume.storageClass }}
{{- if (eq "-" .Values.alertmanager.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}"
{{- end }}
{{- else if .Values.global.persistence.storageClass }}
{{- if (eq "-" .Values.global.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.global.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- if .Values.alertmanager.persistentVolume.volumeBindingMode }}
volumeBindingMode: "{{ .Values.alertmanager.persistentVolume.volumeBindingMode }}"
{{- end }}
resources:
requests:
storage: "{{ .Values.alertmanager.persistentVolume.size }}"
{{- if .Values.alertmanager.persistentVolume.selector }}
selector:
{{- toYaml .Values.alertmanager.persistentVolume.selector | nindent 4 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

24
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/role.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- if and .Values.alertmanager.enabled .Values.rbac.create (eq .Values.alertmanager.useClusterRole false) (not .Values.alertmanager.useExistingRole) -}}
{{- range $.Values.alertmanager.namespaces }}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: Role
metadata:
labels:
{{- include "prometheus.alertmanager.labels" $ | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" $ }}
namespace: {{ . }}
rules:
{{- if $.Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.alertmanager.fullname" $ }}
{{- else }}
[]
{{- end }}
{{- end }}
{{- end }}

23
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/rolebinding.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if and .Values.alertmanager.enabled .Values.rbac.create (eq .Values.alertmanager.useClusterRole false) -}}
{{ range $.Values.alertmanager.namespaces }}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: RoleBinding
metadata:
labels:
{{- include "prometheus.alertmanager.labels" $ | nindent 4 }}
name: {{ template "prometheus.alertmanager.fullname" $ }}
namespace: {{ . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.alertmanager" $ }}
{{ include "prometheus.namespace" $ | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
{{- if (not $.Values.alertmanager.useExistingRole) }}
name: {{ template "prometheus.alertmanager.fullname" $ }}
{{- else }}
name: {{ $.Values.alertmanager.useExistingRole }}
{{- end }}
{{- end }}
{{ end }}

53
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/service.yaml Normal file
View File

@ -0,0 +1,53 @@
{{- if .Values.alertmanager.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.alertmanager.service.annotations }}
annotations:
{{ toYaml .Values.alertmanager.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
{{- if .Values.alertmanager.service.labels }}
{{ toYaml .Values.alertmanager.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.alertmanager.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
{{- if .Values.alertmanager.service.clusterIP }}
clusterIP: {{ .Values.alertmanager.service.clusterIP }}
{{- end }}
{{- if .Values.alertmanager.service.externalIPs }}
externalIPs:
{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.alertmanager.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }}
{{- end }}
{{- if .Values.alertmanager.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.alertmanager.service.servicePort }}
protocol: TCP
targetPort: 9093
{{- if .Values.alertmanager.service.nodePort }}
nodePort: {{ .Values.alertmanager.service.nodePort }}
{{- end }}
{{- if .Values.alertmanager.service.enableMeshPeer }}
- name: meshpeer
port: 6783
protocol: TCP
targetPort: 6783
{{- end }}
selector:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 4 }}
{{- if .Values.alertmanager.service.sessionAffinity }}
sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }}
{{- end }}
type: "{{ .Values.alertmanager.service.type }}"
{{- end }}

11
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/serviceaccount.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.alertmanager.enabled .Values.serviceAccounts.alertmanager.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.alertmanager" . }}
{{ include "prometheus.namespace" . | indent 2 }}
annotations:
{{ toYaml .Values.serviceAccounts.alertmanager.annotations | indent 4 }}
{{- end -}}

194
charts/k10/k10/5.0.400/charts/prometheus/templates/alertmanager/sts.yaml Normal file
View File

@ -0,0 +1,194 @@
{{- if and .Values.alertmanager.enabled .Values.alertmanager.statefulSet.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
{{- if .Values.alertmanager.statefulSet.annotations }}
annotations:
{{ toYaml .Values.alertmanager.statefulSet.annotations | nindent 4 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 4 }}
{{- if .Values.alertmanager.statefulSet.labels}}
{{ toYaml .Values.alertmanager.statefulSet.labels | nindent 4 }}
{{- end}}
name: {{ template "prometheus.alertmanager.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless
selector:
matchLabels:
{{- include "prometheus.alertmanager.matchLabels" . | nindent 6 }}
replicas: {{ .Values.alertmanager.replicaCount }}
podManagementPolicy: {{ .Values.alertmanager.statefulSet.podManagementPolicy }}
template:
metadata:
{{- if .Values.alertmanager.podAnnotations }}
annotations:
{{ toYaml .Values.alertmanager.podAnnotations | nindent 8 }}
{{- end }}
labels:
{{- include "prometheus.alertmanager.labels" . | nindent 8 }}
{{- if .Values.alertmanager.podLabels}}
{{ toYaml .Values.alertmanager.podLabels | nindent 8 }}
{{- end}}
spec:
{{- if .Values.alertmanager.affinity }}
affinity:
{{ toYaml .Values.alertmanager.affinity | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.schedulerName }}
schedulerName: "{{ .Values.alertmanager.schedulerName }}"
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.alertmanager" . }}
{{- if .Values.alertmanager.priorityClassName }}
priorityClassName: "{{ .Values.alertmanager.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}
image: "{{ .Values.alertmanager.image.repository }}:{{ .Values.alertmanager.image.tag }}"
imagePullPolicy: "{{ .Values.alertmanager.image.pullPolicy }}"
env:
{{- range $key, $value := .Values.alertmanager.extraEnv }}
- name: {{ $key }}
value: {{ $value }}
{{- end }}
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
args:
- --config.file=/etc/config/alertmanager.yml
- --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }}
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
- --cluster.advertise-address=[$(POD_IP)]:6783
- --cluster.listen-address=0.0.0.0:6783
{{- range $n := until (.Values.alertmanager.replicaCount | int) }}
- --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783
{{- end }}
{{- else }}
- --cluster.listen-address=
{{- end }}
{{- range $key, $value := .Values.alertmanager.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.alertmanager.baseURL }}
- --web.external-url={{ .Values.alertmanager.baseURL }}
{{- end }}
ports:
- containerPort: 9093
{{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }}
- containerPort: 6783
{{- end }}
readinessProbe:
httpGet:
path: {{ .Values.alertmanager.prefixURL }}/#/status
port: 9093
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
{{ toYaml .Values.alertmanager.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: "{{ .Values.alertmanager.persistentVolume.mountPath }}"
subPath: "{{ .Values.alertmanager.persistentVolume.subPath }}"
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.configmapReload.alertmanager.enabled }}
- name: {{ template "prometheus.name" . }}-{{ .Values.alertmanager.name }}-{{ .Values.configmapReload.alertmanager.name }}
image: "{{ include "get.cmreloadimage" .}}"
imagePullPolicy: "{{ .Values.configmapReload.alertmanager.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload
{{- range $key, $value := .Values.configmapReload.alertmanager.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.configmapReload.alertmanager.port }}
ports:
- containerPort: {{ .Values.configmapReload.alertmanager.port }}
{{- end }}
resources:
{{ toYaml .Values.configmapReload.alertmanager.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.nodeSelector }}
nodeSelector:
{{ toYaml .Values.alertmanager.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.securityContext }}
securityContext:
{{ toYaml .Values.alertmanager.securityContext | indent 8 }}
{{- end }}
{{- if .Values.alertmanager.tolerations }}
tolerations:
{{ toYaml .Values.alertmanager.tolerations | indent 8 }}
{{- end }}
volumes:
- name: config-volume
{{- if empty .Values.alertmanager.configFromSecret }}
configMap:
name: {{ if .Values.alertmanager.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.alertmanager.configMapOverrideName }}{{- else }}{{ template "prometheus.alertmanager.fullname" . }}{{- end }}
{{- else }}
secret:
secretName: {{ .Values.alertmanager.configFromSecret }}
{{- end }}
{{- range .Values.alertmanager.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- with .optional }}
optional: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.alertmanager.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: storage-volume
{{- if .Values.alertmanager.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.alertmanager.persistentVolume.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
{{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 10 }}
resources:
requests:
storage: "{{ .Values.alertmanager.persistentVolume.size }}"
{{- if .Values.server.persistentVolume.storageClass }}
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.alertmanager.persistentVolume.storageClass }}"
{{- end }}
{{- else if .Values.global.persistence.storageClass }}
{{- if (eq "-" .Values.global.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.global.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- else }}
- name: storage-volume
emptyDir:
{{- if .Values.alertmanager.emptyDir.sizeLimit }}
sizeLimit: {{ .Values.alertmanager.emptyDir.sizeLimit }}
{{- else }}
{}
{{- end -}}
{{- end }}
{{- end }}

150
charts/k10/k10/5.0.400/charts/prometheus/templates/node-exporter/daemonset.yaml Normal file
View File

@ -0,0 +1,150 @@
{{- if .Values.nodeExporter.enabled -}}
apiVersion: {{ template "prometheus.daemonset.apiVersion" . }}
kind: DaemonSet
metadata:
{{- if .Values.nodeExporter.deploymentAnnotations }}
annotations:
{{ toYaml .Values.nodeExporter.deploymentAnnotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
name: {{ template "prometheus.nodeExporter.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
selector:
matchLabels:
{{- include "prometheus.nodeExporter.matchLabels" . | nindent 6 }}
{{- if .Values.nodeExporter.updateStrategy }}
updateStrategy:
{{ toYaml .Values.nodeExporter.updateStrategy | indent 4 }}
{{- end }}
template:
metadata:
{{- if .Values.nodeExporter.podAnnotations }}
annotations:
{{ toYaml .Values.nodeExporter.podAnnotations | indent 8 }}
{{- end }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 8 }}
{{- if .Values.nodeExporter.pod.labels }}
{{ toYaml .Values.nodeExporter.pod.labels | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
{{- if .Values.nodeExporter.extraInitContainers }}
initContainers:
{{ toYaml .Values.nodeExporter.extraInitContainers | indent 8 }}
{{- end }}
{{- if .Values.nodeExporter.priorityClassName }}
priorityClassName: "{{ .Values.nodeExporter.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.nodeExporter.name }}
image: "{{ .Values.nodeExporter.image.repository }}:{{ .Values.nodeExporter.image.tag }}"
imagePullPolicy: "{{ .Values.nodeExporter.image.pullPolicy }}"
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
{{- if .Values.nodeExporter.hostRootfs }}
- --path.rootfs=/host/root
{{- end }}
{{- if .Values.nodeExporter.hostNetwork }}
- --web.listen-address=:{{ .Values.nodeExporter.service.hostPort }}
{{- end }}
{{- range $key, $value := .Values.nodeExporter.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
ports:
- name: metrics
{{- if .Values.nodeExporter.hostNetwork }}
containerPort: {{ .Values.nodeExporter.service.hostPort }}
{{- else }}
containerPort: 9100
{{- end }}
hostPort: {{ .Values.nodeExporter.service.hostPort }}
resources:
{{ toYaml .Values.nodeExporter.resources | indent 12 }}
{{- if .Values.nodeExporter.container.securityContext }}
securityContext:
{{ toYaml .Values.nodeExporter.container.securityContext | indent 12 }}
{{- end }}
volumeMounts:
- name: proc
mountPath: /host/proc
readOnly: true
- name: sys
mountPath: /host/sys
readOnly: true
{{- if .Values.nodeExporter.hostRootfs }}
- name: root
mountPath: /host/root
mountPropagation: HostToContainer
readOnly: true
{{- end }}
{{- range .Values.nodeExporter.extraHostPathMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- if .mountPropagation }}
mountPropagation: {{ .mountPropagation }}
{{- end }}
{{- end }}
{{- range .Values.nodeExporter.extraConfigmapMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.nodeExporter.hostNetwork }}
hostNetwork: true
{{- end }}
{{- if .Values.nodeExporter.hostPID }}
hostPID: true
{{- end }}
{{- if .Values.nodeExporter.tolerations }}
tolerations:
{{ toYaml .Values.nodeExporter.tolerations | indent 8 }}
{{- end }}
{{- if .Values.nodeExporter.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeExporter.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.nodeExporter.dnsConfig }}
dnsConfig:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.nodeExporter.securityContext }}
securityContext:
{{ toYaml .Values.nodeExporter.securityContext | indent 8 }}
{{- end }}
volumes:
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
{{- if .Values.nodeExporter.hostRootfs }}
- name: root
hostPath:
path: /
{{- end }}
{{- range .Values.nodeExporter.extraHostPathMounts }}
- name: {{ .name }}
hostPath:
path: {{ .hostPath }}
{{- end }}
{{- range .Values.nodeExporter.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- end -}}

55
charts/k10/k10/5.0.400/charts/prometheus/templates/node-exporter/psp.yaml Normal file
View File

@ -0,0 +1,55 @@
{{- if and .Values.nodeExporter.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.nodeExporter.fullname" . }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
annotations:
{{- if .Values.nodeExporter.podSecurityPolicy.annotations }}
{{ toYaml .Values.nodeExporter.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'configMap'
- 'hostPath'
- 'secret'
allowedHostPaths:
- pathPrefix: /proc
readOnly: true
- pathPrefix: /sys
readOnly: true
- pathPrefix: /
readOnly: true
{{- range .Values.nodeExporter.extraHostPathMounts }}
- pathPrefix: {{ .hostPath }}
readOnly: {{ .readOnly }}
{{- end }}
hostNetwork: {{ .Values.nodeExporter.hostNetwork }}
hostPID: {{ .Values.nodeExporter.hostPID }}
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
hostPorts:
- min: 1
max: 65535
{{- end }}

17
charts/k10/k10/5.0.400/charts/prometheus/templates/node-exporter/role.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
{{- if or (default .Values.nodeExporter.podSecurityPolicy.enabled false) (.Values.podSecurityPolicy.enabled) }}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: Role
metadata:
name: {{ template "prometheus.nodeExporter.fullname" . }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
{{ include "prometheus.namespace" . | indent 2 }}
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ template "prometheus.nodeExporter.fullname" . }}
{{- end }}
{{- end }}

19
charts/k10/k10/5.0.400/charts/prometheus/templates/node-exporter/rolebinding.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if and .Values.nodeExporter.enabled .Values.rbac.create }}
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ template "prometheus.nodeExporter.fullname" . }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
{{ include "prometheus.namespace" . | indent 2 }}
roleRef:
kind: Role
name: {{ template "prometheus.nodeExporter.fullname" . }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
{{ include "prometheus.namespace" . | indent 2 }}
{{- end }}
{{- end }}

11
charts/k10/k10/5.0.400/charts/prometheus/templates/node-exporter/serviceaccount.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.nodeExporter.enabled .Values.serviceAccounts.nodeExporter.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.nodeExporter" . }}
{{ include "prometheus.namespace" . | indent 2 }}
annotations:
{{ toYaml .Values.serviceAccounts.nodeExporter.annotations | indent 4 }}
{{- end -}}

47
charts/k10/k10/5.0.400/charts/prometheus/templates/node-exporter/svc.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- if .Values.nodeExporter.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.nodeExporter.service.annotations }}
annotations:
{{ toYaml .Values.nodeExporter.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.nodeExporter.labels" . | nindent 4 }}
{{- if .Values.nodeExporter.service.labels }}
{{ toYaml .Values.nodeExporter.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.nodeExporter.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
{{- if .Values.nodeExporter.service.clusterIP }}
clusterIP: {{ .Values.nodeExporter.service.clusterIP }}
{{- end }}
{{- if .Values.nodeExporter.service.externalIPs }}
externalIPs:
{{ toYaml .Values.nodeExporter.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.nodeExporter.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.nodeExporter.service.loadBalancerIP }}
{{- end }}
{{- if .Values.nodeExporter.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.nodeExporter.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: metrics
{{- if .Values.nodeExporter.hostNetwork }}
port: {{ .Values.nodeExporter.service.hostPort }}
protocol: TCP
targetPort: {{ .Values.nodeExporter.service.hostPort }}
{{- else }}
port: {{ .Values.nodeExporter.service.servicePort }}
protocol: TCP
targetPort: 9100
{{- end }}
selector:
{{- include "prometheus.nodeExporter.matchLabels" . | nindent 4 }}
type: "{{ .Values.nodeExporter.service.type }}"
{{- end -}}

21
charts/k10/k10/5.0.400/charts/prometheus/templates/pushgateway/clusterrole.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if and .Values.pushgateway.enabled .Values.rbac.create -}}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.pushgateway.fullname" . }}
{{- else }}
[]
{{- end }}
{{- end }}

16
charts/k10/k10/5.0.400/charts/prometheus/templates/pushgateway/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if and .Values.pushgateway.enabled .Values.rbac.create -}}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.pushgateway" . }}
{{ include "prometheus.namespace" . | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "prometheus.pushgateway.fullname" . }}
{{- end }}

119
charts/k10/k10/5.0.400/charts/prometheus/templates/pushgateway/deploy.yaml Normal file
View File

@ -0,0 +1,119 @@
{{- if .Values.pushgateway.enabled -}}
apiVersion: {{ template "prometheus.deployment.apiVersion" . }}
kind: Deployment
metadata:
{{- if .Values.pushgateway.deploymentAnnotations }}
annotations:
{{ toYaml .Values.pushgateway.deploymentAnnotations | nindent 4 }}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
selector:
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
matchLabels:
{{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }}
replicas: {{ .Values.pushgateway.replicaCount }}
{{- if .Values.pushgateway.strategy }}
strategy:
{{ toYaml .Values.pushgateway.strategy | trim | indent 4 }}
{{ if eq .Values.pushgateway.strategy.type "Recreate" }}rollingUpdate: null{{ end }}
{{- end }}
template:
metadata:
{{- if .Values.pushgateway.podAnnotations }}
annotations:
{{ toYaml .Values.pushgateway.podAnnotations | nindent 8 }}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 8 }}
{{- if .Values.pushgateway.podLabels }}
{{ toYaml .Values.pushgateway.podLabels | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "prometheus.serviceAccountName.pushgateway" . }}
{{- if .Values.pushgateway.extraInitContainers }}
initContainers:
{{ toYaml .Values.pushgateway.extraInitContainers | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.priorityClassName }}
priorityClassName: "{{ .Values.pushgateway.priorityClassName }}"
{{- end }}
containers:
- name: {{ template "prometheus.name" . }}-{{ .Values.pushgateway.name }}
image: "{{ .Values.pushgateway.image.repository }}:{{ .Values.pushgateway.image.tag }}"
imagePullPolicy: "{{ .Values.pushgateway.image.pullPolicy }}"
args:
{{- range $key, $value := .Values.pushgateway.extraArgs }}
{{- $stringvalue := toString $value }}
{{- if eq $stringvalue "true" }}
- --{{ $key }}
{{- else }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- end }}
ports:
- containerPort: 9091
livenessProbe:
httpGet:
{{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }}
path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/healthy
{{- else }}
path: /-/healthy
{{- end }}
port: 9091
initialDelaySeconds: 10
timeoutSeconds: 10
readinessProbe:
httpGet:
{{- if (index .Values "pushgateway" "extraArgs" "web.route-prefix") }}
path: /{{ index .Values "pushgateway" "extraArgs" "web.route-prefix" }}/-/ready
{{- else }}
path: /-/ready
{{- end }}
port: 9091
initialDelaySeconds: 10
timeoutSeconds: 10
resources:
{{ toYaml .Values.pushgateway.resources | indent 12 }}
{{- if .Values.pushgateway.persistentVolume.enabled }}
volumeMounts:
- name: storage-volume
mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}"
subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}"
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.nodeSelector }}
nodeSelector:
{{ toYaml .Values.pushgateway.nodeSelector | indent 8 }}
{{- end }}
{{- with .Values.pushgateway.dnsConfig }}
dnsConfig:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.securityContext }}
securityContext:
{{ toYaml .Values.pushgateway.securityContext | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.tolerations }}
tolerations:
{{ toYaml .Values.pushgateway.tolerations | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.affinity }}
affinity:
{{ toYaml .Values.pushgateway.affinity | indent 8 }}
{{- end }}
{{- if .Values.pushgateway.persistentVolume.enabled }}
volumes:
- name: storage-volume
persistentVolumeClaim:
claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }}
{{- end -}}
{{- end }}

54
charts/k10/k10/5.0.400/charts/prometheus/templates/pushgateway/ingress.yaml Normal file
View File

@ -0,0 +1,54 @@
{{- if and .Values.pushgateway.enabled .Values.pushgateway.ingress.enabled -}}
{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}}
{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
{{- $releaseName := .Release.Name -}}
{{- $serviceName := include "prometheus.pushgateway.fullname" . }}
{{- $servicePort := .Values.pushgateway.service.servicePort -}}
{{- $ingressPath := .Values.pushgateway.ingress.path -}}
{{- $ingressPathType := .Values.pushgateway.ingress.pathType -}}
{{- $extraPaths := .Values.pushgateway.ingress.extraPaths -}}
apiVersion: {{ template "ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.pushgateway.ingress.annotations }}
annotations:
{{ toYaml .Values.pushgateway.ingress.annotations | indent 4}}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
{{- if and $ingressSupportsIngressClassName .Values.pushgateway.ingress.ingressClassName }}
ingressClassName: {{ .Values.pushgateway.ingress.ingressClassName }}
{{- end }}
rules:
{{- range .Values.pushgateway.ingress.hosts }}
{{- $url := splitList "/" . }}
- host: {{ first $url }}
http:
paths:
{{ if $extraPaths }}
{{ toYaml $extraPaths | indent 10 }}
{{- end }}
- path: {{ $ingressPath }}
{{- if $ingressSupportsPathType }}
pathType: {{ $ingressPathType }}
{{- end }}
backend:
{{- if $ingressApiIsStable }}
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- if .Values.pushgateway.ingress.tls }}
tls:
{{ toYaml .Values.pushgateway.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}

20
charts/k10/k10/5.0.400/charts/prometheus/templates/pushgateway/netpol.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if and .Values.pushgateway.enabled .Values.networkPolicy.enabled -}}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.pushgateway.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.pushgateway.matchLabels" . | nindent 6 }}
ingress:
- from:
- podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 12 }}
- ports:
- port: 9091
{{- end -}}

14
charts/k10/k10/5.0.400/charts/prometheus/templates/pushgateway/pdb.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if .Values.pushgateway.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "prometheus.pushgateway.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
spec:
maxUnavailable: {{ .Values.pushgateway.podDisruptionBudget.maxUnavailable }}
selector:
matchLabels:
{{- include "prometheus.pushgateway.labels" . | nindent 6 }}
{{- end }}

42
charts/k10/k10/5.0.400/charts/prometheus/templates/pushgateway/psp.yaml Normal file
View File

@ -0,0 +1,42 @@
{{- if and .Values.pushgateway.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.pushgateway.fullname" . }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
annotations:
{{- if .Values.pushgateway.podSecurityPolicy.annotations }}
{{ toYaml .Values.pushgateway.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'persistentVolumeClaim'
- 'secret'
allowedHostPaths:
- pathPrefix: {{ .Values.pushgateway.persistentVolume.mountPath }}
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: true
{{- end }}

37
charts/k10/k10/5.0.400/charts/prometheus/templates/pushgateway/pvc.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.pushgateway.persistentVolume.enabled -}}
{{- if not .Values.pushgateway.persistentVolume.existingClaim -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.pushgateway.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.pushgateway.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
accessModes:
{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }}
{{- if .Values.pushgateway.persistentVolume.storageClass }}
{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}"
{{- end }}
{{- else if .Values.global.persistence.storageClass }}
{{- if (eq "-" .Values.global.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.global.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- if .Values.pushgateway.persistentVolume.volumeBindingMode }}
volumeBindingMode: "{{ .Values.pushgateway.persistentVolume.volumeBindingMode }}"
{{- end }}
resources:
requests:
storage: "{{ .Values.pushgateway.persistentVolume.size }}"
{{- end -}}
{{- end -}}

41
charts/k10/k10/5.0.400/charts/prometheus/templates/pushgateway/service.yaml Normal file
View File

@ -0,0 +1,41 @@
{{- if .Values.pushgateway.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.pushgateway.service.annotations }}
annotations:
{{ toYaml .Values.pushgateway.service.annotations | indent 4}}
{{- end }}
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
{{- if .Values.pushgateway.service.labels }}
{{ toYaml .Values.pushgateway.service.labels | indent 4}}
{{- end }}
name: {{ template "prometheus.pushgateway.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
{{- if .Values.pushgateway.service.clusterIP }}
clusterIP: {{ .Values.pushgateway.service.clusterIP }}
{{- end }}
{{- if .Values.pushgateway.service.externalIPs }}
externalIPs:
{{ toYaml .Values.pushgateway.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.pushgateway.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.pushgateway.service.loadBalancerIP }}
{{- end }}
{{- if .Values.pushgateway.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.pushgateway.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.pushgateway.service.servicePort }}
protocol: TCP
targetPort: 9091
selector:
{{- include "prometheus.pushgateway.matchLabels" . | nindent 4 }}
type: "{{ .Values.pushgateway.service.type }}"
{{- end }}

11
charts/k10/k10/5.0.400/charts/prometheus/templates/pushgateway/serviceaccount.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.pushgateway.enabled .Values.serviceAccounts.pushgateway.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.pushgateway.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.pushgateway" . }}
{{ include "prometheus.namespace" . | indent 2 }}
annotations:
{{ toYaml .Values.serviceAccounts.pushgateway.annotations | indent 4 }}
{{- end -}}

48
charts/k10/k10/5.0.400/charts/prometheus/templates/server/clusterrole.yaml Normal file
View File

@ -0,0 +1,48 @@
{{- if and .Values.server.enabled .Values.rbac.create (empty .Values.server.useExistingClusterRoleName) -}}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: ClusterRole
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.clusterrolefullname" . }}
rules:
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "prometheus.server.fullname" . }}
{{- end }}
- apiGroups:
- ""
resources:
- nodes
- nodes/proxy
- nodes/metrics
- services
- endpoints
- pods
- ingresses
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
- ingresses
verbs:
- get
- list
- watch
- nonResourceURLs:
- "/metrics"
verbs:
- get
{{- end }}

16
charts/k10/k10/5.0.400/charts/prometheus/templates/server/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if and .Values.server.enabled .Values.rbac.create (empty .Values.server.namespaces) (empty .Values.server.useExistingClusterRoleName) -}}
apiVersion: {{ template "rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.clusterrolefullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.server" . }}
{{ include "prometheus.namespace" . | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "prometheus.server.clusterrolefullname" . }}
{{- end }}

85
charts/k10/k10/5.0.400/charts/prometheus/templates/server/cm.yaml Normal file
View File

@ -0,0 +1,85 @@
{{- if .Values.server.enabled -}}
{{- if (empty .Values.server.configMapOverrideName) -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
data:
{{- $root := . -}}
{{- range $key, $value := .Values.ruleFiles }}
{{ $key }}: {{- toYaml $value | indent 2 }}
{{- end }}
{{- range $key, $value := .Values.serverFiles }}
{{ $key }}: |
{{- if eq $key "prometheus.yml" }}
global:
{{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }}
{{- if $root.Values.server.remoteWrite }}
remote_write:
{{ $root.Values.server.remoteWrite | toYaml | indent 4 }}
{{- end }}
{{- if $root.Values.server.remoteRead }}
remote_read:
{{ $root.Values.server.remoteRead | toYaml | indent 4 }}
{{- end }}
{{- end }}
{{- if eq $key "alerts" }}
{{- if and (not (empty $value)) (empty $value.groups) }}
groups:
{{- range $ruleKey, $ruleValue := $value }}
- name: {{ $ruleKey -}}.rules
rules:
{{ $ruleValue | toYaml | trimSuffix "\n" | indent 6 }}
{{- end }}
{{- else }}
{{ toYaml $value | indent 4 }}
{{- end }}
{{- else }}
{{ toYaml $value | default "{}" | indent 4 }}
{{- end }}
{{- if eq $key "prometheus.yml" -}}
{{- if $root.Values.extraScrapeConfigs }}
{{ tpl $root.Values.extraScrapeConfigs $root | indent 4 }}
{{- end -}}
{{- if or ($root.Values.alertmanager.enabled) ($root.Values.server.alertmanagers) }}
alerting:
{{- if $root.Values.alertRelabelConfigs }}
{{ $root.Values.alertRelabelConfigs | toYaml | trimSuffix "\n" | indent 6 }}
{{- end }}
alertmanagers:
{{- if $root.Values.server.alertmanagers }}
{{ toYaml $root.Values.server.alertmanagers | indent 8 }}
{{- else }}
- kubernetes_sd_configs:
- role: pod
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- if $root.Values.alertmanager.prefixURL }}
path_prefix: {{ $root.Values.alertmanager.prefixURL }}
{{- end }}
relabel_configs:
- source_labels: [__meta_kubernetes_namespace]
regex: {{ $root.Release.Namespace }}
action: keep
- source_labels: [__meta_kubernetes_pod_label_app]
regex: {{ template "prometheus.name" $root }}
action: keep
- source_labels: [__meta_kubernetes_pod_label_component]
regex: alertmanager
action: keep
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_probe]
regex: {{ index $root.Values.alertmanager.podAnnotations "prometheus.io/probe" | default ".*" }}
action: keep
- source_labels: [__meta_kubernetes_pod_container_port_number]
regex: "9093"
action: keep
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

329
charts/k10/k10/5.0.400/charts/prometheus/templates/server/deploy.yaml Normal file
View File

@ -0,0 +1,329 @@
{{- if .Values.server.enabled -}}
{{- if not .Values.server.statefulSet.enabled -}}
apiVersion: {{ template "prometheus.deployment.apiVersion" . }}
kind: Deployment
metadata:
{{- if .Values.server.deploymentAnnotations }}
annotations:
{{ toYaml .Values.server.deploymentAnnotations | nindent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
selector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
replicas: {{ .Values.server.replicaCount }}
{{- if .Values.server.strategy }}
strategy:
{{ toYaml .Values.server.strategy | trim | indent 4 }}
{{ if eq .Values.server.strategy.type "Recreate" }}rollingUpdate: null{{ end }}
{{- end }}
template:
metadata:
{{- if .Values.server.podAnnotations }}
annotations:
{{ toYaml .Values.server.podAnnotations | nindent 8 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 8 }}
{{- if .Values.server.podLabels}}
{{ toYaml .Values.server.podLabels | nindent 8 }}
{{- end}}
spec:
{{- if .Values.server.priorityClassName }}
priorityClassName: "{{ .Values.server.priorityClassName }}"
{{- end }}
{{- if .Values.server.schedulerName }}
schedulerName: "{{ .Values.server.schedulerName }}"
{{- end }}
{{- if semverCompare ">=1.13-0" .Capabilities.KubeVersion.GitVersion }}
{{- if or (.Values.server.enableServiceLinks) (eq (.Values.server.enableServiceLinks | toString) "<nil>") }}
enableServiceLinks: true
{{- else }}
enableServiceLinks: false
{{- end }}
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }}
{{- if .Values.server.extraInitContainers }}
initContainers:
{{ toYaml .Values.server.extraInitContainers | indent 8 }}
{{- end }}
containers:
{{- if .Values.configmapReload.prometheus.enabled }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }}
image: "{{ include "get.cmreloadimage" .}}"
imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload
{{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- range .Values.configmapReload.prometheus.extraVolumeDirs }}
- --volume-dir={{ . }}
{{- end }}
{{- if .Values.configmapReload.prometheus.containerPort }}
ports:
- containerPort: {{ .Values.configmapReload.prometheus.containerPort }}
{{- end }}
resources:
{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}
image: "{{ include "get.serverimage" .}}"
imagePullPolicy: "{{ .Values.server.image.pullPolicy }}"
{{- if .Values.server.env }}
env:
{{ toYaml .Values.server.env | indent 12}}
{{- end }}
args:
{{- if .Values.server.defaultFlagsOverride }}
{{ toYaml .Values.server.defaultFlagsOverride | nindent 12}}
{{- else }}
{{- if .Values.server.retention }}
- --storage.tsdb.retention.time={{ .Values.server.retention }}
{{- end }}
- --config.file={{ .Values.server.configPath }}
{{- if .Values.server.storagePath }}
- --storage.tsdb.path={{ .Values.server.storagePath }}
{{- else }}
- --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }}
{{- end }}
- --web.console.libraries=/etc/prometheus/console_libraries
- --web.console.templates=/etc/prometheus/consoles
{{- range .Values.server.extraFlags }}
- --{{ . }}
{{- end }}
{{- range $key, $value := .Values.server.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.server.prefixURL }}
- --web.route-prefix={{ .Values.server.prefixURL }}
{{- end }}
{{- if .Values.server.baseURL }}
- --web.external-url={{ .Values.server.baseURL }}
{{- end }}
{{- end }}
ports:
- containerPort: 9090
{{- if .Values.server.hostPort }}
hostPort: {{ .Values.server.hostPort }}
{{- end }}
readinessProbe:
{{- if not .Values.server.tcpSocketProbeEnabled }}
httpGet:
path: {{ .Values.server.prefixURL }}/-/ready
port: 9090
scheme: {{ .Values.server.probeScheme }}
{{- if .Values.server.probeHeaders }}
httpHeaders:
{{- range .Values.server.probeHeaders}}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
{{- end }}
{{- else }}
tcpSocket:
port: 9090
{{- end }}
initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }}
periodSeconds: {{ .Values.server.readinessProbePeriodSeconds }}
timeoutSeconds: {{ .Values.server.readinessProbeTimeout }}
failureThreshold: {{ .Values.server.readinessProbeFailureThreshold }}
successThreshold: {{ .Values.server.readinessProbeSuccessThreshold }}
livenessProbe:
{{- if not .Values.server.tcpSocketProbeEnabled }}
httpGet:
path: {{ .Values.server.prefixURL }}/-/healthy
port: 9090
scheme: {{ .Values.server.probeScheme }}
{{- if .Values.server.probeHeaders }}
httpHeaders:
{{- range .Values.server.probeHeaders}}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
{{- end }}
{{- else }}
tcpSocket:
port: 9090
{{- end }}
initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }}
periodSeconds: {{ .Values.server.livenessProbePeriodSeconds }}
timeoutSeconds: {{ .Values.server.livenessProbeTimeout }}
failureThreshold: {{ .Values.server.livenessProbeFailureThreshold }}
successThreshold: {{ .Values.server.livenessProbeSuccessThreshold }}
{{- if .Values.server.startupProbe.enabled }}
startupProbe:
{{- if not .Values.server.tcpSocketProbeEnabled }}
httpGet:
path: {{ .Values.server.prefixURL }}/-/healthy
port: 9090
scheme: {{ .Values.server.probeScheme }}
{{- if .Values.server.probeHeaders }}
httpHeaders:
{{- range .Values.server.probeHeaders}}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
{{- end }}
{{- else }}
tcpSocket:
port: 9090
{{- end }}
failureThreshold: {{ .Values.server.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.server.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.server.startupProbe.timeoutSeconds }}
{{- end }}
resources:
{{ toYaml .Values.server.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: {{ .Values.server.persistentVolume.mountPath }}
subPath: "{{ .Values.server.persistentVolume.subPath }}"
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.server.extraVolumeMounts }}
{{ toYaml .Values.server.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.server.containerSecurityContext }}
securityContext:
{{- toYaml .Values.server.containerSecurityContext | nindent 12 }}
{{- end }}
{{- if .Values.server.sidecarContainers }}
{{- range $name, $spec := .Values.server.sidecarContainers }}
- name: {{ $name }}
{{- if kindIs "string" $spec }}
{{- tpl $spec $ | nindent 10 }}
{{- else }}
{{- toYaml $spec | nindent 10 }}
{{- end }}
{{- end }}
{{- end }}
hostNetwork: {{ .Values.server.hostNetwork }}
{{- if .Values.server.dnsPolicy }}
dnsPolicy: {{ .Values.server.dnsPolicy }}
{{- end }}
{{- if (or .Values.global.imagePullSecret .Values.imagePullSecrets) }}
imagePullSecrets:
{{- if .Values.global.imagePullSecret }}
- name: {{ .Values.global.imagePullSecret }}
{{- end }}
{{- if .Values.imagePullSecrets }}
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.server.nodeSelector }}
nodeSelector:
{{ toYaml .Values.server.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.server.hostAliases }}
hostAliases:
{{ toYaml .Values.server.hostAliases | indent 8 }}
{{- end }}
{{- if .Values.server.dnsConfig }}
dnsConfig:
{{ toYaml .Values.server.dnsConfig | indent 8 }}
{{- end }}
{{- if .Values.server.securityContext }}
securityContext:
{{ toYaml .Values.server.securityContext | indent 8 }}
{{- end }}
{{- if .Values.server.tolerations }}
tolerations:
{{ toYaml .Values.server.tolerations | indent 8 }}
{{- end }}
{{- if .Values.server.affinity }}
affinity:
{{ toYaml .Values.server.affinity | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
volumes:
- name: config-volume
{{- if empty .Values.server.configFromSecret }}
configMap:
name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
{{- else }}
secret:
secretName: {{ .Values.server.configFromSecret }}
{{- end }}
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
hostPath:
path: {{ .hostPath }}
{{- end }}
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- with .optional }}
optional: {{ . }}
{{- end }}
{{- end }}
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- with .optional }}
optional: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.server.extraVolumes }}
{{ toYaml .Values.server.extraVolumes | indent 8}}
{{- end }}
- name: storage-volume
{{- if .Values.server.persistentVolume.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.server.persistentVolume.existingClaim }}{{ .Values.server.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
{{- else }}
emptyDir:
{{- if .Values.server.emptyDir.sizeLimit }}
sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
{{- else }}
{}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

37
charts/k10/k10/5.0.400/charts/prometheus/templates/server/headless-svc.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.server.enabled -}}
{{- if .Values.server.statefulSet.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.statefulSet.headless.annotations }}
annotations:
{{ toYaml .Values.server.statefulSet.headless.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- if .Values.server.statefulSet.headless.labels }}
{{ toYaml .Values.server.statefulSet.headless.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.server.fullname" . }}-headless
{{ include "prometheus.namespace" . | indent 2 }}
spec:
clusterIP: None
ports:
- name: http
port: {{ .Values.server.statefulSet.headless.servicePort }}
protocol: TCP
targetPort: 9090
{{- if .Values.server.statefulSet.headless.gRPC.enabled }}
- name: grpc
port: {{ .Values.server.statefulSet.headless.gRPC.servicePort }}
protocol: TCP
targetPort: 10901
{{- if .Values.server.statefulSet.headless.gRPC.nodePort }}
nodePort: {{ .Values.server.statefulSet.headless.gRPC.nodePort }}
{{- end }}
{{- end }}
selector:
{{- include "prometheus.server.matchLabels" . | nindent 4 }}
{{- end -}}
{{- end -}}

59
charts/k10/k10/5.0.400/charts/prometheus/templates/server/ingress.yaml Normal file
View File

@ -0,0 +1,59 @@
{{- if .Values.server.enabled -}}
{{- if .Values.server.ingress.enabled -}}
{{- $ingressApiIsStable := eq (include "ingress.isStable" .) "true" -}}
{{- $ingressSupportsIngressClassName := eq (include "ingress.supportsIngressClassName" .) "true" -}}
{{- $ingressSupportsPathType := eq (include "ingress.supportsPathType" .) "true" -}}
{{- $releaseName := .Release.Name -}}
{{- $serviceName := include "prometheus.server.fullname" . }}
{{- $servicePort := .Values.server.service.servicePort -}}
{{- $ingressPath := .Values.server.ingress.path -}}
{{- $ingressPathType := .Values.server.ingress.pathType -}}
{{- $extraPaths := .Values.server.ingress.extraPaths -}}
apiVersion: {{ template "ingress.apiVersion" . }}
kind: Ingress
metadata:
{{- if .Values.server.ingress.annotations }}
annotations:
{{ toYaml .Values.server.ingress.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- range $key, $value := .Values.server.ingress.extraLabels }}
{{ $key }}: {{ $value }}
{{- end }}
name: {{ template "prometheus.server.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
{{- if and $ingressSupportsIngressClassName .Values.server.ingress.ingressClassName }}
ingressClassName: {{ .Values.server.ingress.ingressClassName }}
{{- end }}
rules:
{{- range .Values.server.ingress.hosts }}
{{- $url := splitList "/" . }}
- host: {{ first $url }}
http:
paths:
{{ if $extraPaths }}
{{ toYaml $extraPaths | indent 10 }}
{{- end }}
- path: {{ $ingressPath }}
{{- if $ingressSupportsPathType }}
pathType: {{ $ingressPathType }}
{{- end }}
backend:
{{- if $ingressApiIsStable }}
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
{{- else }}
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- if .Values.server.ingress.tls }}
tls:
{{ toYaml .Values.server.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}
{{- end -}}

18
charts/k10/k10/5.0.400/charts/prometheus/templates/server/netpol.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.server.enabled -}}
{{- if .Values.networkPolicy.enabled }}
apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }}
kind: NetworkPolicy
metadata:
name: {{ template "prometheus.server.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
ingress:
- ports:
- port: 9090
{{- end }}
{{- end }}

14
charts/k10/k10/5.0.400/charts/prometheus/templates/server/pdb.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if .Values.server.podDisruptionBudget.enabled }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "prometheus.server.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
spec:
maxUnavailable: {{ .Values.server.podDisruptionBudget.maxUnavailable }}
selector:
matchLabels:
{{- include "prometheus.server.labels" . | nindent 6 }}
{{- end }}

51
charts/k10/k10/5.0.400/charts/prometheus/templates/server/psp.yaml Normal file
View File

@ -0,0 +1,51 @@
{{- if and .Values.server.enabled .Values.rbac.create .Values.podSecurityPolicy.enabled }}
apiVersion: {{ template "prometheus.podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
name: {{ template "prometheus.server.fullname" . }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
annotations:
{{- if .Values.server.podSecurityPolicy.annotations }}
{{ toYaml .Values.server.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
privileged: false
allowPrivilegeEscalation: false
allowedCapabilities:
- 'CHOWN'
volumes:
- 'configMap'
- 'persistentVolumeClaim'
- 'emptyDir'
- 'secret'
- 'hostPath'
allowedHostPaths:
- pathPrefix: /etc
readOnly: true
- pathPrefix: {{ .Values.server.persistentVolume.mountPath }}
{{- range .Values.server.extraHostPathMounts }}
- pathPrefix: {{ .hostPath }}
readOnly: {{ .readOnly }}
{{- end }}
hostNetwork: false
hostPID: false
hostIPC: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
# Forbid adding the root group.
- min: 1
max: 65535
readOnlyRootFilesystem: false
{{- end }}

45
charts/k10/k10/5.0.400/charts/prometheus/templates/server/pvc.yaml Normal file
View File

@ -0,0 +1,45 @@
{{- if .Values.server.enabled -}}
{{- if not .Values.server.statefulSet.enabled -}}
{{- if .Values.server.persistentVolume.enabled -}}
{{- if not .Values.server.persistentVolume.existingClaim -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
{{- if .Values.server.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.server.persistentVolume.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
accessModes:
{{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }}
{{- if .Values.server.persistentVolume.storageClass }}
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.server.persistentVolume.storageClass }}"
{{- end }}
{{- else if .Values.global.persistence.storageClass }}
{{- if (eq "-" .Values.global.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.global.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- if .Values.server.persistentVolume.volumeBindingMode }}
volumeBindingMode: "{{ .Values.server.persistentVolume.volumeBindingMode }}"
{{- end }}
resources:
requests:
storage: "{{ .Values.server.persistentVolume.size }}"
{{- if .Values.server.persistentVolume.selector }}
selector:
{{- toYaml .Values.server.persistentVolume.selector | nindent 4 }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}

20
charts/k10/k10/5.0.400/charts/prometheus/templates/server/rolebinding.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- if and .Values.server.enabled .Values.rbac.create .Values.server.useExistingClusterRoleName .Values.server.namespaces -}}
{{ range $.Values.server.namespaces -}}
---
apiVersion: {{ template "rbac.apiVersion" $ }}
kind: RoleBinding
metadata:
labels:
{{- include "prometheus.server.labels" $ | nindent 4 }}
name: {{ template "prometheus.server.fullname" $ }}
namespace: {{ . }}
subjects:
- kind: ServiceAccount
name: {{ template "prometheus.serviceAccountName.server" $ }}
{{ include "prometheus.namespace" $ | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $.Values.server.useExistingClusterRoleName }}
{{ end -}}
{{ end -}}

60
charts/k10/k10/5.0.400/charts/prometheus/templates/server/service.yaml Normal file
View File

@ -0,0 +1,60 @@
{{- if .Values.server.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.server.service.annotations }}
annotations:
{{ toYaml .Values.server.service.annotations | indent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- if .Values.server.service.labels }}
{{ toYaml .Values.server.service.labels | indent 4 }}
{{- end }}
name: {{ template "prometheus.server.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
{{- if .Values.server.service.clusterIP }}
clusterIP: {{ .Values.server.service.clusterIP }}
{{- end }}
{{- if .Values.server.service.externalIPs }}
externalIPs:
{{ toYaml .Values.server.service.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.server.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.server.service.loadBalancerIP }}
{{- end }}
{{- if .Values.server.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range $cidr := .Values.server.service.loadBalancerSourceRanges }}
- {{ $cidr }}
{{- end }}
{{- end }}
ports:
- name: http
port: {{ .Values.server.service.servicePort }}
protocol: TCP
targetPort: 9090
{{- if .Values.server.service.nodePort }}
nodePort: {{ .Values.server.service.nodePort }}
{{- end }}
{{- if .Values.server.service.gRPC.enabled }}
- name: grpc
port: {{ .Values.server.service.gRPC.servicePort }}
protocol: TCP
targetPort: 10901
{{- if .Values.server.service.gRPC.nodePort }}
nodePort: {{ .Values.server.service.gRPC.nodePort }}
{{- end }}
{{- end }}
selector:
{{- if and .Values.server.statefulSet.enabled .Values.server.service.statefulsetReplica.enabled }}
statefulset.kubernetes.io/pod-name: {{ template "prometheus.server.fullname" . }}-{{ .Values.server.service.statefulsetReplica.replica }}
{{- else -}}
{{- include "prometheus.server.matchLabels" . | nindent 4 }}
{{- if .Values.server.service.sessionAffinity }}
sessionAffinity: {{ .Values.server.service.sessionAffinity }}
{{- end }}
{{- end }}
type: "{{ .Values.server.service.type }}"
{{- end -}}

13
charts/k10/k10/5.0.400/charts/prometheus/templates/server/serviceaccount.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if .Values.server.enabled -}}
{{- if .Values.serviceAccounts.server.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.serviceAccountName.server" . }}
{{ include "prometheus.namespace" . | indent 2 }}
annotations:
{{ toYaml .Values.serviceAccounts.server.annotations | indent 4 }}
{{- end }}
{{- end }}

313
charts/k10/k10/5.0.400/charts/prometheus/templates/server/sts.yaml Normal file
View File

@ -0,0 +1,313 @@
{{- if .Values.server.enabled -}}
{{- if .Values.server.statefulSet.enabled -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
{{- if .Values.server.statefulSet.annotations }}
annotations:
{{ toYaml .Values.server.statefulSet.annotations | nindent 4 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
{{- if .Values.server.statefulSet.labels}}
{{ toYaml .Values.server.statefulSet.labels | nindent 4 }}
{{- end}}
name: {{ template "prometheus.server.fullname" . }}
{{ include "prometheus.namespace" . | indent 2 }}
spec:
serviceName: {{ template "prometheus.server.fullname" . }}-headless
selector:
matchLabels:
{{- include "prometheus.server.matchLabels" . | nindent 6 }}
replicas: {{ .Values.server.replicaCount }}
podManagementPolicy: {{ .Values.server.statefulSet.podManagementPolicy }}
template:
metadata:
{{- if .Values.server.podAnnotations }}
annotations:
{{ toYaml .Values.server.podAnnotations | nindent 8 }}
{{- end }}
labels:
{{- include "prometheus.server.labels" . | nindent 8 }}
{{- if .Values.server.podLabels}}
{{ toYaml .Values.server.podLabels | nindent 8 }}
{{- end}}
spec:
{{- if .Values.server.priorityClassName }}
priorityClassName: "{{ .Values.server.priorityClassName }}"
{{- end }}
{{- if .Values.server.schedulerName }}
schedulerName: "{{ .Values.server.schedulerName }}"
{{- end }}
{{- if semverCompare ">=1.13-0" .Capabilities.KubeVersion.GitVersion }}
{{- if or (.Values.server.enableServiceLinks) (eq (.Values.server.enableServiceLinks | toString) "<nil>") }}
enableServiceLinks: true
{{- else }}
enableServiceLinks: false
{{- end }}
{{- end }}
serviceAccountName: {{ template "prometheus.serviceAccountName.server" . }}
{{- if .Values.server.extraInitContainers }}
initContainers:
{{ toYaml .Values.server.extraInitContainers | indent 8 }}
{{- end }}
containers:
{{- if .Values.configmapReload.prometheus.enabled }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}-{{ .Values.configmapReload.prometheus.name }}
image: "{{ include "get.cmreloadimage" .}}"
imagePullPolicy: "{{ .Values.configmapReload.prometheus.image.pullPolicy }}"
args:
- --volume-dir=/etc/config
- --webhook-url=http://127.0.0.1:9090{{ .Values.server.prefixURL }}/-/reload
{{- range $key, $value := .Values.configmapReload.prometheus.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- range .Values.configmapReload.prometheus.extraVolumeDirs }}
- --volume-dir={{ . }}
{{- end }}
{{- if .Values.configmapReload.prometheus.containerPort }}
ports:
- containerPort: {{ .Values.configmapReload.prometheus.containerPort }}
{{- end }}
resources:
{{ toYaml .Values.configmapReload.prometheus.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
readOnly: true
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- end }}
- name: {{ template "prometheus.name" . }}-{{ .Values.server.name }}
image: "{{ include "get.serverimage" .}}"
imagePullPolicy: "{{ .Values.server.image.pullPolicy }}"
{{- if .Values.server.env }}
env:
{{ toYaml .Values.server.env | indent 12}}
{{- end }}
args:
{{- if .Values.server.defaultFlagsOverride }}
{{ toYaml .Values.server.defaultFlagsOverride | nindent 12}}
{{- else }}
{{- if .Values.server.prefixURL }}
- --web.route-prefix={{ .Values.server.prefixURL }}
{{- end }}
{{- if .Values.server.retention }}
- --storage.tsdb.retention.time={{ .Values.server.retention }}
{{- end }}
- --config.file={{ .Values.server.configPath }}
{{- if .Values.server.storagePath }}
- --storage.tsdb.path={{ .Values.server.storagePath }}
{{- else }}
- --storage.tsdb.path={{ .Values.server.persistentVolume.mountPath }}
{{- end }}
- --web.console.libraries=/etc/prometheus/console_libraries
- --web.console.templates=/etc/prometheus/consoles
{{- range .Values.server.extraFlags }}
- --{{ . }}
{{- end }}
{{- range $key, $value := .Values.server.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- if .Values.server.baseURL }}
- --web.external-url={{ .Values.server.baseURL }}
{{- end }}
{{- end }}
ports:
- containerPort: 9090
{{- if .Values.server.hostPort }}
hostPort: {{ .Values.server.hostPort }}
{{- end }}
readinessProbe:
{{- if not .Values.server.tcpSocketProbeEnabled }}
httpGet:
path: {{ .Values.server.prefixURL }}/-/ready
port: 9090
scheme: {{ .Values.server.probeScheme }}
{{- else }}
tcpSocket:
port: 9090
{{- end }}
initialDelaySeconds: {{ .Values.server.readinessProbeInitialDelay }}
periodSeconds: {{ .Values.server.readinessProbePeriodSeconds }}
timeoutSeconds: {{ .Values.server.readinessProbeTimeout }}
failureThreshold: {{ .Values.server.readinessProbeFailureThreshold }}
successThreshold: {{ .Values.server.readinessProbeSuccessThreshold }}
livenessProbe:
{{- if not .Values.server.tcpSocketProbeEnabled }}
httpGet:
path: {{ .Values.server.prefixURL }}/-/healthy
port: 9090
scheme: {{ .Values.server.probeScheme }}
{{- else }}
tcpSocket:
port: 9090
{{- end }}
initialDelaySeconds: {{ .Values.server.livenessProbeInitialDelay }}
periodSeconds: {{ .Values.server.livenessProbePeriodSeconds }}
timeoutSeconds: {{ .Values.server.livenessProbeTimeout }}
failureThreshold: {{ .Values.server.livenessProbeFailureThreshold }}
successThreshold: {{ .Values.server.livenessProbeSuccessThreshold }}
resources:
{{ toYaml .Values.server.resources | indent 12 }}
volumeMounts:
- name: config-volume
mountPath: /etc/config
- name: storage-volume
mountPath: {{ .Values.server.persistentVolume.mountPath }}
subPath: "{{ .Values.server.persistentVolume.subPath }}"
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- if .Values.server.extraVolumeMounts }}
{{ toYaml .Values.server.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- if .Values.server.sidecarContainers }}
{{- range $name, $spec := .Values.server.sidecarContainers }}
- name: {{ $name }}
{{- if kindIs "string" $spec }}
{{- tpl $spec $ | nindent 10 }}
{{- else }}
{{- toYaml $spec | nindent 10 }}
{{- end }}
{{- end }}
{{- end }}
hostNetwork: {{ .Values.server.hostNetwork }}
{{- if .Values.server.dnsPolicy }}
dnsPolicy: {{ .Values.server.dnsPolicy }}
{{- end }}
{{- if (or .Values.global.imagePullSecret .Values.imagePullSecrets) }}
imagePullSecrets:
{{- if .Values.global.imagePullSecrets }}
- name: {{ .Values.global.imagePullSecret }}
{{- end }}
{{- if .Values.imagePullSecrets }}
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.server.nodeSelector }}
nodeSelector:
{{ toYaml .Values.server.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.server.hostAliases }}
hostAliases:
{{ toYaml .Values.server.hostAliases | indent 8 }}
{{- end }}
{{- if .Values.server.dnsConfig }}
dnsConfig:
{{ toYaml .Values.server.dnsConfig | indent 8 }}
{{- end }}
{{- if .Values.server.securityContext }}
securityContext:
{{ toYaml .Values.server.securityContext | indent 8 }}
{{- end }}
{{- if .Values.server.tolerations }}
tolerations:
{{ toYaml .Values.server.tolerations | indent 8 }}
{{- end }}
{{- if .Values.server.affinity }}
affinity:
{{ toYaml .Values.server.affinity | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
volumes:
- name: config-volume
{{- if empty .Values.server.configFromSecret }}
configMap:
name: {{ if .Values.server.configMapOverrideName }}{{ .Release.Name }}-{{ .Values.server.configMapOverrideName }}{{- else }}{{ template "prometheus.server.fullname" . }}{{- end }}
{{- else }}
secret:
secretName: {{ .Values.server.configFromSecret }}
{{- end }}
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
hostPath:
path: {{ .hostPath }}
{{- end }}
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
- name: {{ $.Values.configmapReload.prometheus.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraConfigmapMounts }}
- name: {{ $.Values.server.name }}-{{ .name }}
configMap:
name: {{ .configMap }}
{{- end }}
{{- range .Values.server.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- with .optional }}
optional: {{ . }}
{{- end }}
{{- end }}
{{- range .Values.configmapReload.prometheus.extraConfigmapMounts }}
- name: {{ .name }}
configMap:
name: {{ .configMap }}
{{- with .optional }}
optional: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.server.extraVolumes }}
{{ toYaml .Values.server.extraVolumes | indent 8}}
{{- end }}
{{- if .Values.server.persistentVolume.enabled }}
volumeClaimTemplates:
- metadata:
name: storage-volume
{{- if .Values.server.persistentVolume.annotations }}
annotations:
{{ toYaml .Values.server.persistentVolume.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
{{ toYaml .Values.server.persistentVolume.accessModes | indent 10 }}
resources:
requests:
storage: "{{ .Values.server.persistentVolume.size }}"
{{- if .Values.server.persistentVolume.storageClass }}
{{- if (eq "-" .Values.server.persistentVolume.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.server.persistentVolume.storageClass }}"
{{- end }}
{{- else if .Values.global.persistence.storageClass }}
{{- if (eq "-" .Values.global.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.global.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- else }}
- name: storage-volume
emptyDir:
{{- if .Values.server.emptyDir.sizeLimit }}
sizeLimit: {{ .Values.server.emptyDir.sizeLimit }}
{{- else }}
{}
{{- end -}}
{{- end }}
{{- end }}
{{- end }}

24
charts/k10/k10/5.0.400/charts/prometheus/templates/server/vpa.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- if .Values.server.enabled -}}
{{- if .Values.server.verticalAutoscaler.enabled -}}
apiVersion: autoscaling.k8s.io/v1beta2
kind: VerticalPodAutoscaler
metadata:
labels:
{{- include "prometheus.server.labels" . | nindent 4 }}
name: {{ template "prometheus.server.fullname" . }}-vpa
{{ include "prometheus.namespace" . | indent 2 }}
spec:
targetRef:
apiVersion: "apps/v1"
{{- if .Values.server.statefulSet.enabled }}
kind: StatefulSet
{{- else }}
kind: Deployment
{{- end }}
name: {{ template "prometheus.server.fullname" . }}
updatePolicy:
updateMode: {{ .Values.server.verticalAutoscaler.updateMode | default "Off" | quote }}
resourcePolicy:
containerPolicies: {{ .Values.server.verticalAutoscaler.containerPolicies | default list | toYaml | trim | nindent 4 }}
{{- end -}} {{/* if .Values.server.verticalAutoscaler.enabled */}}
{{- end -}} {{/* .Values.server.enabled */}}

1844
charts/k10/k10/5.0.400/charts/prometheus/values.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

0
charts/k10/k10/5.0.400/config.json Normal file
View File

459
charts/k10/k10/5.0.400/eula.txt Normal file
View File

@ -0,0 +1,459 @@
KASTEN END USER LICENSE AGREEMENT
This End User License Agreement is a binding agreement between Kasten, Inc., a
Delaware Corporation ("Kasten"), and you ("Licensee"), and establishes the terms
under which Licensee may use the Software and Documentation (as defined below),
including without limitation terms and conditions relating to license grant,
intellectual property rights, disclaimers /exclusions / limitations of warranty,
indemnity and liability, governing law and limitation periods. All components
collectively are referred to herein as the "Agreement."
LICENSEE ACKNOWLEDGES IT HAS HAD THE OPPORTUNITY TO REVIEW THE AGREEMENT, PRIOR
TO ACCEPTANCE OF THIS AGREEMENT. LICENSEE'S ACCEPTANCE OF THIS AGREEMENT IS
EVIDENCED BY LICENSEE'S DOWNLOADING, COPYING, INSTALLING OR USING THE KASTEN
SOFTWARE. IF YOU ARE ACTING ON BEHALF OF A COMPANY, YOU REPRESENT THAT YOU ARE
AUTHORIZED TO BIND THE COMPANY. IF YOU DO NOT AGREE TO ALL TERMS OF THIS
AGREEMENT, DO NOT DOWNLOAD, COPY, INSTALL, OR USE THE SOFTWARE, AND PERMANENTLY
DELETE THE SOFTWARE.
1. DEFINITIONS
1.1 "Authorized Persons" means trained technical employees and contractors of
Licensee who are subject to a written agreement with Licensee that includes use
and confidentiality restrictions that are at least as protective as those set
forth in this Agreement.
1.2 "Authorized Reseller" means a distributor or reseller, including cloud
computing platform providers, authorized by Kasten to resell licenses to the
Software through the channel through or in the territory in which Licensee is
purchasing.
1.3 "Confidential Information" means all non-public information disclosed in
written, oral or visual form by either party to the other. Confidential
Information may include, but is not limited to, services, pricing information,
computer programs, source code, names and expertise of employees and
consultants, know-how, and other technical, business, financial and product
development information. "Confidential Information" does not include any
information that the receiving party can demonstrate by its written records (1)
was rightfully known to it without obligation of confidentiality prior to its
disclosure hereunder by the disclosing party; (2) is or becomes publicly known
through no wrongful act of the receiving party; (3) has been rightfully received
without obligation of confidentiality from a third party authorized to make such
a disclosure; or (4) is independently developed by the receiving party without
reference to confidential information disclosed hereunder.
1.4 "Documentation" means any administration guides, installation and user
guides, and release notes that are provided by Kasten to Licensee with the
Software.
1.5 "Intellectual Property Rights" means patents, design patents, copyrights,
trademarks, Confidential Information, know-how, trade secrets, moral rights, and
any other intellectual property rights recognized in any country or jurisdiction
in the world.
1.6 "Node" means a single physical or virtual computing machine recognizable by
the Software as a unique device. Nodes must be owned or leased by Licensee or an
entity controlled by, controlling or under common control with Licensee.
1.7 "Edition" means a unique identifier for each distinct product that is made
available by Kasten and that can be licensed, including summary information
regarding any associated functionality, features, or restrictions specific to
the Edition.
1.8 "Open Source Software" means software delivered to Licensee hereunder that
is subject to the provisions of any open source license agreement.
1.9 "Purchase Agreement" means a separate commercial agreement, if applicable,
between Kasten and the Licensee that contains the terms for the licensing of a
specific Edition of the Software.
1.10 "Software" means any and all software product Editions licensed to Licensee
under this Agreement, all as developed by Kasten and delivered to Licensee
hereunder. Software also includes any Updates provided by Kasten to Licensee.
For the avoidance of doubt, the definition of Software shall exclude any
Third-Party Software and Open Source Software.
1.11 "Third-Party Software" means certain software Kasten licenses from third
parties and provides to Licensee with the Software, which may include Open
Source Software.
1.12 "Update" means a revision of the Software that Kasten makes available to
customers at no additional cost. The Update includes, if and when applicable and
available, bug fix patches, maintenance release, minor release, or new major
releases. Updates are limited only to the Software licensed by Licensee, and
specifically exclude new product offerings, features, options or functionality
of the Software that Kasten may choose to license separately, or for an
additional fee.
1.13 "Use" means to install activate the processing capabilities of the
Software, load, execute, access, employ the Software, or display information
resulting from such capabilities.
2. LICENSE GRANT AND RESTRICTIONS
2.1 Enterprise License. Subject to Licensee"s compliance with the terms and
conditions of this Agreement (including any additional restrictions on
Licensee"s use of the Software set forth in the Purchase Agreement, if one
exists, between Licensee and Kasten), Kasten grants to Licensee a non-exclusive,
non-transferable (except in connection with a permitted assignment of this
Agreement under Section 14.10 (Assignment), non-sublicensable, limited term
license to install and use the Software, in object code form only, solely for
Licensee"s use, unless terminated in accordance with Section 4 (Term and
Termination).
2.2 Starter License. This section shall only apply when the Licensee licenses
Starter Edition of the Software. The license granted herein is for a maximum of
5 Nodes and for a period of 12 months from the date of the Software release that
embeds the specific license instance. Updating to a newer Software (minor or
major) release will always extend the validity of the license by 12 months. If
the Licensee wishes to upgrade to an Enterprise License instead, the Licensee
will have to enter into a Purchase Agreement with Kasten which will supersede
this Agreement. The Licensee is required to provide accurate email and company
information, if representing a company, when accepting this Agreement. Under no
circumstances will a Starter License be construed to mean that the Licensee is
authorized to distribute the Software to any third party for any reason
whatsoever.
2.3 Evaluation License. This section shall only apply when the Licensee has
licensed the Software for an initial evaluation period. The license granted
herein is valid only one time 30 days, starting from date of installation,
unless otherwise explicitly designated by Kasten ("Evaluation Period"). Under
this license the Software can only be used for evaluation purposes. Under no
circumstances will an Evaluation License be construed to mean that the Licensee
is authorized to distribute the Software to any third party for any reason
whatsoever. If the Licensee wishes to upgrade to an Enterprise License instead,
the Licensee will have to enter into a Purchase Agreement with Kasten which will
supersede this Agreement.. If the Licensee does not wish to upgrade to an
Enterprise License at the end of the Evaluation Period the Licensee"s rights
under the Agreement shall terminate, and the Licensee shall delete all Kasten
Software.
2.4 License Restrictions. Except to the extent permitted under this Agreement,
Licensee will not nor will Licensee allow any third party to: (i) copy, modify,
adapt, translate or otherwise create derivative works of the Software or the
Documentation; (ii) reverse engineer, decompile, disassemble or otherwise
attempt to discover the source code of the Software; (iii) rent, lease, sell,
assign or otherwise transfer rights in or to the Software or Documentation; (iv)
remove any proprietary notices or labels from the Software or Documentation; (v)
publicly disseminate performance information or analysis (including, without
limitation, benchmarks) relating to the Software. Licensee will comply with all
applicable laws and regulations in Licensee"s use of and access to the Software
and Documentation.
2.5 Responsibility for Use. The Software and Documentation may be used only by
Authorized Persons and in conformance with this Agreement. Licensee shall be
responsible for the proper use and protection of the Software and Documentation
and is responsible for: (i) installing, managing, operating, and physically
controlling the Software and the results obtained from using the Software; (ii)
using the Software within the operating environment specified in the
Documentation; and; (iii) establishing and maintaining such recovery and data
protection and security procedures as necessary for Licensee's service and
operation and/or as may be specified by Kasten from time to time.
2.6 United States Government Users. The Software licensed under this Agreement
is "commercial computer software" as that term is described in DFAR
252.227-7014(a)(1). If acquired by or on behalf of a civilian agency, the U.S.
Government acquires this commercial computer software and/or commercial computer
software documentation subject to the terms and this Agreement as specified in
48 C.F.R. 12.212 (Computer Software) and 12.211 (Technical Data) of the Federal
Acquisition Regulations ("FAR") and its successors. If acquired by or on behalf
of any agency within the Department of Defense ("DOD"), the U.S. Government
acquires this commercial computer software and/or commercial computer software
documentation subject to the terms of this Agreement as specified in 48 C.F.R.
227.7202 of the DOD FAR Supplement and its successors.
3. SUPPORT
3.1 During the Term (as defined below) and subject to Licensees compliance
with the terms and conditions of this Agreement, Licensee may submit queries and
requests for support for Enterprise Licenses by submitting Service Requests via Veeam
Support Portal (https://my.veeam.com). Support is not provided for Starter and Evaluation
Licenses. Licensee shall be entitled to the support service-level agreement specified
in the relevant order form or purchase order (“Order Form”) between Licensee and the
Reseller and as set forth in Kastens Support Policy, a copy of which can be found
at https://www.kasten.io/support-services-policy. Licensee shall also be permitted to
download and install all Updates released by Kasten during the Term and made generally
available to users of the Software. Software versions with all updates and upgrades
installed is supported for six months from the date of release of that version.
3.2 Starter Edition Support. If the Licensee has licensed Starter Edition of
the Software, you will have access to the Kasten K10 Support Community
(https://community.veeam.com/groups/kasten-k10-support-92), but Kasten cannot guarantee
a service level of any sort. Should a higher level of support be needed, Licensee has
the option to consider entering into a Purchase Agreement with Kasten for licensing a
different Edition of the Software.
4. TERM AND TERMINATION
4.1 Term. The term of this Agreement, except for Starter and Evaluation
Licenses, shall commence on the Effective Date and shall, unless terminated
earlier in accordance with the provisions of Section 4.2 below, remain in force
for the Subscription Period as set forth in the applicable Order Form(s) (the
"Term"). The parties may extend the Term of this Agreement beyond the
Subscription Period by executing additional Order Form(s) and Licensee"s payment
of additional licensing fees. The term of this Agreement for the Starter and
Evaluation Licenses will coincide with the term for Starter Edition (as stated
in section 2.2) and the term for Evaluation Period (as stated in section 2.3),
respectively
4.2 Termination. Either party may immediately terminate this
Agreement and the licenses granted hereunder if the other party (1) becomes
insolvent and"becomes unwilling or unable to meet its obligations under this
Agreement, (2) files a petition in bankruptcy, (3) is subject to the filing of
an involuntary petition for bankruptcy which is not rescinded within a period of
forty-five (45) days, (4) fails to cure a material breach of any material term
or condition of this Agreement within thirty (30) days of receipt of written
notice specifying such breach, or (5) materially breaches its obligations of
confidentiality hereunder.
4.3 Effects of Termination. Upon expiration or
termination of this Agreement for any reason, (i) any amounts owed to Kasten
under this Agreement will be immediately due and payable; (ii) all licensed
rights granted in this Agreement will immediately cease; and (iii) Licensee will
promptly discontinue all use of the Software and Documentation and return to
Kasten any Kasten Confidential Information in Licensee"s possession or control.
4.4 Survival. The following Sections of this Agreement will remain in effect
following the expiration or termination of these General Terms for any reason:
4.3 (Effects of Termination), 4.4 (Survival), 5 (Third Party Software) 5
(Confidentiality), 9 (Ownership), 10.2 (Third-Party Software), 10.3 (Warranty
Disclaimer), 11 (Limitations of Liability), 12.2 (Exceptions to Kasten
Obligation), 13 (Export) and 14 (General).
5. THIRD PARTY AND OPEN SOURCE SOFTWARE Certain Third-Party Software or Open
Source Software (Kasten can provide a list upon request) that may be provided
with the Software may be subject to various other terms and conditions imposed
by the licensors of such Third-Party Software or Open Source Software. The
terms of Licensee"s use of the Third-Party Software or Open Source Software is
subject to and governed by the respective Third-Party Software and Open Source
licenses, except that this Section 5 (Third-Party Software), Section 10.2 (Third
Party Software), 10.3 (Warranty Disclaimer), Section 11 (Limitations of
Liability), and Section 14 (General) of this Agreement also govern Licensee"s
use of the Third-Party Software. To the extent applicable to Licensee"s use of
such Third-Party Software and Open Source, Licensee agrees to comply with the
terms and conditions contained in all such Third-Party Software and Open Source
licenses.
6. CONFIDENTIALITY Neither party will use any Confidential Information of the
other party except as expressly permitted by this Agreement or as expressly
authorized in writing by the disclosing party. The receiving party shall use
the same degree of care to protect the disclosing party"s Confidential
Information as it uses to protect its own Confidential Information of like
nature, but in no circumstances less than a commercially reasonable standard of
care. The receiving party may not disclose the disclosing party"s Confidential
Information to any person or entity other than to (i) (a) Authorized Persons in
the case the receiving party is Licensee, and (b) Kasten"s employees and
contractors in the case the receiving party is Kasten, and (ii) who need access
to such Confidential Information solely for the purpose of fulfilling that
party"s obligations or exercising that party"s rights hereunder. The foregoing
obligations will not restrict the receiving party from disclosing Confidential
Information of the disclosing party: (1) pursuant to the order or requirement of
a court, administrative agency, or other governmental body, provided that the
receiving party required to make such a disclosure gives reasonable notice to
the disclosing party prior to such disclosure; and (2) on a confidential basis
to its legal and financial advisors. Kasten may identify Licensee in its
customer lists in online and print marketing materials.
7. FEES Fees for Enterprise License shall be set forth in separate Order Form(s)
attached to a Purchase Agreement, between the Licensee and Kasten.
If Licensee has obtained the Software through an Authorized Reseller, fees for
licensing shall be invoiced directly by the Authorized Reseller.
If no Purchase Agreement exists, during the term of this Agreement, Kasten
shall license the Starter Edition only and no other Edition of the Software
"at no charge" to Licensee.
8. USAGE DATA Kasten may collect, accumulate, and aggregate certain usage
statistics in order to analyze usage of the Software, make improvements, and
potentially develop new products. Kasten may use aggregated anonymized data for
any purpose that Kasten, at its own discretion, may consider appropriate.
9. OWNERSHIP As between Kasten and Licensee, all right, title and interest in
the Software, Documentation and any other Kasten materials furnished or made
available hereunder, all modifications and enhancements thereof, and all
suggestions, ideas and feedback proposed by Licensee regarding the Software and
Documentation, including all copyright rights, patent rights and other
Intellectual Property Rights in each of the foregoing, belong to and are
retained solely by Kasten or Kasten"s licensors and providers, as applicable.
Licensee hereby does and will irrevocably assign to Kasten all evaluations,
ideas, feedback and suggestions made by Licensee to Kasten regarding the
Software and Documentation (collectively, "Feedback") and all Intellectual
Property Rights in and to the Feedback. Except as expressly provided herein, no
licenses of any kind are granted hereunder, whether by implication, estoppel, or
otherwise.
10. LIMITED WARRANTY AND DISCLAIMERS
10.1 Limited Warranty. Kasten warrants for a period of thirty (30) days from
the Effective Date that the Software will materially conform to Kasten"s
then-current Documentation (the "Warranty Period") when properly installed on a
computer for which a license is granted hereunder. Licensee"s exclusive remedy
for a breach of this Section 10.1 is that Kasten shall, at its option, use
commercially reasonable efforts to correct or replace the Software, or refund
all or a portion of the fees paid by Licensee pursuant to the Purchase
Agreement. Kasten, in its sole discretion, may revise this limited warranty from
time to time.
10.2 Third-Party Software. Except as expressly set forth in this Agreement,
Third-Party Software (including any Open Source Software) are provided on an
"as-is" basis at the sole risk of Licensee. Notwithstanding any language to the
contrary in this Agreement, Kasten makes no express or implied warranties of any
kind with respect to Third-Party Software provided to Licensee and shall not be
liable for any damages regarding the use or operation of the Third-Party
Software furnished under this Agreement. Any and all express or implied
warranties, if any, arising from the license of Third-Party Software shall be
those warranties running from the third party manufacturer or licensor to
Licensee.
10.3 Warranty Disclaimer. EXCEPT FOR THE LIMITED WARRANTY PROVIDED ABOVE,
KASTEN AND ITS SUPPLIERS MAKE NO WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED,
STATUTORY OR OTHERWISE, RELATING TO THE SOFTWARE OR TO KASTEN"S MAINTENANCE,
PROFESSIONAL OR OTHER SERVICES. KASTEN SPECIFICALLY DISCLAIMS ALL IMPLIED
WARRANTIES OF DESIGN, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE
AND NON-INFRINGEMENT. KASTEN AND ITS SUPPLIERS AND LICENSORS DO NOT WARRANT OR
REPRESENT THAT THE SOFTWARE WILL BE FREE FROM BUGS OR THAT ITS USE WILL BE
UNINTERRUPTED OR ERROR-FREE. THIS DISCLAIMER SHALL APPLY NOTWITHSTANDING THE
FAILURE OF THE ESSENTIAL PURPOSE OF ANY LIMITED REMEDY PROVIDED HEREIN. EXCEPT
AS STATED ABOVE, KASTEN AND ITS SUPPLIERS PROVIDE THE SOFTWARE ON AN "AS IS"
BASIS. KASTEN PROVIDES NO WARRANTIES WITH RESPECT TO THIRD PARTY SOFTWARE AND
OPEN SOURCE SOFTWARE.
11. LIMITATIONS OF LIABILITY
11.1 EXCLUSION OF CERTAIN DAMAGES. EXCEPT FOR BREACHES OF SECTION 6
(CONFIDENTIALITY) OR SECTION 9 (OWNERSHIP), IN NO EVENT WILL EITHER PARTY BE
LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, SPECIAL, INCIDENTAL OR
RELIANCE DAMAGES, INCLUDING ANY LOST DATA, LOSS OF USE AND LOST PROFITS, ARISING
FROM OR RELATING TO THIS AGREEMENT, THE SOFTWARE OR DOCUMENTATION, EVEN IF SUCH
PARTY KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF, OR COULD REASONABLY HAVE
PREVENTED, SUCH DAMAGES.
11.2 LIMITATION OF DAMAGES. EXCEPT FOR THE BREACHES OF SECTION 6
(CONFIDENTIALITY) OR SECTION 9 (OWNERSHIP), EACH PARTY"S TOTAL CUMULATIVE
LIABILITY ARISING FROM OR RELATED TO THIS AGREEMENT OR THE SOFTWARE,
DOCUMENTATION, OR SERVICES PROVIDED BY KASTEN, WILL NOT EXCEED THE AMOUNT OF
FEES PAID OR PAYABLE BY LICENSEE FOR THE SOFTWARE, DOCUMENTATION OR SERVICES
GIVING RISE TO THE CLAIM IN THE TWELVE (12) MONTHS FOLLOWING THE EFFECTIVE DATE.
LICENSEE AGREES THAT KASTEN"S SUPPLIERS AND LICENSORS WILL HAVE NO LIABILITY OF
ANY KIND UNDER OR AS A RESULT OF THIS AGREEMENT. IN THE CASE OF KASTEN"S
INDEMNIFICATION OBLIGATIONS, KASTEN"S CUMULATIVE LIABILITY UNDER THIS AGREEMENT
SHALL BE LIMITED TO THE SUM OF THE LICENSE FEES PAID OR PAYABLE BY LICENSEE FOR
THE SOFTWARE, DOCUMENTATION OR SERVICES GIVING RISE TO THE CLAIM IN THE TWELVE
(12) MONTHS FOLLOWING THE EFFECTIVE DATE.
11.3 THIRD PARTY SOFTWARE. NOTWITHSTANDING ANY LANGUAGE TO THE CONTRARY IN THIS
AGREEMENT, KASTEN SHALL NOT BE LIABLE FOR ANY DAMAGES REGARDING THE USE OR
OPERATION OF ANY THIRD-PARTY SOFTWARE FURNISHED UNDER THIS AGREEMENT.
11.4 LIMITATION OF ACTIONS. IN NO EVENT MAY LICENSEE BRING ANY CAUSE OF ACTION
RELATED TO THIS AGREEMENT MORE THAN ONE (1) YEAR AFTER THE OCCURRENCE OF THE
EVENT GIVING RISE TO THE LIABILITY.
12. EXPORT
The Software, Documentation and related technical data may be subject
to U.S. export control laws, including without limitation the U.S. Export
Administration Act and its associated regulations, and may be subject to export
or import regulations in other countries. Licensee shall comply with all such
regulations and agrees to obtain all necessary licenses to export, re-export, or
import the Software, Documentation and related technical data.
13. GENERAL
13.1 No Agency. Kasten and Licensee each acknowledge and agree that the
relationship established by this Agreement is that of independent contractors,
and nothing contained in this Agreement shall be construed to: (1) give either
party the power to direct or control the daytoday activities of the other; (2)
deem the parties to be acting as partners, joint venturers, coowners or
otherwise as participants in a joint undertaking; or (3) permit either party or
any of either party"s officers, directors, employees, agents or representatives
to create or assume any obligation on behalf of or for the account of the other
party for any purpose whatsoever.
13.2 Compliance with Laws. Each party agrees to comply with all applicable
laws, regulations, and ordinances relating to their performance hereunder.
Without limiting the foregoing, Licensee warrants and covenants that it will
comply with all then current laws and regulations of the United States and other
jurisdictions relating or applicable to Licensee"s use of the Software and
Documentation including, without limitation, those concerning Intellectual
Property Rights, invasion of privacy, defamation, and the import and export of
Software and Documentation.
13.3 Force Majeure. Except for the duty to pay money, neither party shall be
liable hereunder by reason of any failure or delay in the performance of its
obligations hereunder on account of strikes, riots, fires, flood, storm,
explosions, acts of God, war, governmental action, earthquakes, or any other
cause which is beyond the reasonable control of such party.
13.4 Governing Law; Venue and Jurisdiction. This Agreement shall be interpreted
according to the laws of the State of California without regard to or
application of choiceoflaw rules or principles. The parties expressly agree
that the United Nations Convention on Contracts for the International Sale of
Goods and the Uniform Computer Information Transactions Act will not apply. Any
legal action or proceeding arising under this Agreement will be brought
exclusively in the federal or state courts located in Santa Clara County,
California and the parties hereby consent to the personal jurisdiction and venue
therein.
13.5 Injunctive Relief. The parties agree that monetary damages would not be an
adequate remedy for the breach of certain provisions of this Agreement,
including, without limitation, all provisions concerning infringement,
confidentiality and nondisclosure, or limitation on permitted use of the
Software or Documentation. The parties further agree that, in the event of such
breach, injunctive relief would be necessary to prevent irreparable injury.
Accordingly, either party shall have the right to seek injunctive relief or
similar equitable remedies to enforce such party's rights under the pertinent
provisions of this Agreement, without limiting its right to pursue any other
legal remedies available to it.
13.6 Entire Agreement and Waiver. This Agreement and any exhibits hereto shall
constitute the entire agreement and contains all terms and conditions between
Kasten and Licensee with respect to the subject matter hereof and all prior
agreements, representations, and statement with respect to such subject matter
are superseded hereby. This Agreement may be changed only by written agreement
signed by both Kasten and Licensee. No failure of either party to exercise or
enforce any of its rights under this Agreement shall act as a waiver of
subsequent breaches; and the waiver of any breach shall not act as a waiver of
subsequent breaches.
13.7 Severability. In the event any provision of this Agreement is held by a
court or other tribunal of competent jurisdiction to be unenforceable, that
provision will be enforced to the maximum extent permissible under applicable
law and the other provisions of this Agreement will remain in full force and
effect. The parties further agree that in the event such provision is an
essential part of this Agreement, they will begin negotiations for a suitable
replacement provision.
13.8 Counterparts. This Agreement may be executed in any number of
counterparts, each of which, when so executed and delivered (including by
facsimile), shall be deemed an original, and all of which shall constitute one
and the same agreement.
13.9 Binding Effect. This Agreement shall be binding upon and shall inure to
the benefit of the respective parties hereto, their respective successors and
permitted assigns.
13.10 Assignment. Neither party may, without the prior written consent of the
other party (which shall not be unreasonably withheld), assign this Agreement,
in whole or in part, either voluntarily or by operation of law, and any attempt
to do so shall be a material default of this Agreement and shall be void.
Notwithstanding the foregoing, Kasten may assign its rights and benefits and
delegate its duties and obligations under this Agreement without the consent of
Licensee in connection with a merger, reorganization or sale of all or
substantially all relevant assets of the assigning party; in each case provided
that such successor assumes the assigning party"s obligations under this
Agreement.

BIN
charts/k10/k10/5.0.400/files/favicon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.8 KiB

24
charts/k10/k10/5.0.400/files/kasten-logo.svg Normal file
View File

@ -0,0 +1,24 @@
<svg viewBox="0 0 986 215" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<defs></defs>
<g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="color_logo">
<g id="Group">
<path d="M40,214.3 L4.6,214.3 C2.2,214.3 0.2,212.3 0.2,209.9 L0.2,5 C0.2,2.6 2.2,0.6 4.6,0.6 L40,0.6 C42.4,0.6 44.4,2.6 44.4,5 L44.4,209.9 C44.4,212.3 42.4,214.3 40,214.3 Z" id="Shape" fill="#446CA9" fill-rule="nonzero"></path>
<g transform="translate(48.000000, 1.000000)" id="Shape">
<polygon points="85.3 44.9 86.3 46.7 83.8 48.1 83.1 46.9 48.2 107.3 83.3 168 83.8 167.1 86.3 168.5 85.7 169.6 156.2 169.6 191.5 108.5 188.9 108.5 188.9 105.6 191.3 105.6 156.3 44.9"></polygon>
<path d="M156.3,44.9 L191.3,105.5 L240,105.5 C239.8,102.5 238.9,99.6 237.4,96.9 L187.8,10.9 C184.1,4.5 177.3,0.6 170,0.6 L70.7,0.6 C67.5,0.6 64.5,1.4 61.7,2.7 L85.4,44.8 L156.3,44.8 L156.3,44.9 Z" fill="#46A8C6" fill-rule="nonzero"></path>
<path d="M156.2,169.6 L85.7,169.6 L61.6,211.7 C64.4,213 67.4,213.8 70.6,213.8 L169.9,213.8 C177.3,213.8 184,209.9 187.7,203.5 L237.3,117.5 C238.9,114.7 239.8,111.6 240,108.4 L191.5,108.4 L156.2,169.6 Z" fill="#46A8C6" fill-rule="nonzero"></path>
<path d="M48.2,107.3 L83,47 L59,4.4 C56.5,6.1 54.3,8.4 52.7,11.1 L3.1,97.1 C-0.6,103.5 -0.6,111.3 3.1,117.7 L52.7,203.7 C54.3,206.4 56.5,208.7 59,210.4 L83.2,168.1 L48.2,107.3 Z" fill="#446CA9" fill-rule="nonzero"></path>
</g>
<g transform="translate(359.000000, 31.000000)" id="Shape" fill-rule="nonzero" fill="#4D72A5">
<path d="M83.7688716,146.134353 C85.8762646,148.504099 84.559144,149.294014 82.7151751,149.294014 L69.807393,149.294014 C67.7,149.294014 66.6463035,148.504099 64.5389105,146.134353 L15.0151751,99.0027326 L15.0151751,146.134353 C15.0151751,148.504099 14.2249027,149.294014 11.8540856,149.294014 L3.16108949,149.294014 C0.790272374,149.294014 -5.68434189e-14,148.504099 -5.68434189e-14,146.134353 L-5.68434189e-14,3.68627196 C-5.68434189e-14,1.3165257 0.790272374,0.52661028 3.16108949,0.52661028 L11.8540856,0.52661028 C14.4883268,0.52661028 15.0151751,1.3165257 15.0151751,3.68627196 L15.0151751,91.8934938 L61.9046693,50.0279766 C64.0120623,47.6582303 65.0657588,46.8683149 67.1731518,46.8683149 L79.8175097,46.8683149 C81.9249027,46.8683149 82.451751,48.4481457 80.8712062,50.0279766 L30.5571984,94.7898504 L83.7688716,146.134353 Z"></path>
<path d="M113.545914,58.1904359 L111.96537,52.1344177 C111.438521,50.0279766 111.96537,48.974756 114.336187,48.1848406 C116.707004,47.6582303 133.566148,44.4985686 149.108171,44.4985686 C183.089883,44.4985686 192.309728,59.5069616 192.309728,92.9467144 L192.309728,146.134353 C192.309728,148.504099 191.519455,149.294014 189.412062,149.294014 L183.616732,149.294014 C182.036187,149.294014 181.245914,148.504099 180.719066,146.134353 L179.928794,132.442485 C174.396887,139.815029 161.225681,151.663761 139.361479,151.663761 C119.868093,151.663761 103.535798,139.815029 103.535798,118.224008 C103.535798,96.1063761 120.131518,85.5741705 144.893385,85.5741705 C155.693774,85.5741705 167.284436,88.470527 177.557977,92.6834092 C177.557977,67.1428107 170.182101,57.9271308 148.844747,57.9271308 C135.936965,57.9271308 125.4,59.7702668 117.7607,61.0867925 C114.863035,61.6134027 114.336187,60.5601822 113.545914,58.1904359 Z M118.287549,117.960703 C118.287549,130.599349 127.243969,139.551724 143.839689,139.551724 C157.801167,139.551724 170.972374,130.072739 177.294553,120.593754 L177.294553,103.742225 C167.021012,99.5293429 159.118288,96.3696812 147.527626,96.3696812 C128.297665,96.6329863 118.287549,104.268835 118.287549,117.960703 Z"></path>
<path d="M283.835409,120.593754 C283.835409,111.641379 273.825292,107.165192 255.385603,104.532141 C235.36537,101.899089 216.135409,97.1595966 216.135409,76.0951854 C216.135409,56.8739102 231.150584,44.4985686 254.858755,44.4985686 C265.39572,44.4985686 279.357198,47.13162 293.318677,55.8206897 C295.689494,57.1372154 295.42607,58.4537411 294.372374,60.296877 L291.738132,65.0363696 C290.684436,67.1428107 289.630739,68.1960312 287.259922,66.3528953 C276.459533,59.7702668 268.556809,56.6106051 255.649027,56.6106051 C238.789883,56.6106051 230.360311,63.983149 230.360311,75.0419649 C230.360311,86.1007807 240.370428,88.2072219 258.810117,90.8402733 C278.83035,93.7366298 298.060311,100.055953 298.060311,119.803839 C298.060311,138.498504 282.781712,151.663761 256.702724,151.663761 C245.902335,151.663761 230.096887,148.767404 215.081712,138.761809 C213.237743,137.445283 213.237743,136.655368 214.554864,134.285621 L217.452529,129.282824 C218.506226,127.176383 219.559922,126.123162 221.930739,127.966298 C230.88716,134.285621 242.741245,139.288419 255.912451,139.288419 C275.932685,139.288419 283.835409,130.862655 283.835409,120.593754 Z"></path>
<path d="M368.297276,151.663761 C341.69144,151.663761 331.681323,134.812232 331.681323,106.901887 L331.681323,59.2436565 L321.671206,59.2436565 C319.300389,59.2436565 318.510117,58.4537411 318.510117,56.0839948 L318.510117,50.0279766 C318.510117,47.3949252 319.300389,46.8683149 321.671206,46.8683149 L331.681323,46.8683149 L331.681323,26.0672088 C331.681323,23.6974626 332.208171,22.9075472 334.578988,22.9075472 L343.535409,22.9075472 C345.906226,22.9075472 346.696498,23.6974626 346.696498,26.0672088 L346.696498,46.8683149 L383.312451,46.8683149 C385.419844,46.8683149 386.210117,47.3949252 386.210117,50.0279766 L386.210117,56.0839948 C386.210117,58.4537411 385.683268,59.2436565 383.312451,59.2436565 L346.696498,59.2436565 L346.696498,105.585361 C346.696498,129.282824 353.808949,137.971893 369.877821,137.971893 C375.409728,137.971893 378.834241,137.445283 383.8393,134.812232 C386.473541,133.495706 387.000389,133.495706 387.790661,136.392062 L389.107782,142.974691 C389.63463,145.081132 389.63463,145.871047 387.790661,146.924268 C379.624514,151.663761 370.931518,151.663761 368.297276,151.663761 Z"></path>
<path d="M502.126848,132.969096 C503.443969,134.812232 503.443969,135.865452 502.126848,137.445283 C492.64358,146.660963 476.311284,151.663761 461.296109,151.663761 C430.738911,151.663761 407.294163,127.702993 407.294163,98.2128172 C407.294163,68.7226415 430.738911,44.4985686 460.242412,44.4985686 C491.853307,44.4985686 510.029572,70.0391672 510.029572,100.055953 C510.029572,102.425699 509.502724,103.215615 506.868482,103.215615 L422.572763,103.215615 C423.889883,121.91028 441.275875,138.235198 461.559533,138.235198 C471.56965,138.235198 483.68716,135.075537 493.170428,128.229603 C495.277821,126.913077 496.068093,126.649772 497.912062,128.492908 L502.126848,132.969096 Z M494.750973,92.9467144 C493.9607,74.7786597 480.789494,57.1372154 460.242412,57.1372154 C439.431907,57.1372154 424.153307,74.7786597 423.626459,92.9467144 L494.750973,92.9467144 Z"></path>
<path d="M552.187549,67.9327261 C556.402335,59.7702668 566.9393,44.2352635 586.696109,44.2352635 C608.296887,44.2352635 626.736576,57.4005205 626.736576,89.5237476 L626.736576,145.871047 C626.736576,148.240794 625.946304,149.030709 623.575486,149.030709 L614.619066,149.030709 C612.511673,149.030709 611.457977,148.240794 611.457977,145.871047 L611.457977,93.7366298 C611.457977,69.7758621 599.340467,57.9271308 583.008171,57.9271308 C565.358755,57.9271308 554.031518,74.7786597 554.031518,95.0531555 L554.031518,145.871047 C554.031518,148.240794 553.241245,149.030709 550.870428,149.030709 L541.914008,149.030709 C539.806615,149.030709 539.016342,148.240794 539.016342,145.871047 L539.016342,95.8430709 L539.016342,49.7646714 C539.016342,47.3949252 539.806615,46.6050098 541.914008,46.6050098 L546.919066,46.6050098 C548.499611,46.6050098 549.289883,47.3949252 550.34358,49.7646714 L552.187549,67.9327261 Z"></path>
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 7.7 KiB

113
charts/k10/k10/5.0.400/files/styles.css Normal file
View File

@ -0,0 +1,113 @@
.theme-body {
background-color: #efefef;
color: #333;
font-family: 'Source Sans Pro', Helvetica, sans-serif;
}
.theme-navbar {
background-color: #fff;
box-shadow: 0 2px 2px rgba(0, 0, 0, 0.2);
color: #333;
font-size: 13px;
font-weight: 100;
height: 46px;
overflow: hidden;
padding: 0 10px;
}
.theme-navbar__logo-wrap {
display: inline-block;
height: 100%;
overflow: hidden;
padding: 10px 15px;
width: 300px;
}
.theme-navbar__logo {
height: 100%;
max-height: 25px;
}
.theme-heading {
font-size: 20px;
font-weight: 500;
margin-bottom: 10px;
margin-top: 0;
}
.theme-panel {
background-color: #fff;
box-shadow: 0 5px 15px rgba(0, 0, 0, 0.5);
padding: 30px;
}
.theme-btn-provider {
background-color: #fff;
color: #333;
min-width: 250px;
}
.theme-btn-provider:hover {
color: #999;
}
.theme-btn--primary {
background-color: #333;
border: none;
color: #fff;
min-width: 200px;
padding: 6px 12px;
}
.theme-btn--primary:hover {
background-color: #666;
color: #fff;
}
.theme-btn--success {
background-color: #2FC98E;
color: #fff;
width: 250px;
}
.theme-btn--success:hover {
background-color: #49E3A8;
}
.theme-form-row {
display: block;
margin: 20px auto;
}
.theme-form-input {
border-radius: 4px;
border: 1px solid #CCC;
box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075);
color: #666;
display: block;
font-size: 14px;
height: 36px;
line-height: 1.42857143;
margin: auto;
padding: 6px 12px;
width: 250px;
}
.theme-form-input:focus,
.theme-form-input:active {
border-color: #66AFE9;
outline: none;
}
.theme-form-label {
font-size: 13px;
font-weight: 600;
margin: 4px auto;
position: relative;
text-align: left;
width: 250px;
}
.theme-link-back {
margin-top: 4px;
}

1
charts/k10/k10/5.0.400/license Normal file
View File

@ -0,0 +1 @@
Y3VzdG9tZXJOYW1lOiBzdGFydGVyLWxpY2Vuc2UKZGF0ZUVuZDogJzIxMDAtMDEtMDFUMDA6MDA6MDAuMDAwWicKZGF0ZVN0YXJ0OiAnMjAyMC0wMS0wMVQwMDowMDowMC4wMDBaJwpmZWF0dXJlczogbnVsbAppZDogc3RhcnRlci00ZjE4NDJjMC0wNzQ1LTQxYTUtYWFhNy1hMDFkNzQ4YjFjMzAKcHJvZHVjdDogSzEwCnJlc3RyaWN0aW9uczoKICBub2RlczogJzEwJwpzZXJ2aWNlQWNjb3VudEtleTogbnVsbAp2ZXJzaW9uOiB2MS4wLjAKc2lnbmF0dXJlOiBqT1N5NDNQZG5ZMFVCZitValhOdU1oUEFSb1J2ZkpzWElQWnhBWFNCaGpKbUwxNlNodi8vVzgyV2NMeGZJM25NZTA0TThtRU03eThPcnArQks1ekxpeFd3clpncmZSbTBEaWlELyttRjR5U3l1Rko0QW1neHV6NDhQTmdnU1VyWUM3S1FVcFYxSEJZV1ZaNm9udEJDeE1rVWtkaDVqdzZJdWMzN3lDaktIYy92bWZaenBzTVhybmxUdGhha2RjVVk0azNyVHJDa3VDcnFUMkpjM1o1amFGalZSZW1Zd1NBVXpkRldNazdQdkp3eHVFdE5rNitPV0pCVERQbnNYdldKdjdNc3NneDBJTmdtNUlJWDRVeEVhQWI4QXpTNkMyQ21XQzlhWURFTDg1aEFpeWhONXUwU0tQczA3ZXB0R1VHYmc3cWtPUVN0d0NhcDFKUURvbDVDT0E9PQo=

295
charts/k10/k10/5.0.400/questions.yaml Normal file
View File

@ -0,0 +1,295 @@
questions:
# ========================
# SECRETS And Configuration
# ========================
### AWS Configuration
- variable: secrets.awsAccessKeyId
description: "AWS access key ID (required for AWS deployment)"
type: password
label: AWS Access Key ID
required: false
group: "AWS Configuration"
- variable: secrets.awsSecretAccessKey
description: "AWS access key secret (required for AWS deployment)"
type: password
label: AWS Secret Access Key
required: false
group: "AWS Configuration"
- variable: secrets.awsIamRole
description: "ARN of the AWS IAM role assumed by K10 to perform any AWS operation."
type: string
label: ARN of the AWS IAM role
required: false
group: "AWS Configuration"
- variable: awsConfig.assumeRoleDuration
description: "Duration of a session token generated by AWS for an IAM role"
type: string
label: Role Duration
required: false
default: ""
group: "AWS Configuration"
- variable: awsConfig.efsBackupVaultName
description: "Specifies the AWS EFS backup vault name"
type: string
label: EFS Backup Vault Name
required: false
default: "k10vault"
group: "AWS Configuration"
### Google Cloud Configuration
- variable: secrets.googleApiKey
description: "Required If cluster is deployed on Google Cloud"
type: multiline
label: Non-default base64 encoded GCP Service Account key file
required: false
group: "GoogleApi Configuration"
### Azure Configuration
- variable: secrets.azureTenantId
description: "Azure tenant ID (required for Azure deployment)"
type: string
label: Tenant ID
required: false
group: "Azure Configuration"
- variable: secrets.azureClientId
description: "Azure Service App ID"
type: password
label: Service App ID
required: false
group: "Azure Configuration"
- variable: secrets.azureClientSecret
description: "Azure Service App secret"
type: password
label: Service App secret
required: false
group: "Azure Configuration"
- variable: secrets.azureResourceGroup
description: "Resource Group name that was created for the Kubernetes cluster"
type: string
label: Resource Group
required: false
group: "Azure Configuration"
- variable: secrets.azureSubscriptionID
description: "Subscription ID in your Azure tenant"
type: string
label: Subscription ID
required: false
group: "Azure Configuration"
- variable: secrets.azureResourceMgrEndpoint
description: "Resource management endpoint for the Azure Stack instance"
type: string
label: Resource management endpoint
required: false
group: "Azure Configuration"
- variable: secrets.azureADEndpoint
description: "Azure Active Directory login endpoint"
type: string
label: Active Directory login endpoint
required: false
group: "Azure Configuration"
- variable: secrets.azureADResourceID
description: "Azure Active Directory resource ID to obtain AD tokens"
type: string
label: Active Directory resource ID
required: false
group: "Azure Configuration"
# ========================
# Authentication
# ========================
- variable: auth.basicAuth.enabled
description: "Configures basic authentication for the K10 dashboard"
type: boolean
label: Enable Basic Authentication
required: false
group: "Authentication"
show_subquestion_if: true
subquestions:
- variable: auth.basicAuth.htpasswd
description: "A username and password pair separated by a colon character"
type: password
label: Authentication Details (htpasswd)
- variable: auth.basicAuth.secretName
description: "Name of an existing Secret that contains a file generated with htpasswd"
type: string
label: Secret Name
- variable: auth.tokenAuth.enabled
description: "Configures token based authentication for the K10 dashboard"
type: boolean
label: Enable Token Based Authentication
required: false
group: "Authentication"
- variable: auth.oidcAuth.enabled
description: "Configures Open ID Connect based authentication for the K10 dashboard"
type: boolean
label: Enable OpenID Connect Based Authentication
required: false
group: "Authentication"
show_subquestion_if: true
subquestions:
- variable: auth.oidcAuth.providerURL
description: "URL for the OIDC Provider"
type: string
label: OIDC Provider URL
- variable: auth.oidcAuth.redirectURL
description: "URL for the K10 gateway Provider"
type: string
label: OIDC Redirect URL
- variable: auth.oidcAuth.scopes
description: "Space separated OIDC scopes required for userinfo. Example: `profile email`"
type: string
label: OIDC scopes
- variable: auth.oidcAuth.prompt
description: "The type of prompt to be used during authentication (none, consent, login, or select_account)"
type: enum
options:
- none
- consent
- login
- select_account
default: none
label: The type of prompt to be used during authentication (none, consent, login, or select_account)
- variable: auth.oidcAuth.clientID
description: "Client ID given by the OIDC provider for K10"
type: password
label: OIDC Client ID
- variable: auth.oidcAuth.clientSecret
description: "Client secret given by the OIDC provider for K10"
type: password
label: OIDC Client Secret
- variable: auth.oidcAuth.usernameClaim
description: "The claim to be used as the username"
type: string
label: OIDC UserName Claim
- variable: auth.oidcAuth.usernamePrefix
description: "Prefix that has to be used with the username obtained from the username claim"
type: string
label: OIDC UserName Prefix
- variable: auth.oidcAuth.groupClaim
description: "Name of a custom OpenID Connect claim for specifying user groups"
type: string
label: OIDC group Claim
- variable: auth.oidcAuth.groupPrefix
description: "All groups will be prefixed with this value to prevent conflicts"
type: string
label: OIDC group Prefix
# ========================
# External Gateway
# ========================
- variable: externalGateway.create
description: "Configures an external gateway for K10 API services"
type: boolean
label: Create External Gateway
required: false
group: "External Gateway"
show_subquestion_if: true
subquestions:
- variable: externalGateway.annotations
description: "Standard annotations for the services"
type: multiline
default: ""
label: Annotation
- variable: externalGateway.fqdn.name
description: "Domain name for the K10 API services"
type: string
label: Domain Name
- variable: externalGateway.fqdn.type
description: "Supported gateway type: `route53-mapper` or `external-dns`"
type: string
label: Gateway Type route53-mapper or external-dns
- variable: externalGateway.awsSSLCertARN
description: "ARN for the AWS ACM SSL certificate used in the K10 API server"
type: multiline
label: ARN for the AWS ACM SSL certificate
# ========================
# Storage Management
# ========================
- variable: global.persistence.storageClass
label: StorageClass Name
description: "Specifies StorageClass Name to be used for PVCs"
type: string
required: false
default: ""
group: "Storage Management"
- variable: prometheus.server.persistentVolume.storageClass
type: string
label: StorageClass Name for Prometheus PVC
description: "StorageClassName used to create Prometheus PVC. Setting this option overwrites global StorageClass value"
default: ""
required: false
group: "Storage Management"
- variable: prometheus.server.persistentVolume.enabled
type: boolean
label: Enable PVC for Prometheus server
description: "If true, K10 Prometheus server will create a Persistent Volume Claim"
default: true
required: false
group: "Storage Management"
- variable: global.persistence.enabled
type: boolean
label: Storage Enabled
description: "If true, K10 will use Persistent Volume Claim"
default: true
required: false
group: "Storage Management"
# ========================
# Service Account
# ========================
- variable: serviceAccount.name
description: "Name of a service account in the target namespace that has cluster-admin permissions. This is needed for the K10 to be able to protect cluster resources."
type: string
label: Service Account Name
required: false
group: "Service Account"
# ========================
# License
# ========================
- variable: license
description: "License string obtained from Kasten"
type: multiline
label: License String
group: "License"
- variable: eula.accept
description: "Whether to enable accept EULA before installation"
type: boolean
label: Enable accept EULA before installation
group: "License"
show_subquestion_if: true
subquestions:
- variable: eula.company
description: "Company name. Required field if EULA is accepted"
type: string
label: Company Name
- variable: eula.email
description: "Contact email. Required field if EULA is accepted"
type: string
label: Contact Email

47
charts/k10/k10/5.0.400/templates/NOTES.txt Normal file
View File

@ -0,0 +1,47 @@
Thank you for installing Kastens K10 Data Management Platform!
Documentation can be found at https://docs.kasten.io/.
How to access the K10 Dashboard:
{{ if .Values.ingress.create }}
You are using the system's default ingress controller. Please ask your
administrator for instructions on how to access the cluster.
WebUI location: https://{{ default "Your ingress endpoint" .Values.ingress.host }}/{{ default .Release.Name .Values.ingress.urlPath }}
{{ end }}
The K10 dashboard is not exposed externally. To establish a connection to it use the following `kubectl` command:
`kubectl --namespace {{ .Release.Namespace }} port-forward service/gateway 8080:{{ .Values.service.externalPort }}`
The Kasten dashboard will be available at: `http{{ if or (and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey) .Values.externalGateway.awsSSLCertARN }}s{{ end }}://127.0.0.1:8080/{{ .Release.Name }}/#/`
{{ if.Values.externalGateway.create }}
{{ if .Values.externalGateway.fqdn.name }}
The K10 Dashboard is accessible via {{ if or (and .Values.secrets.apiTlsCrt .Values.secrets.apiTlsKey) .Values.externalGateway.awsSSLCertARN }}https{{ else }}http{{ end }}://{{ .Values.externalGateway.fqdn.name }}/{{ .Release.Name }}/#/
{{ else }}
The K10 Dashboard is accessible via a LoadBalancer. Find the service's EXTERNAL IP using:
`kubectl get svc gateway-ext --namespace {{ .Release.Namespace }} -o wide`
And use it in following URL
`http://SERVICE_EXTERNAL_IP/{{ .Release.Name }}/#/`
{{ end }}
{{ end }}
{{ if and ( .Values.metering.awsManagedLicense ) ( not .Values.metering.licenseConfigSecretName ) }}
IAM Role created during installation need to have permissions that allow K10 to
perform operations on EBS and, if needed, EFS and S3. Please create a policy
with required permissions, and use the commands below to attach the policy to
the service account.
`ROLE_NAME=$(kubectl get serviceaccount {{ .Values.serviceAccount.name }} -n {{ .Release.Namespace }} -ojsonpath="{.metadata.annotations['eks\.amazonaws\.com/role-arn']}" | awk -F '/' '{ print $(NF) }')`
`aws iam attach-role-policy --role-name "${ROLE_NAME}" --policy-arn <POLICY NAME>`
Refer to `https://docs.kasten.io/latest/install/aws-containers-anywhere/aws-containers-anywhere.html#attaching-permissions-for-eks-installations`
for more information.
{{ end }}

185
charts/k10/k10/5.0.400/templates/_definitions.tpl Normal file
View File

@ -0,0 +1,185 @@
{{/* Autogenerated, do NOT modify */}}
{{- define "k10.additionalServices" -}}frontend kanister {{- end -}}
{{- define "k10.restServices" -}}admin auth bloblifecyclemanager catalog controllermanager crypto dashboardbff events executor jobs logging metering mccontrollermanager state vbrintegrationapi {{- end -}}
{{- define "k10.services" -}}aggregatedapis {{- end -}}
{{- define "k10.exposedServices" -}}auth dashboardbff vbrintegrationapi {{- end -}}
{{- define "k10.statelessServices" -}}admin aggregatedapis auth bloblifecyclemanager controllermanager crypto dashboardbff events executor mccontrollermanager state vbrintegrationapi {{- end -}}
{{- define "k10.colocatedServices" -}}admin:
isExposed: false
port: 8001
primary: state
bloblifecyclemanager:
isExposed: true
port: 8001
primary: crypto
events:
isExposed: true
port: 8002
primary: crypto
vbrintegrationapi:
isExposed: true
port: 8001
primary: dashboardbff
{{- end -}}
{{- define "k10.colocatedServiceLookup" -}}crypto:
- bloblifecyclemanager
- events
dashboardbff:
- vbrintegrationapi
state:
- admin
{{- end -}}
{{- define "k10.aggregatedAPIs" -}}actions apps vault {{- end -}}
{{- define "k10.configAPIs" -}}config{{- end -}}
{{- define "k10.profiles" -}}profiles{{- end -}}
{{- define "k10.policies" -}}policies{{- end -}}
{{- define "k10.reportingAPIs" -}}reporting{{- end -}}
{{- define "k10.distAPIs" -}}dist{{- end -}}
{{- define "k10.actionsAPIs" -}}actions{{- end -}}
{{- define "k10.backupActions" -}}backupactions{{- end -}}
{{- define "k10.backupActionsDetails" -}}backupactions/details{{- end -}}
{{- define "k10.reportActions" -}}reportactions{{- end -}}
{{- define "k10.reportActionsDetails" -}}reportactions/details{{- end -}}
{{- define "k10.restoreActions" -}}restoreactions{{- end -}}
{{- define "k10.restoreActionsDetails" -}}restoreactions/details{{- end -}}
{{- define "k10.importActions" -}}importactions{{- end -}}
{{- define "k10.exportActions" -}}exportactions{{- end -}}
{{- define "k10.exportActionsDetails" -}}exportactions/details{{- end -}}
{{- define "k10.retireActions" -}}retireactions{{- end -}}
{{- define "k10.runActions" -}}runactions{{- end -}}
{{- define "k10.backupClusterActions" -}}backupclusteractions{{- end -}}
{{- define "k10.backupClusterActionsDetails" -}}backupclusteractions/details{{- end -}}
{{- define "k10.restoreClusterActions" -}}restoreclusteractions{{- end -}}
{{- define "k10.restoreClusterActionsDetails" -}}restoreclusteractions/details{{- end -}}
{{- define "k10.cancelActions" -}}cancelactions{{- end -}}
{{- define "k10.appsAPIs" -}}apps{{- end -}}
{{- define "k10.restorePoints" -}}restorepoints{{- end -}}
{{- define "k10.restorePointsDetails" -}}restorepoints/details{{- end -}}
{{- define "k10.clusterRestorePoints" -}}clusterrestorepoints{{- end -}}
{{- define "k10.clusterRestorePointsDetails" -}}clusterrestorepoints/details{{- end -}}
{{- define "k10.applications" -}}applications{{- end -}}
{{- define "k10.applicationsDetails" -}}applications/details{{- end -}}
{{- define "k10.vaultAPIs" -}}vault{{- end -}}
{{- define "k10.passkey" -}}passkeys{{- end -}}
{{- define "k10.authAPIs" -}}auth{{- end -}}
{{- define "k10.defaultConcurrentSnapshotConversions" -}}3{{- end -}}
{{- define "k10.defaultConcurrentWorkloadSnapshots" -}}5{{- end -}}
{{- define "k10.defaultK10DataStoreParallelUpload" -}}8{{- end -}}
{{- define "k10.defaultK10DataStoreGeneralContentCacheSizeMB" -}}0{{- end -}}
{{- define "k10.defaultK10DataStoreGeneralMetadataCacheSizeMB" -}}500{{- end -}}
{{- define "k10.defaultK10DataStoreRestoreContentCacheSizeMB" -}}500{{- end -}}
{{- define "k10.defaultK10DataStoreRestoreMetadataCacheSizeMB" -}}500{{- end -}}
{{- define "k10.defaultK10BackupBufferFileHeadroomFactor" -}}1.1{{- end -}}
{{- define "k10.defaultK10LimiterGenericVolumeSnapshots" -}}10{{- end -}}
{{- define "k10.defaultK10LimiterGenericVolumeCopies" -}}10{{- end -}}
{{- define "k10.defaultK10LimiterGenericVolumeRestores" -}}10{{- end -}}
{{- define "k10.defaultK10LimiterCsiSnapshots" -}}10{{- end -}}
{{- define "k10.defaultK10LimiterProviderSnapshots" -}}10{{- end -}}
{{- define "k10.defaultAssumeRoleDuration" -}}60m{{- end -}}
{{- define "k10.defaultKanisterBackupTimeout" -}}45{{- end -}}
{{- define "k10.defaultKanisterRestoreTimeout" -}}600{{- end -}}
{{- define "k10.defaultKanisterDeleteTimeout" -}}45{{- end -}}
{{- define "k10.defaultKanisterHookTimeout" -}}20{{- end -}}
{{- define "k10.defaultKanisterCheckRepoTimeout" -}}20{{- end -}}
{{- define "k10.defaultKanisterStatsTimeout" -}}20{{- end -}}
{{- define "k10.defaultKanisterEFSPostRestoreTimeout" -}}45{{- end -}}
{{- define "k10.cloudProviders" -}} aws google azure {{- end -}}
{{- define "k10.serviceResources" -}}
admin-svc:
admin-svc:
requests:
cpu: 2m
memory: 160Mi
aggregatedapis-svc:
aggregatedapis-svc:
requests:
cpu: 90m
memory: 180Mi
auth-svc:
auth-svc:
requests:
cpu: 2m
memory: 30Mi
bloblifecyclemanager-svc:
bloblifecyclemanager-svc:
requests:
cpu: 10m
memory: 40Mi
catalog-svc:
catalog-svc:
requests:
cpu: 200m
memory: 780Mi
kanister-sidecar:
limits:
cpu: 1200m
memory: 800Mi
requests:
cpu: 100m
memory: 800Mi
controllermanager-svc:
controllermanager-svc:
requests:
cpu: 5m
memory: 30Mi
crypto-svc:
crypto-svc:
requests:
cpu: 1m
memory: 30Mi
dashboardbff-svc:
dashboardbff-svc:
requests:
cpu: 8m
memory: 40Mi
events-svc:
events-svc:
requests:
cpu: 3m
memory: 500Mi
executor-svc:
executor-svc:
requests:
cpu: 3m
memory: 50Mi
tools:
requests:
cpu: 1m
memory: 2Mi
frontend-svc:
frontend-svc:
requests:
cpu: 1m
memory: 40Mi
jobs-svc:
jobs-svc:
requests:
cpu: 30m
memory: 380Mi
kanister-svc:
kanister-svc:
requests:
cpu: 1m
memory: 30Mi
logging-svc:
logging-svc:
requests:
cpu: 2m
memory: 40Mi
metering-svc:
metering-svc:
requests:
cpu: 2m
memory: 30Mi
state-svc:
state-svc:
requests:
cpu: 2m
memory: 30Mi
{{- end -}}
{{- define "k10.multiClusterVersion" -}}2{{- end -}}
{{- define "k10.mcExternalPort" -}}18000{{- end -}}
{{- define "k10.ambassadorImageTag" -}}3.0.0{{- end -}}
{{- define "k10.kanisterToolsImageTag" -}}0.81.0{{- end -}}
{{- define "k10.dexImageTag" -}}v2.24.0{{- end -}}
{{- define "k10.rhAmbassadorImageTag" -}}2.1.2{{- end -}}

697
charts/k10/k10/5.0.400/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,697 @@
{{/* Check if basic auth is needed */}}
{{- define "basicauth.check" -}}
{{- if .Values.auth.basicAuth.enabled }}
{{- print true }}
{{- end -}} {{/* End of check for auth.basicAuth.enabled */}}
{{- end -}}
{{/*
Check if trusted root CA certificate related configmap settings
have been configured
*/}}
{{- define "check.cacertconfigmap" -}}
{{- if .Values.cacertconfigmap.name -}}
{{- print true -}}
{{- else -}}
{{- print false -}}
{{- end -}}
{{- end -}}
{{/*
Check if the auth options are implemented using Dex
*/}}
{{- define "check.dexAuth" -}}
{{- if or .Values.auth.openshift.enabled .Values.auth.ldap.enabled -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/* Check the only 1 auth is specified */}}
{{- define "singleAuth.check" -}}
{{- $count := dict "count" (int 0) -}}
{{- $authList := list .Values.auth.basicAuth.enabled .Values.auth.tokenAuth.enabled .Values.auth.oidcAuth.enabled .Values.auth.openshift.enabled .Values.auth.ldap.enabled -}}
{{- range $i, $val := $authList }}
{{ if $val }}
{{ $c := add1 $count.count | set $count "count" }}
{{ if gt $count.count 1 }}
{{- fail "Multiple auth types were selected. Only one type can be enabled." }}
{{ end }}
{{ end }}
{{- end }}
{{- end -}}{{/* Check the only 1 auth is specified */}}
{{/* Check if Auth is enabled */}}
{{- define "authEnabled.check" -}}
{{- $count := dict "count" (int 0) -}}
{{- $authList := list .Values.auth.basicAuth.enabled .Values.auth.tokenAuth.enabled .Values.auth.oidcAuth.enabled .Values.auth.openshift.enabled .Values.auth.ldap.enabled -}}
{{- range $i, $val := $authList }}
{{ if $val }}
{{ $c := add1 $count.count | set $count "count" }}
{{ end }}
{{- end }}
{{- if eq $count.count 0}}
{{- fail "Auth is required to expose access to K10." }}
{{- end }}
{{- end -}}{{/*end of check */}}
{{/* Return ingress class name annotation */}}
{{- define "ingressClassAnnotation" -}}
{{- if .Values.ingress.class -}}
kubernetes.io/ingress.class: {{ .Values.ingress.class | quote }}
{{- end -}}
{{- end -}}
{{/* Helm required labels */}}
{{- define "helm.labels" -}}
heritage: {{ .Release.Service }}
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
app.kubernetes.io/name: {{ .Chart.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{ include "k10.common.matchLabels" . }}
{{- end -}}
{{- define "k10.common.matchLabels" -}}
app: {{ .Chart.Name }}
release: {{ .Release.Name }}
{{- end -}}
{{- define "k10.defaultRBACLabels" -}}
k10.kasten.io/default-rbac-object: "true"
{{- end -}}
{{/* Expand the name of the chart. */}}
{{- define "name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "serviceAccountName" -}}
{{- if and .Values.metering.awsMarketplace ( not .Values.serviceAccount.name ) -}}
{{ print "k10-metering" }}
{{- else if .Values.serviceAccount.create -}}
{{ default (include "fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the metering service account to use
*/}}
{{- define "meteringServiceAccountName" -}}
{{- if and .Values.metering.awsManagedLicense ( not .Values.serviceAccount.name ) ( not .Values.metering.serviceAccount.name ) ( not .Values.metering.licenseConfigSecretName ) -}}
{{ print "k10-metering" }}
{{- else -}}
{{ default (include "serviceAccountName" .) .Values.metering.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Prints annotations based on .Values.fqdn.type
*/}}
{{- define "dnsAnnotations" -}}
{{- if .Values.externalGateway.fqdn.name -}}
{{- if eq "route53-mapper" ( default "" .Values.externalGateway.fqdn.type) }}
domainName: {{ .Values.externalGateway.fqdn.name | quote }}
{{- end }}
{{- if eq "external-dns" (default "" .Values.externalGateway.fqdn.type) }}
external-dns.alpha.kubernetes.io/hostname: {{ .Values.externalGateway.fqdn.name | quote }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Prometheus scrape config template for k10 services
*/}}
{{- define "k10.prometheusScrape" -}}
{{- $admin_port := default 8877 .main.Values.service.gatewayAdminPort -}}
- job_name: {{ .k10service }}
metrics_path: /metrics
{{- if eq "aggregatedapis" .k10service }}
scheme: https
tls_config:
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- else }}
scheme: http
{{- end }}
static_configs:
- targets:
{{- if eq "gateway" .k10service }}
- {{ .k10service }}-admin.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:{{ $admin_port }}
{{- else if eq "aggregatedapis" .k10service }}
- {{ .k10service }}-svc.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:443
{{- else }}
{{- $service := default .k10service (index (include "k10.colocatedServices" . | fromYaml) .k10service).primary }}
{{- $port := default .main.Values.service.externalPort (index (include "k10.colocatedServices" . | fromYaml) .k10service).port }}
- {{ $service }}-svc.{{ .main.Release.Namespace }}.svc.{{ .main.Values.cluster.domainName }}:{{ $port }}
{{- end }}
labels:
application: {{ .main.Release.Name }}
service: {{ .k10service }}
{{- end -}}
{{/*
Prometheus scrape config template for k10 services
*/}}
{{- define "k10.prometheusTargetConfig" -}}
{{- $admin_port := default 8877 .main.Values.service.gatewayAdminPort | toString -}}
- service: {{ .k10service }}
metricsPath: /metrics
{{- if eq "aggregatedapis" .k10service }}
scheme: https
tls_config:
insecure_skip_verify: true
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
{{- else }}
scheme: http
{{- end }}
{{- $serviceFqdn := "" }}
{{- $servicePort := "" }}
{{- if eq "gateway" .k10service -}}
{{- $serviceFqdn = printf "%s-admin.%s.svc.%s" .k10service .main.Release.Namespace .main.Values.cluster.domainName -}}
{{- $servicePort = $admin_port -}}
{{- else if eq "aggregatedapis" .k10service -}}
{{- $serviceFqdn = printf "%s-svc.%s.svc.%s" .k10service .main.Release.Namespace .main.Values.cluster.domainName -}}
{{- $servicePort = "443" -}}
{{- else -}}
{{- $service := default .k10service (index (include "k10.colocatedServices" . | fromYaml) .k10service).primary -}}
{{- $port := default .main.Values.service.externalPort (index (include "k10.colocatedServices" . | fromYaml) .k10service).port | toString -}}
{{- $serviceFqdn = printf "%s-svc.%s.svc.%s" $service .main.Release.Namespace .main.Values.cluster.domainName -}}
{{- $servicePort = $port -}}
{{- end }}
fqdn: {{ $serviceFqdn }}
port: {{ $servicePort }}
application: {{ .main.Release.Name }}
{{- end -}}
{{/*
Expands the name of the Prometheus chart. It is equivalent to what the
"prometheus.name" template does. It is needed because the referenced values in a
template are relative to where/when the template is called from, and not where
the template is defined at. This means that the value of .Chart.Name and
.Values.nameOverride are different depending on whether the template is called
from within the Prometheus chart or the K10 chart.
*/}}
{{- define "k10.prometheus.name" -}}
{{- default "prometheus" .Values.prometheus.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expands the name of the Prometheus service created to expose the prometheus server.
*/}}
{{- define "k10.prometheus.service.name" -}}
{{- default (printf "%s-%s-%s" .Release.Name "prometheus" .Values.prometheus.server.name) .Values.prometheus.server.fullnameOverride }}
{{- end -}}
{{/*
Checks if EULA is accepted via cmd
Enforces eula.company and eula.email as required fields
returns configMap fields
*/}}
{{- define "k10.eula.fields" -}}
{{- if .Values.eula.accept -}}
accepted: "true"
company: {{ required "eula.company is required field if eula is accepted" .Values.eula.company }}
email: {{ required "eula.email is required field if eula is accepted" .Values.eula.email }}
{{- else -}}
accepted: ""
company: ""
email: ""
{{- end }}
{{- end -}}
{{/*
Helper to determine the API Domain
*/}}
{{- define "apiDomain" -}}
{{- if .Values.useNamespacedAPI -}}
kio.{{- replace "-" "." .Release.Namespace -}}
{{- else -}}
kio.kasten.io
{{- end -}}
{{- end -}}
{{/*
Get dex image, if user wants to
install certified version of upstream
images or not
*/}}
{{- define "k10.dexImage" -}}
{{- if not .Values.rhMarketPlace }}
{{- printf "%s:%s" ( include "k10.dexImageRepo" . ) (include "k10.dexTag" .) }}
{{- else }}
{{- printf "%s" (get .Values.images "dex") }}
{{- end -}}
{{- end -}}
{{/*
Get dex image repo based on conditions
if its airgapped and red hat images are
required
*/}}
{{- define "k10.dexImageRepo" -}}
{{- if .Values.global.upstreamCertifiedImages }}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/dex" .Values.global.airgapped.repository }}
{{- else }}
{{- printf "%s/%s/dex" .Values.image.registry .Values.image.repository }}
{{- end}}
{{- else }}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/dex" .Values.global.airgapped.repository }}
{{- else }}
{{- printf "%s/%s/%s" .Values.dexImage.registry .Values.dexImage.repository .Values.dexImage.image }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Get dex image tag based on conditions
if its airgapped and red hat images are
required
*/}}
{{- define "k10.dexTag" -}}
{{- if .Values.global.upstreamCertifiedImages }}
{{- if .Values.global.airgapped.repository }}
{{- printf "k10-%s-rh-ubi" (include "k10.dexImageTag" .) }}
{{- else }}
{{- printf "%s-rh-ubi" (include "k10.dexImageTag" .) }}
{{- end}}
{{- else }}
{{- if .Values.global.airgapped.repository }}
{{- printf "k10-%s" (include "k10.dexImageTag" .) }}
{{- else }}
{{- printf "%s" (include "k10.dexImageTag" .) }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Get ambassador image base on whether
we or not we are installing k10 on openshift
*/}}
{{- define "k10.ambImage" -}}
{{- if not .Values.global.rhMarketPlace }}
{{- printf "%s:%s" ( include "k10.ambImageRepo" .) (include "k10.ambImageTag" .) }}
{{- else }}
{{- printf "%s" (get .Values.global.images "emissary") }}
{{- end -}}
{{- end -}}
{{- define "k10.ambImageRepo" -}}
{{- if .Values.global.upstreamCertifiedImages }}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/emissary" .Values.global.airgapped.repository }}
{{- else }}
{{- printf "%s/%s/emissary" .Values.image.registry .Values.image.repository }}
{{- end }}
{{- else }}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/emissary" .Values.global.airgapped.repository }}
{{- else }}
{{- printf "%s/%s/%s" .Values.ambassadorImage.registry .Values.ambassadorImage.repository .Values.ambassadorImage.image }}
{{- end }}
{{- end }}
{{- end -}}
{{- define "k10.ambImageTag" -}}
{{- if .Values.global.upstreamCertifiedImages }}
{{- if .Values.global.airgapped.repository }}
{{- printf "k10-%s-rh-ubi" (include "k10.rhAmbassadorImageTag" .) }}
{{- else }}
{{- printf "%s-rh-ubi" (include "k10.rhAmbassadorImageTag" .) }}
{{- end }}
{{- else }}
{{- if .Values.global.airgapped.repository }}
{{- printf "k10-%s" (include "k10.ambassadorImageTag" .) }}
{{- else }}
{{- printf "%s" (include "k10.ambassadorImageTag" .) }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Check if AWS creds are specified
*/}}
{{- define "check.awscreds" -}}
{{- if or .Values.secrets.awsAccessKeyId .Values.secrets.awsSecretAccessKey -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/*
Check if kanister-tools image has k10- in name
this means we need to overwrite kanister image in the system
*/}}
{{- define "overwite.kanisterToolsImage" -}}
{{- if or .Values.global.airgapped.repository .Values.global.rhMarketPlace -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/*
Figure out the kanisterToolsImage.image based on
the value of airgapped.repository value
The details on how these image are being generated
is in below issue
https://kasten.atlassian.net/browse/K10-4036
Using substr to remove repo from kanisterToolsImage
*/}}
{{- define "get.kanisterToolsImage" }}
{{- if not .Values.global.rhMarketPlace }}
{{- if .Values.global.airgapped.repository }}
{{- printf "%s/%s:k10-%s" (.Values.global.airgapped.repository) (.Values.kanisterToolsImage.image) (include "k10.kanisterToolsImageTag" .) -}}
{{- else }}
{{- printf "%s/%s/%s:%s" (.Values.kanisterToolsImage.registry) (.Values.kanisterToolsImage.repository) (.Values.kanisterToolsImage.image) (include "k10.kanisterToolsImageTag" .) -}}
{{- end }}
{{- else }}
{{- printf "%s" (get .Values.global.images "kanister-tools") -}}
{{- end }}
{{- end }}
{{/*
Check if Google creds are specified
*/}}
{{- define "check.googlecreds" -}}
{{- if .Values.secrets.googleApiKey -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/*
Check if IBM SL api key is specified
*/}}
{{- define "check.ibmslcreds" -}}
{{- if or .Values.secrets.ibmSoftLayerApiKey .Values.secrets.ibmSoftLayerApiUsername -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/*
Check if Azure creds are specified
*/}}
{{- define "check.azurecreds" -}}
{{- if or (or .Values.secrets.azureTenantId .Values.secrets.azureClientId) .Values.secrets.azureClientSecret -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/*
Check if Vsphere creds are specified
*/}}
{{- define "check.vspherecreds" -}}
{{- if or (or .Values.secrets.vsphereEndpoint .Values.secrets.vsphereUsername) .Values.secrets.vspherePassword -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/*
Check if Vault creds are specified
*/}}
{{- define "check.vaultcreds" -}}
{{- if .Values.vault.secretName -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{/*
Checks and enforces only 1 set of cloud creds is specified
*/}}
{{- define "enforce.singlecloudcreds" -}}
{{- $count := dict "count" (int 0) -}}
{{- $main := . -}}
{{- range $ind, $cloud_provider := include "k10.cloudProviders" . | splitList " " }}
{{ if eq (include (printf "check.%screds" $cloud_provider) $main) "true" }}
{{ $c := add1 $count.count | set $count "count" }}
{{ if gt $count.count 1 }}
{{- fail "Credentials for different cloud providers were provided but only one is allowed. Please verify your .secrets.* values." }}
{{ end }}
{{ end }}
{{- end }}
{{- end -}}
{{/*
Converts .Values.features into k10-features: map[string]: "value"
*/}}
{{- define "k10.features" -}}
{{ range $n, $v := .Values.features }}
{{ $n }}: {{ $v | quote -}}
{{ end }}
{{- end -}}
{{/*
Returns a license base64 either from file or from values
or prints it for awsmarketplace or awsManagedLicense
*/}}
{{- define "k10.getlicense" -}}
{{- if .Values.metering.awsMarketplace -}}
{{- print "Y3VzdG9tZXJOYW1lOiBhd3MtbWFya2V0cGxhY2UKZGF0ZUVuZDogJzIxMDAtMDEtMDFUMDA6MDA6MDAuMDAwWicKZGF0ZVN0YXJ0OiAnMjAxOC0wOC0wMVQwMDowMDowMC4wMDBaJwpmZWF0dXJlczoKICBjbG91ZE1ldGVyaW5nOiBhd3MKaWQ6IGF3cy1ta3QtNWMxMDlmZDUtYWI0Yy00YTE0LWJiY2QtNTg3MGU2Yzk0MzRiCnByb2R1Y3Q6IEsxMApyZXN0cmljdGlvbnM6IG51bGwKdmVyc2lvbjogdjEuMC4wCnNpZ25hdHVyZTogY3ZEdTNTWHljaTJoSmFpazR3THMwTk9mcTNFekYxQ1pqLzRJMUZVZlBXS0JETHpuZmh2eXFFOGUvMDZxNG9PNkRoVHFSQlY3VFNJMzVkQzJ4alllaGp3cWwxNHNKT3ZyVERKZXNFWVdyMVFxZGVGVjVDd21HczhHR0VzNGNTVk5JQXVseGNTUG9oZ2x2UlRJRm0wVWpUOEtKTzlSTHVyUGxyRjlGMnpnK0RvM2UyTmVnamZ6eTVuMUZtd24xWUNlbUd4anhFaks0djB3L2lqSGlwTGQzWVBVZUh5Vm9mZHRodGV0YmhSUGJBVnVTalkrQllnRklnSW9wUlhpYnpTaEMvbCs0eTFEYzcyTDZXNWM0eUxMWFB1SVFQU3FjUWRiYnlwQ1dYYjFOT3B3aWtKMkpsR0thMldScFE4ZUFJNU9WQktqZXpuZ3FPa0lRUC91RFBtSXFBPT0K" -}}
{{- else if or ( .Values.metering.awsManagedLicense ) ( .Values.metering.licenseConfigSecretName ) -}}
{{- print "Y3VzdG9tZXJOYW1lOiBhd3MtdG90ZW0KZGF0ZUVuZDogJzIxMDAtMDEtMDFUMDA6MDA6MDAuMDAwWicKZGF0ZVN0YXJ0OiAnMjAyMS0wOS0wMVQwMDowMDowMC4wMDBaJwpmZWF0dXJlczoKICBleHRlcm5hbExpY2Vuc2U6IGF3cwogIHByb2R1Y3RTS1U6IGI4YzgyMWQ5LWJmNDAtNDE4ZC1iYTBiLTgxMjBiZjc3ZThmOQogIGtleUZpbmdlcnByaW50OiBhd3M6Mjk0NDA2ODkxMzExOkFXUy9NYXJrZXRwbGFjZTppc3N1ZXItZmluZ2VycHJpbnQKaWQ6IGF3cy1leHQtMWUxMTVlZjMtM2YyMC00MTJlLTgzODItMmE1NWUxMTc1OTFlCnByb2R1Y3Q6IEsxMApyZXN0cmljdGlvbnM6CiAgbm9kZXM6ICczJwp2ZXJzaW9uOiB2MS4wLjAKc2lnbmF0dXJlOiBkeEtLN3pPUXdzZFBOY2I1NExzV2hvUXNWeWZSVDNHVHZ0VkRuR1Vvb2VxSGlwYStTY25HTjZSNmdmdmtWdTRQNHh4RmV1TFZQU3k2VnJYeExOTE1RZmh2NFpBSHVrYmFNd3E5UXhGNkpGSmVXbTdzQmdtTUVpWVJ2SnFZVFcyMlNoakZEU1RWejY5c2JBTXNFMUd0VTdXKytITGk0dnhybjVhYkd6RkRHZW5iRE5tcXJQT3dSa3JIdTlHTFQ1WmZTNDFUL0hBMjNZZnlsTU54MGFlK2t5TGZvZXNuK3FKQzdld2NPWjh4eE94bFRJR3RuWDZ4UU5DTk5iYjhSMm5XbmljNVd0OElEc2VDR3lLMEVVRW9YL09jNFhsWVVra3FGQ0xPdVhuWDMxeFZNZ1NFQnVEWExFd3Y3K2RlSmcvb0pMaW9EVHEvWUNuM0lnem9VR2NTMGc9PQo=" -}}
{{- else -}}
{{- print (default (.Files.Get "license") .Values.license) -}}
{{- end -}}
{{- end -}}
{{/*
Returns resource usage given a pod name and container name
*/}}
{{- define "k10.resource.request" -}}
{{- $resourceDefaultList := (include "k10.serviceResources" .main | fromYaml) }}
{{- $podName := .k10_service_pod_name }}
{{- $containerName := .k10_service_container_name }}
{{- $resourceValue := "" }}
{{- if (hasKey $resourceDefaultList $podName) }}
{{- $resourceValue = index (index $resourceDefaultList $podName) $containerName }}
{{- end }}
{{- if (hasKey .main.Values.resources $podName) }}
{{- if (hasKey (index .main.Values.resources $podName) $containerName) }}
{{- $resourceValue = index (index .main.Values.resources $podName) $containerName }}
{{- end }}
{{- end }}
{{- /* If no resource usage value was provided, do not include the resources section */}}
{{- /* This allows users to set unlimited resources by providing a service key that is empty (e.g. `--set resources.<service>=`) */}}
{{- if $resourceValue }}
resources:
{{- $resourceValue | toYaml | trim | nindent 2 }}
{{- else if eq .main.Release.Namespace "default" }}
resources:
requests:
cpu: "0.01"
{{- end }}
{{- end -}}
{{- define "kanisterToolsResources" }}
{{- if .Values.genericVolumeSnapshot.resources.requests.memory }}
KanisterToolsMemoryRequests: {{ .Values.genericVolumeSnapshot.resources.requests.memory | quote }}
{{- end }}
{{- if .Values.genericVolumeSnapshot.resources.requests.cpu }}
KanisterToolsCPURequests: {{ .Values.genericVolumeSnapshot.resources.requests.cpu | quote }}
{{- end }}
{{- if .Values.genericVolumeSnapshot.resources.limits.memory }}
KanisterToolsMemoryLimits: {{ .Values.genericVolumeSnapshot.resources.limits.memory | quote }}
{{- end }}
{{- if .Values.genericVolumeSnapshot.resources.limits.cpu }}
KanisterToolsCPULimits: {{ .Values.genericVolumeSnapshot.resources.limits.cpu | quote }}
{{- end }}
{{- end }}
{{- define "get.kanisterPodCustomLabels" -}}
{{- if .Values.kanisterPodCustomLabels }}
KanisterPodCustomLabels: {{ .Values.kanisterPodCustomLabels | quote }}
{{- end }}
{{- end }}
{{- define "get.kanisterPodCustomAnnotations" -}}
{{- if .Values.kanisterPodCustomAnnotations }}
KanisterPodCustomAnnotations: {{ .Values.kanisterPodCustomAnnotations | quote }}
{{- end }}
{{- end }}
{{/*
Lookup and return only enabled colocated services
*/}}
{{- define "get.enabledColocatedSvcList" -}}
{{- $enabledColocatedSvcList := dict }}
{{- $colocatedList := include "k10.colocatedServiceLookup" . | fromYaml }}
{{- range $primary, $secondaryList := $colocatedList }}
{{- $enabledSecondarySvcList := list }}
{{- range $skip, $secondary := $secondaryList }}
{{- if or (not (hasKey $.Values.optionalColocatedServices $secondary)) ((index $.Values.optionalColocatedServices $secondary).enabled) }}
{{- $enabledSecondarySvcList = append $enabledSecondarySvcList $secondary }}
{{- end }}
{{- end }}
{{- if gt (len $enabledSecondarySvcList) 0 }}
{{- $enabledColocatedSvcList = set $enabledColocatedSvcList $primary $enabledSecondarySvcList }}
{{- end }}
{{- end }}
{{- $enabledColocatedSvcList | toYaml | trim | nindent 0}}
{{- end -}}
{{- define "get.serviceContainersInPod" -}}
{{- $podService := .k10_service_pod }}
{{- $colocatedList := include "k10.colocatedServices" . | fromYaml }}
{{- $colocatedLookupByPod := include "get.enabledColocatedSvcList" .main | fromYaml }}
{{- $containerList := list $podService }}
{{- if hasKey $colocatedLookupByPod $podService }}
{{- $containerList = concat $containerList (index $colocatedLookupByPod $podService)}}
{{- end }}
{{- $containerList | join " " }}
{{- end -}}
{{- define "get.statefulRestServicesInPod" -}}
{{- $statefulRestSvcsInPod := list }}
{{- $podService := .k10_service_pod }}
{{- $containerList := (dict "main" .main "k10_service_pod" $podService | include "get.serviceContainersInPod" | splitList " ") }}
{{- if .main.Values.global.persistence.enabled }}
{{- range $skip, $containerInPod := $containerList }}
{{- $isRestService := has $containerInPod (include "k10.restServices" . | splitList " ") }}
{{- $isStatelessService := has $containerInPod (include "k10.statelessServices" . | splitList " ") }}
{{- if and $isRestService (not $isStatelessService) }}
{{- $statefulRestSvcsInPod = append $statefulRestSvcsInPod $containerInPod }}
{{- end }}
{{- end }}
{{- end }}
{{- $statefulRestSvcsInPod | join " " }}
{{- end -}}
{{- define "k10.ingressPath" -}}
{{- if and .Values.global.ingress.create .Values.global.route.enabled -}}
{{ fail "Either enable ingress or route"}}
{{- end -}}
{{- if .Values.global.ingress.create -}}
{{ if .Values.global.ingress.urlPath }}
{{- print .Values.global.ingress.urlPath -}}
{{ else }}
{{- print .Release.Name -}}
{{- end -}}
{{- else if .Values.global.route.enabled -}}
{{ if .Values.global.route.path }}
{{- print .Values.global.route.path -}}
{{ else }}
{{- print .Release.Name -}}
{{- end -}}
{{ else }}
{{- print .Release.Name -}}
{{- end -}}
{{- end -}}
{{/*
Check if encryption keys are specified
*/}}
{{- define "check.primaryKey" -}}
{{- if (or .Values.encryption.primaryKey.awsCmkKeyId .Values.encryption.primaryKey.vaultTransitKeyName) -}}
{{- print true -}}
{{- end -}}
{{- end -}}
{{- define "check.validateMonitoringProperties" -}}
{{- include "check.monitoringPrefix" . -}}
{{- include "check.monitoringFullNameOverride" . -}}
{{- end -}}
{{- define "check.monitoringPrefix" -}}
{{- if eq .Values.prometheus.server.enabled .Values.grafana.enabled -}}
{{- if not (eq .Values.prometheus.server.prefixURL .Values.grafana.prometheusPrefixURL) -}}
{{ fail "Prometheus and Grafana prefixURL should match. Please check values of prometheus.server.prefixURL and grafana.prometheusPrefixURL" }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "check.monitoringFullNameOverride" -}}
{{- if eq .Values.prometheus.server.enabled .Values.grafana.enabled -}}
{{- if not (eq .Values.prometheus.server.fullnameOverride .Values.grafana.prometheusName) -}}
{{ fail "The Prometheus name overrides must match. Please check values of prometheus.server.fullnameOverride and grafana.prometheusName" }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "check.validateImagePullSecrets" -}}
{{/* Validate image pull secrets if a custom Docker config is provided */}}
{{- if (or .Values.secrets.dockerConfig .Values.secrets.dockerConfigPath ) -}}
{{- if (and .Values.grafana.enabled (not .Values.global.imagePullSecret) (not .Values.grafana.image.pullSecrets)) -}}
{{ fail "A custom Docker config was provided, but Grafana is not configured to use it. Please check that global.imagePullSecret is set correctly." }}
{{- end -}}
{{- if (and .Values.prometheus.server.enabled (not .Values.global.imagePullSecret) (not .Values.prometheus.imagePullSecrets)) -}}
{{ fail "A custom Docker config was provided, but Prometheus is not configured to use it. Please check that global.imagePullSecret is set correctly." }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "k10.imagePullSecrets" }}
{{- $imagePullSecrets := list .Values.global.imagePullSecret }}{{/* May be empty, but the compact below will handle that */}}
{{- if (or .Values.secrets.dockerConfig .Values.secrets.dockerConfigPath) }}
{{- $imagePullSecrets = concat $imagePullSecrets (list "k10-ecr") }}
{{- end }}
{{- $imagePullSecrets = $imagePullSecrets | compact | uniq }}
{{- if $imagePullSecrets }}
imagePullSecrets:
{{- range $imagePullSecrets }}
{{/* Check if the name is not empty string */}}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Below helper template functions are referred from chart
https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/templates/_helpers.tpl
*/}}
{{/*
Return kubernetes version
*/}}
{{- define "k10.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version (regexFind "v[0-9]+\\.[0-9]+\\.[0-9]+" .Capabilities.KubeVersion.Version) -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "ingress.apiVersion" -}}
{{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19.x" (include "k10.kubeVersion" .)) -}}
{{- print "networking.k8s.io/v1" -}}
{{- else if .Capabilities.APIVersions.Has "extensions/v1beta1" -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Is ingress part of stable APIVersion.
*/}}
{{- define "ingress.isStable" -}}
{{- eq (include "ingress.apiVersion" .) "networking.k8s.io/v1" -}}
{{- end -}}
{{- define "check.validatePrometheusConfig" -}}
{{if and ( and .Values.global.prometheus.external.host .Values.global.prometheus.external.port) .Values.prometheus.server.enabled}}
{{ fail "Both internal and external Prometheus configs are not allowed at same time"}}
{{- end -}}
{{- end -}}
{{/*
Defines unique ID to be assigned to all the K10 ambassador resources.
This will ensure that the K10's ambassador does not conflict with any other ambassador instances
running in the same cluster.
*/}}
{{- define "k10.ambassadorId" -}}
"kasten.io/k10"
{{- end -}}

683
charts/k10/k10/5.0.400/templates/_k10_container.tpl Normal file
View File

@ -0,0 +1,683 @@
{{- define "k10-containers" }}
{{- $pod := .k10_pod }}
{{- with .main }}
{{- $main_context := . }}
{{- $colocatedList := include "k10.colocatedServices" . | fromYaml }}
{{- $containerList := (dict "main" $main_context "k10_service_pod" $pod | include "get.serviceContainersInPod" | splitList " ") }}
containers:
{{- range $skip, $container := $containerList }}
{{- $port := default $main_context.Values.service.externalPort (index $colocatedList $container).port }}
{{- $serviceStateful := has $container (dict "main" $main_context "k10_service_pod" $pod | include "get.statefulRestServicesInPod" | splitList " ") }}
{{- dict "main" $main_context "k10_pod" $pod "k10_container" $container "externalPort" $port "stateful" $serviceStateful | include "k10-container" }}
{{- end }}
{{- end }}{{/* with .main */}}
{{- end }}{{/* define "k10-containers" */}}
{{- define "k10-container" }}
{{- $pod := .k10_pod }}
{{- $service := .k10_container }}
{{- $externalPort := .externalPort }}
{{- with .main }}
- name: {{ $service }}-svc
{{- dict "main" . "k10_service" $service | include "serviceImage" | indent 8 }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if eq $service "aggregatedapis" }}
args:
- "--secure-port={{ .Values.service.aggregatedApiPort }}"
- "--cert-dir=/tmp/apiserver.local.config/certificates/"
{{- if .Values.useNamespacedAPI }}
- "--k10-api-domain={{ template "apiDomain" . }}"
{{- end }}{{/* .Values.useNamespacedAPI */}}
{{/*
We need this explicit conversion because installation using operator hub was failing
stating that types are not same for the equality check
*/}}
{{- else if not (eq (int .Values.service.externalPort) (int $externalPort) ) }}
args:
- "--port={{ $externalPort }}"
- "--host=0.0.0.0"
{{- end }}{{/* eq $service "aggregatedapis" */}}
{{- $podName := (printf "%s-svc" $service) }}
{{- $containerName := (printf "%s-svc" $service) }}
{{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" $containerName | include "k10.resource.request" | indent 8}}
ports:
{{- if eq $service "aggregatedapis" }}
- containerPort: {{ .Values.service.aggregatedApiPort }}
{{- else }}
- containerPort: {{ $externalPort }}
{{- if eq $service "mccontrollermanager" }}
- containerPort: {{ include "k10.mcExternalPort" nil }}
{{- end }}
{{- end }}
{{- if eq $service "logging" }}
- containerPort: 24224
protocol: TCP
- containerPort: 24225
protocol: TCP
{{- end }}
livenessProbe:
{{- if eq $service "aggregatedapis" }}
tcpSocket:
port: {{ .Values.service.aggregatedApiPort }}
timeoutSeconds: 5
{{- else }}
httpGet:
path: /v0/healthz
port: {{ $externalPort }}
timeoutSeconds: 1
{{- end }}
initialDelaySeconds: 300
{{- if ne $service "aggregatedapis" }}
readinessProbe:
httpGet:
path: /v0/healthz
port: {{ $externalPort }}
initialDelaySeconds: 3
{{- end }}
env:
{{- if eq (include "check.googlecreds" .) "true" }}
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/var/run/secrets/kasten.io/kasten-gke-sa.json"
{{- end }}
{{- if eq (include "check.ibmslcreds" .) "true" }}
- name: IBM_SL_API_KEY
valueFrom:
secretKeyRef:
name: ibmsl-secret
key: ibm_sl_key
- name: IBM_SL_API_USERNAME
valueFrom:
secretKeyRef:
name: ibmsl-secret
key: ibm_sl_username
{{- end }}
{{- if eq (include "check.azurecreds" .) "true" }}
- name: AZURE_TENANT_ID
valueFrom:
secretKeyRef:
name: azure-creds
key: azure_tenant_id
- name: AZURE_CLIENT_ID
valueFrom:
secretKeyRef:
name: azure-creds
key: azure_client_id
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: azure-creds
key: azure_client_secret
{{- if .Values.secrets.azureResourceGroup }}
- name: AZURE_RESOURCE_GROUP
valueFrom:
secretKeyRef:
name: azure-creds
key: azure_resource_group
{{- end }}
{{- if .Values.secrets.azureSubscriptionID }}
- name: AZURE_SUBSCRIPTION_ID
valueFrom:
secretKeyRef:
name: azure-creds
key: azure_subscription_id
{{- end }}
{{- if .Values.secrets.azureResourceMgrEndpoint }}
- name: AZURE_RESOURCE_MANAGER_ENDPOINT
valueFrom:
secretKeyRef:
name: azure-creds
key: azure_resource_manager_endpoint
{{- end }}
{{- if .Values.secrets.azureADEndpoint }}
- name: AZURE_AD_ENDPOINT
valueFrom:
secretKeyRef:
name: azure-creds
key: azure_ad_endpoint
{{- end }}
{{- if .Values.secrets.azureADResourceID }}
- name: AZURE_AD_RESOURCE
valueFrom:
secretKeyRef:
name: azure-creds
key: azure_ad_resource_id
{{- end }}
{{- if .Values.secrets.azureCloudEnvID }}
- name: AZURE_CLOUD_ENV_ID
valueFrom:
secretKeyRef:
name: azure-creds
key: azure_cloud_env_id
{{- end }}
{{- end }}
{{- if eq (include "check.awscreds" .) "true" }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-creds
key: aws_access_key_id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-creds
key: aws_secret_access_key
{{- if .Values.secrets.awsIamRole }}
- name: K10_AWS_IAM_ROLE
valueFrom:
secretKeyRef:
name: aws-creds
key: role
{{- end }}
{{- end }}
{{- if eq (include "check.vaultcreds" .) "true" }}
- name: VAULT_ADDR
value: {{ .Values.vault.address }}
- name: VAULT_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.vault.secretName }}
key: vault_token
{{- end }}
{{- if eq (include "check.vspherecreds" .) "true" }}
- name: VSPHERE_ENDPOINT
valueFrom:
secretKeyRef:
name: vsphere-creds
key: vsphere_endpoint
- name: VSPHERE_USERNAME
valueFrom:
secretKeyRef:
name: vsphere-creds
key: vsphere_username
- name: VSPHERE_PASSWORD
valueFrom:
secretKeyRef:
name: vsphere-creds
key: vsphere_password
{{- end }}
- name: VERSION
valueFrom:
configMapKeyRef:
name: k10-config
key: version
{{- if .Values.clusterName }}
- name: CLUSTER_NAME
valueFrom:
configMapKeyRef:
name: k10-config
key: clustername
{{- end }}
{{- if eq $service "controllermanager" }}
- name: K10_STATEFUL
value: "{{ .Values.global.persistence.enabled }}"
{{- end }}
- name: MODEL_STORE_DIR
{{- if or (eq $service "state") (not .Values.global.persistence.enabled) }}
value: "/tmp/k10store"
{{- else }}
valueFrom:
configMapKeyRef:
name: k10-config
key: modelstoredirname
{{- end }}
{{- if or (eq $service "kanister") (eq $service "executor")}}
- name: DATA_MOVER_IMAGE
value: {{ default .Chart.AppVersion .Values.image.tag | print .Values.image.registry "/" .Values.image.repository "/datamover:" }}
- name: KANISTER_POD_READY_WAIT_TIMEOUT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodReadyWaitTimeout
{{- end }}
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: k10-config
key: loglevel
{{- if .Values.kanisterPodCustomLabels }}
- name: KANISTER_POD_CUSTOM_LABELS
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterPodCustomLabels
{{- end }}
{{- if .Values.kanisterPodCustomAnnotations }}
- name: KANISTER_POD_CUSTOM_ANNOTATIONS
valueFrom:
configMapKeyRef:
name: k10-config
key: kanisterPodCustomAnnotations
{{- end }}
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONCURRENT_SNAP_CONVERSIONS
valueFrom:
configMapKeyRef:
name: k10-config
key: concurrentSnapConversions
- name: CONCURRENT_WORKLOAD_SNAPSHOTS
valueFrom:
configMapKeyRef:
name: k10-config
key: concurrentWorkloadSnapshots
- name: K10_DATA_STORE_PARALLEL_UPLOAD
valueFrom:
configMapKeyRef:
name: k10-config
key: k10DataStoreParallelUpload
- name: K10_DATA_STORE_GENERAL_CONTENT_CACHE_SIZE_MB
valueFrom:
configMapKeyRef:
name: k10-config
key: k10DataStoreGeneralContentCacheSizeMB
- name: K10_DATA_STORE_GENERAL_METADATA_CACHE_SIZE_MB
valueFrom:
configMapKeyRef:
name: k10-config
key: k10DataStoreGeneralMetadataCacheSizeMB
- name: K10_DATA_STORE_RESTORE_CONTENT_CACHE_SIZE_MB
valueFrom:
configMapKeyRef:
name: k10-config
key: k10DataStoreRestoreContentCacheSizeMB
- name: K10_DATA_STORE_RESTORE_METADATA_CACHE_SIZE_MB
valueFrom:
configMapKeyRef:
name: k10-config
key: k10DataStoreRestoreMetadataCacheSizeMB
- name: K10_LIMITER_GENERIC_VOLUME_SNAPSHOTS
valueFrom:
configMapKeyRef:
name: k10-config
key: K10LimiterGenericVolumeSnapshots
- name: K10_LIMITER_GENERIC_VOLUME_COPIES
valueFrom:
configMapKeyRef:
name: k10-config
key: K10LimiterGenericVolumeCopies
- name: K10_LIMITER_GENERIC_VOLUME_RESTORES
valueFrom:
configMapKeyRef:
name: k10-config
key: K10LimiterGenericVolumeRestores
- name: K10_LIMITER_CSI_SNAPSHOTS
valueFrom:
configMapKeyRef:
name: k10-config
key: K10LimiterCsiSnapshots
- name: K10_LIMITER_PROVIDER_SNAPSHOTS
valueFrom:
configMapKeyRef:
name: k10-config
key: K10LimiterProviderSnapshots
- name: AWS_ASSUME_ROLE_DURATION
valueFrom:
configMapKeyRef:
name: k10-config
key: AWSAssumeRoleDuration
{{- if (eq $service "executor") }}
- name: KANISTER_BACKUP_TIMEOUT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterBackupTimeout
- name: KANISTER_RESTORE_TIMEOUT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterRestoreTimeout
- name: KANISTER_DELETE_TIMEOUT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterDeleteTimeout
- name: KANISTER_HOOK_TIMEOUT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterHookTimeout
- name: KANISTER_CHECKREPO_TIMEOUT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterCheckRepoTimeout
- name: KANISTER_STATS_TIMEOUT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterStatsTimeout
- name: KANISTER_EFSPOSTRESTORE_TIMEOUT
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterEFSPostRestoreTimeout
{{- end }}
{{- if and (eq $service "executor") (.Values.awsConfig.efsBackupVaultName) }}
- name: EFS_BACKUP_VAULT_NAME
valueFrom:
configMapKeyRef:
name: k10-config
key: efsBackupVaultName
{{- end }}
{{- if and (eq $service "executor") (.Values.vmWare.taskTimeoutMin) }}
- name: VMWARE_GOM_TIMEOUT_MIN
valueFrom:
configMapKeyRef:
name: k10-config
key: vmWareTaskTimeoutMin
{{- end }}
{{- if .Values.useNamespacedAPI }}
- name: K10_API_DOMAIN
valueFrom:
configMapKeyRef:
name: k10-config
key: apiDomain
{{- end }}
{{- if .Values.jaeger.enabled }}
- name: JAEGER_AGENT_HOST
value: {{ .Values.jaeger.agentDNS }}
{{- end }}
{{- if .Values.auth.tokenAuth.enabled }}
- name: TOKEN_AUTH
valueFrom:
secretKeyRef:
name: k10-token-auth
key: auth
{{- end }}
{{- if eq "true" (include "overwite.kanisterToolsImage" .) }}
- name: KANISTER_TOOLS
valueFrom:
configMapKeyRef:
name: k10-config
key: overwriteKanisterTools
{{- end }}
{{- if eq (include "check.cacertconfigmap" .) "true" }}
- name: CACERT_CONFIGMAP_NAME
value: {{ .Values.cacertconfigmap.name }}
{{- end }}
- name: K10_RELEASE_NAME
value: {{ .Release.Name }}
- name: KANISTER_FUNCTION_VERSION
valueFrom:
configMapKeyRef:
name: k10-config
key: kanisterFunctionVersion
{{- if and (eq $service "controllermanager") (.Values.injectKanisterSidecar.enabled) }}
- name: K10_MUTATING_WEBHOOK_ENABLED
value: "true"
- name: K10_MUTATING_WEBHOOK_TLS_CERT_DIR
valueFrom:
configMapKeyRef:
name: k10-config
key: K10MutatingWebhookTLSCertDir
- name: K10_MUTATING_WEBHOOK_PORT
value: {{ .Values.injectKanisterSidecar.webhookServer.port | quote }}
{{- end }}
{{- if or (eq $service "controllermanager") (eq $service "kanister") }}
{{- if .Values.genericVolumeSnapshot.resources.requests.memory }}
- name: KANISTER_TOOLS_MEMORY_REQUESTS
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterToolsMemoryRequests
{{- end }}
{{- if .Values.genericVolumeSnapshot.resources.requests.cpu }}
- name: KANISTER_TOOLS_CPU_REQUESTS
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterToolsCPURequests
{{- end }}
{{- if .Values.genericVolumeSnapshot.resources.limits.memory }}
- name: KANISTER_TOOLS_MEMORY_LIMITS
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterToolsMemoryLimits
{{- end }}
{{- if .Values.genericVolumeSnapshot.resources.limits.cpu }}
- name: KANISTER_TOOLS_CPU_LIMITS
valueFrom:
configMapKeyRef:
name: k10-config
key: KanisterToolsCPULimits
{{- end }}
{{- end }}
{{- if (list "dashboardbff" "controllermanager" "executor" | has $service) }}
{{- if .Values.prometheus.server.enabled }}
- name: K10_PROMETHEUS_HOST
value: {{ include "k10.prometheus.service.name" . }}-exp
- name: K10_PROMETHEUS_PORT
value: {{ .Values.prometheus.server.service.servicePort | quote }}
- name: K10_PROMETHEUS_BASE_URL
value: {{ .Values.prometheus.server.baseURL }}
{{- else -}}
{{- if and .Values.global.prometheus.external.host .Values.global.prometheus.external.port}}
- name: K10_PROMETHEUS_HOST
value: {{ .Values.global.prometheus.external.host }}
- name: K10_PROMETHEUS_PORT
value: {{ .Values.global.prometheus.external.port | quote }}
- name: K10_PROMETHEUS_BASE_URL
value: {{ .Values.global.prometheus.external.baseURL }}
{{- end -}}
{{- end }}
- name: K10_GRAFANA_ENABLED
value: {{ .Values.grafana.enabled | quote }}
{{- end }}
{{- if or $.stateful (or (eq (include "check.googlecreds" .) "true") (eq $service "auth" "logging")) }}
volumeMounts:
{{- else if or (or (eq (include "basicauth.check" .) "true") (or .Values.auth.oidcAuth.enabled (eq (include "check.dexAuth" .) "true"))) .Values.features }}
volumeMounts:
{{- else if and (eq $service "controllermanager") (.Values.injectKanisterSidecar.enabled) }}
volumeMounts:
{{- else if eq (include "check.cacertconfigmap" .) "true" }}
volumeMounts:
{{- else if eq $service "frontend" }}
volumeMounts:
{{- end }}
{{- if $.stateful }}
- name: {{ $service }}-persistent-storage
mountPath: {{ .Values.global.persistence.mountPath | quote }}
{{- end }}
{{- if .Values.features }}
- name: k10-features
mountPath: "/mnt/k10-features"
{{- end }}
{{- if eq $service "logging" }}
- name: logging-configmap-storage
mountPath: "/mnt/conf"
{{- end }}
{{- if and (eq $service "controllermanager") (.Values.injectKanisterSidecar.enabled) }}
- name: mutating-webhook-certs
mountPath: /etc/ssl/certs/webhook
readOnly: true
{{- end }}
{{- if eq (include "basicauth.check" .) "true" }}
- name: k10-basic-auth
mountPath: "/var/run/secrets/kasten.io/k10-basic-auth"
readOnly: true
{{- end }}
{{- if (or .Values.auth.oidcAuth.enabled (eq (include "check.dexAuth" .) "true")) }}
- name: k10-oidc-auth
mountPath: "/var/run/secrets/kasten.io/k10-oidc-auth"
readOnly: true
{{- end }}
{{- if eq (include "check.googlecreds" .) "true" }}
- name: service-account
mountPath: "/var/run/secrets/kasten.io"
{{- end }}
{{- if eq (include "check.cacertconfigmap" .) "true" }}
- name: {{ .Values.cacertconfigmap.name }}
mountPath: "/etc/ssl/certs/custom-ca-bundle.pem"
subPath: custom-ca-bundle.pem
{{- end }}
{{- if eq $service "frontend" }}
- name: frontend-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
- name: frontend-config
mountPath: /etc/nginx/conf.d/frontend.conf
subPath: frontend.conf
readOnly: true
{{- end}}
{{- if .Values.toolsImage.enabled }}
{{- if eq $service "executor" }}
- name: tools
{{- dict "main" . "k10_service" "cephtool" | include "serviceImage" | indent 8 }}
imagePullPolicy: {{ .Values.toolsImage.pullPolicy }}
{{- $podName := (printf "%s-svc" $service) }}
{{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" "tools" | include "k10.resource.request" | indent 8}}
{{- end }}
{{- end }} {{/* .Values.toolsImage.enabled */}}
{{- if and (eq $service "catalog") $.stateful }}
- name: kanister-sidecar
image: {{ include "get.kanisterToolsImage" .}}
imagePullPolicy: {{ .Values.kanisterToolsImage.pullPolicy }}
{{- $podName := (printf "%s-svc" $service) }}
{{- dict "main" . "k10_service_pod_name" $podName "k10_service_container_name" "kanister-sidecar" | include "k10.resource.request" | indent 8}}
volumeMounts:
- name: {{ $service }}-persistent-storage
mountPath: {{ .Values.global.persistence.mountPath | quote }}
{{- if eq (include "check.cacertconfigmap" .) "true" }}
- name: {{ .Values.cacertconfigmap.name }}
mountPath: "/etc/ssl/certs/custom-ca-bundle.pem"
subPath: custom-ca-bundle.pem
{{- end }}
{{- end }} {{/* and (eq $service "catalog") $.stateful */}}
{{- if and ( eq $service "auth" ) ( or .Values.auth.dex.enabled (eq (include "check.dexAuth" .) "true")) }}
- name: dex
image: {{ include "k10.dexImage" . }}
{{- if .Values.auth.ldap.enabled }}
command: ["/usr/local/bin/dex", "serve", "/dex-config/config.yaml"]
{{- else }}
command: ["/usr/local/bin/dex", "serve", "/etc/dex/cfg/config.yaml"]
{{- end }}
ports:
- name: http
containerPort: 8080
volumeMounts:
{{- if .Values.auth.ldap.enabled }}
- name: dex-config
mountPath: /dex-config
- name: k10-logos-dex
mountPath: /web/themes/custom/
{{- else }}
- name: config
mountPath: /etc/dex/cfg
{{- end }}
{{- if eq (include "check.cacertconfigmap" .) "true" }}
- name: {{ .Values.cacertconfigmap.name }}
mountPath: "/etc/ssl/certs/custom-ca-bundle.pem"
subPath: custom-ca-bundle.pem
{{- end }}
{{- end }} {{/* end of dex check */}}
{{- end }}{{/* with .main */}}
{{- end }}{{/* define "k10-container" */}}
{{- define "k10-init-container-header" }}
{{- $pod := .k10_pod }}
{{- with .main }}
{{- $main_context := . }}
{{- $containerList := (dict "main" $main_context "k10_service_pod" $pod | include "get.serviceContainersInPod" | splitList " ") }}
{{- $needsInitContainersHeader := false }}
{{- range $skip, $service := $containerList }}
{{- $serviceStateful := has $service (dict "main" $main_context "k10_service_pod" $pod | include "get.statefulRestServicesInPod" | splitList " ") }}
{{- if and ( eq $service "auth" ) $main_context.Values.auth.ldap.enabled }}
{{- $needsInitContainersHeader = true }}
{{- else if $serviceStateful }}
{{- $needsInitContainersHeader = true }}
{{- end }}{{/* initContainers header needed check */}}
{{- end }}{{/* range $skip, $service := $containerList */}}
{{- if $needsInitContainersHeader }}
initContainers:
{{- end }}
{{- end }}{{/* with .main */}}
{{- end }}{{/* define "k10-init-container-header" */}}
{{- define "k10-init-container" }}
{{- $pod := .k10_pod }}
{{- with .main }}
{{- $main_context := . }}
{{- $containerList := (dict "main" $main_context "k10_service_pod" $pod | include "get.serviceContainersInPod" | splitList " ") }}
{{- range $skip, $service := $containerList }}
{{- $serviceStateful := has $service (dict "main" $main_context "k10_service_pod" $pod | include "get.statefulRestServicesInPod" | splitList " ") }}
{{- if and ( eq $service "auth" ) $main_context.Values.auth.ldap.enabled }}
- name: dex-init
command:
- /dex/dexconfigmerge
args:
- --config-path=/etc/dex/cfg/config.yaml
- --secret-path=/var/run/secrets/kasten.io/bind-secret/bindPW
- --new-config-path=/dex-config/config.yaml
- --secret-field=bindPW
{{- dict "main" $main_context "k10_service" $service | include "serviceImage" | indent 8 }}
volumeMounts:
- mountPath: /etc/dex/cfg
name: config
- mountPath: /dex-config
name: dex-config
- name: bind-secret
mountPath: "/var/run/secrets/kasten.io/bind-secret"
readOnly: true
{{- else if $serviceStateful }}
- name: upgrade-init
securityContext:
runAsUser: 0
allowPrivilegeEscalation: true
{{- dict "main" $main_context "k10_service" "upgrade" | include "serviceImage" | indent 8 }}
imagePullPolicy: {{ $main_context.Values.image.pullPolicy }}
env:
- name: MODEL_STORE_DIR
valueFrom:
configMapKeyRef:
name: k10-config
key: modelstoredirname
volumeMounts:
- name: {{ $service }}-persistent-storage
mountPath: {{ $main_context.Values.global.persistence.mountPath | quote }}
{{- if eq $service "catalog" }}
- name: schema-upgrade-check
{{- dict "main" $main_context "k10_service" $service | include "serviceImage" | indent 8 }}
imagePullPolicy: {{ $main_context.Values.image.pullPolicy }}
env:
{{- if $main_context.Values.clusterName }}
- name: CLUSTER_NAME
valueFrom:
configMapKeyRef:
name: k10-config
key: clustername
{{- end }}
- name: INIT_CONTAINER
value: "true"
- name: K10_RELEASE_NAME
value: {{ $main_context.Release.Name }}
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: k10-config
key: loglevel
- name: MODEL_STORE_DIR
valueFrom:
configMapKeyRef:
name: k10-config
key: modelstoredirname
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: VERSION
valueFrom:
configMapKeyRef:
name: k10-config
key: version
volumeMounts:
- name: {{ $service }}-persistent-storage
mountPath: {{ $main_context.Values.global.persistence.mountPath | quote }}
{{- end }}{{/* eq $service "catalog" */}}
{{- end }}{{/* initContainers definitions */}}
{{- end }}{{/* range $skip, $service := $containerList */}}
{{- end }}{{/* with .main */}}
{{- end }}{{/* define "k10-init-container" */}}

Some files were not shown because too many files have changed in this diff Show More