{{- $nginxPort := int .Values.service.port | default 9090 -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "cost-analyzer.fullname" . }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if .Values.kubecostDeployment }} {{- with .Values.kubecostDeployment.labels }} {{ toYaml . | indent 4 }} {{- end }} {{- end }} spec: {{- if .Values.kubecostDeployment }} replicas: {{ .Values.kubecostDeployment.replicas | default 1 }} {{- end }} selector: matchLabels: {{ include "cost-analyzer.selectorLabels" . | nindent 8}} strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: labels: {{ include "cost-analyzer.selectorLabels" . | nindent 8 }} {{- if .Values.global.additionalLabels }} {{ toYaml .Values.global.additionalLabels | nindent 8 }} {{- end }} {{- if .Values.kubecostDeployment }} {{- with .Values.kubecostDeployment.labels }} {{ toYaml . | indent 8 }} {{- end }} {{- end }} {{- if .Values.global.podAnnotations}} annotations: {{- with .Values.global.podAnnotations }} {{ toYaml . | indent 8 }} {{- end }} {{- end }} spec: {{- if .Values.kubecostFrontend.tls }} {{- if .Values.kubecostFrontend.tls.enabled }} securityContext: runAsUser: 0 {{- else }} securityContext: runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 {{- end }} {{- else if lt $nginxPort 1025 }} securityContext: runAsUser: 0 {{- else }} securityContext: runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 {{- end }} restartPolicy: Always serviceAccountName: {{ template "cost-analyzer.serviceAccountName" . }} volumes: - name: nginx-conf configMap: name: nginx-conf items: - key: nginx.conf path: default.conf {{- if .Values.kubecostModel.etlBucketConfigSecret }} - name: etl-bucket-config secret: defaultMode: 420 secretName: {{ .Values.kubecostModel.etlBucketConfigSecret }} {{- end }} {{- if .Values.kubecostProductConfigs }} {{- if .Values.kubecostProductConfigs.productKey }} {{- if .Values.kubecostProductConfigs.productKey.secretname }} - name: productkey-secret secret: secretName: {{ .Values.kubecostProductConfigs.productKey.secretname }} items: - key: productkey.json path: productkey.json {{- end }} {{- end -}} {{- if .Values.kubecostProductConfigs }} {{- if .Values.kubecostProductConfigs.gcpSecretName }} - name: gcp-key-secret secret: secretName: {{ .Values.kubecostProductConfigs.gcpSecretName }} items: - key: compute-viewer-kubecost-key.json path: key.json {{- end }} {{- end -}} {{- if .Values.kubecostProductConfigs.serviceKeySecretName }} - name: service-key-secret secret: secretName: {{ .Values.kubecostProductConfigs.serviceKeySecretName }} {{- else if .Values.kubecostProductConfigs.createServiceKeySecret }} - name: service-key-secret secret: secretName: cloud-service-key {{- end }} {{- if .Values.kubecostProductConfigs.azureStorageSecretName }} - name: azure-storage-config secret: secretName: {{ .Values.kubecostProductConfigs.azureStorageSecretName }} items: - key: azure-storage-config.json path: azure-storage-config.json {{- else if .Values.kubecostProductConfigs.azureStorageCreateSecret }} - name: azure-storage-config secret: secretName: azure-storage-config {{- end }} {{- if .Values.kubecostProductConfigs.cloudIntegrationSecret }} - name: cloud-integration secret: secretName: {{ .Values.kubecostProductConfigs.cloudIntegrationSecret }} items: - key: cloud-integration.json path: cloud-integration.json {{- end }} {{- if .Values.kubecostProductConfigs.clusters }} - name: kubecost-clusters configMap: name: kubecost-clusters {{- range .Values.kubecostProductConfigs.clusters }} {{- if .auth }} {{- if .auth.secretName }} - name: {{ .auth.secretName }} secret: secretName: {{ .auth.secretName }} {{- end }} {{- end }} {{- end }} {{- end }} {{- end }} {{- if .Values.kubecostFrontend.tls }} {{- if .Values.kubecostFrontend.tls.enabled }} - name: tls secret: secretName : {{ .Values.kubecostFrontend.tls.secretName }} items: - key: tls.crt path: kc.crt - key: tls.key path: kc.key {{- end }} {{- end }} {{- if .Values.saml }} {{- if .Values.saml.enabled }} {{- if .Values.saml.secretName }} - name: secret-volume secret: secretName: {{ .Values.saml.secretName }} {{- end }} {{- if .Values.saml.metadataSecretName }} - name: metadata-secret-volume secret: secretName: {{ .Values.saml.metadataSecretName }} {{- end }} {{- if .Values.saml.rbac.enabled }} - name: saml-roles configMap: name: {{ template "cost-analyzer.fullname" . }}-saml {{- end }} {{- end }} {{- end }} - name: persistent-configs {{- if .Values.persistentVolume }} {{- if .Values.persistentVolume.enabled }} persistentVolumeClaim: {{- if .Values.persistentVolume.existingClaim }} claimName: {{ .Values.persistentVolume.existingClaim }} {{- else }} claimName: {{ template "cost-analyzer.fullname" . }} {{- end -}} {{- else }} emptyDir: {} {{- end -}} {{- else }} persistentVolumeClaim: claimName: {{ template "cost-analyzer.fullname" . }} {{- end }} {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - name: persistent-db {{- if .Values.persistentVolume }} {{- if .Values.persistentVolume.enabled }} persistentVolumeClaim: {{- if .Values.persistentVolume.dbExistingClaim }} claimName: {{ .Values.persistentVolume.dbExistingClaim }} {{- else }} claimName: {{ template "cost-analyzer.fullname" . }}-db {{- end -}} {{- else }} emptyDir: {} {{- end -}} {{- else }} persistentVolumeClaim: claimName: {{ template "cost-analyzer.fullname" . }}-db {{- end }} {{- end }} initContainers: {{- if .Values.supportNFS }} - name: config-db-perms-fix {{- if .Values.initChownDataImage }} image: {{ .Values.initChownDataImage }} {{- else }} image: busybox {{- end }} resources: {{ toYaml .Values.initChownData.resources | indent 12 }} {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} command: ["sh", "-c", "/bin/chmod -R 777 /var/configs && /bin/chmod -R 777 /var/db"] {{- else }} command: ["sh", "-c", "/bin/chmod -R 777 /var/configs"] {{- end}} volumeMounts: - name: persistent-configs mountPath: /var/configs {{- if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - name: persistent-db mountPath: /var/db {{- end }} securityContext: runAsUser: 0 {{ end }} containers: {{- if .Values.kubecostModel }} {{- if .Values.kubecostModel.fullImageName }} - image: {{ .Values.kubecostModel.fullImageName }} {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostModel.image }}:{{ .Values.imageVersion }} {{- else }} - image: {{ .Values.kubecostModel.image }}:prod-{{ $.Chart.AppVersion }} {{ end }} {{- else }} - image: gcr.io/kubecost1/cost-model:prod-{{ $.Chart.AppVersion }} {{ end }} name: cost-model {{- if .Values.kubecostModel.imagePullPolicy }} imagePullPolicy: {{ .Values.kubecostModel.imagePullPolicy }} {{- else }} imagePullPolicy: Always {{- end }} resources: {{ toYaml .Values.kubecostModel.resources | indent 12 }} readinessProbe: httpGet: path: /healthz port: 9003 initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 200 volumeMounts: - name: persistent-configs mountPath: /var/configs {{- if .Values.kubecostModel.etlBucketConfigSecret }} - name: etl-bucket-config mountPath: /var/configs/etl readOnly: true {{- else if and (.Values.kubecostModel.etlToDisk | default true) .Values.persistentVolume.dbPVEnabled }} - name: persistent-db mountPath: /var/db {{- end }} {{- if .Values.kubecostProductConfigs }} {{- if .Values.kubecostProductConfigs.productKey }} {{- if .Values.kubecostProductConfigs.productKey.secretname }} - name: productkey-secret mountPath: /var/configs/productkey {{- end }} {{- end }} {{- if .Values.kubecostProductConfigs.gcpSecretName }} - name: gcp-key-secret mountPath: /models {{- end }} {{- if or .Values.kubecostProductConfigs.azureStorageSecretName .Values.kubecostProductConfigs.azureStorageCreateSecret}} - name: azure-storage-config mountPath: /var/azure-storage-config {{- end }} {{- if .Values.kubecostProductConfigs.cloudIntegrationSecret}} - name: cloud-integration mountPath: /var/cloud-integration {{- end }} {{- if or .Values.kubecostProductConfigs.serviceKeySecretName .Values.kubecostProductConfigs.createServiceKeySecret }} - name: service-key-secret mountPath: /var/secrets {{- end }} {{- if .Values.kubecostProductConfigs.clusters }} - name: kubecost-clusters mountPath: /var/configs/clusters {{- range .Values.kubecostProductConfigs.clusters }} {{- if .auth }} {{- if .auth.secretName }} - name: {{ .auth.secretName }} mountPath: /var/secrets/{{ .auth.secretName }} {{- end }} {{- end }} {{- end }} {{- end }} {{- end }} {{- if .Values.saml }} {{- if .Values.saml.enabled }} {{- if .Values.saml.secretName }} - name: secret-volume mountPath: /var/configs/secret-volume {{- end }} {{- if .Values.saml.metadataSecretName }} - name: metadata-secret-volume mountPath: /var/configs/metadata-secret-volume {{- end }} {{- if .Values.saml.rbac.enabled }} - name: saml-roles mountPath: /var/configs/saml {{- end }} {{- end }} {{- end }} env: - name: READ_ONLY value: {{ (quote .Values.readonly) | default (quote false) }} - name: PROMETHEUS_SERVER_ENDPOINT valueFrom: configMapKeyRef: name: {{ template "cost-analyzer.fullname" . }} key: prometheus-server-endpoint - name: CLOUD_PROVIDER_API_KEY value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API requires a key. - name: GOOGLE_APPLICATION_CREDENTIALS {{- if .Values.kubecostProductConfigs }} {{- if .Values.kubecostProductConfigs.gcpSecretName }} value: /models/key.json {{- else }} value: /var/configs/key.json {{- end }} {{- else }} value: /var/configs/key.json {{- end }} - name: CONFIG_PATH value: /var/configs/ - name: DB_PATH value: /var/db/ - name: CLUSTER_PROFILE {{- if .Values.kubecostProductConfigs }} value: {{ .Values.kubecostProductConfigs.clusterProfile | default "production" }} {{- else }} value: production {{- end }} - name: REMOTE_WRITE_PASSWORD value: {{ .Values.remoteWrite.postgres.auth.password }} {{- if .Values.remoteWrite.postgres.enabled }} - name: REMOTE_WRITE_ENABLED value: "true" {{- end }} - name: GOGC value: "60" - name: GODEBUG value: "madvdontneed=1" {{- if .Values.global.thanos.queryServiceBasicAuthSecretName}} - name: MC_BASIC_AUTH_USERNAME valueFrom: secretKeyRef: name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} key: USERNAME - name: MC_BASIC_AUTH_PW valueFrom: secretKeyRef: name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} key: PASSWORD {{- end }} {{- if .Values.global.prometheus.queryServiceBasicAuthSecretName}} - name: DB_BASIC_AUTH_USERNAME valueFrom: secretKeyRef: name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} key: USERNAME - name: DB_BASIC_AUTH_PW valueFrom: secretKeyRef: name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} key: PASSWORD {{- end }} {{- if .Values.global.prometheus.queryServiceBearerTokenSecretName }} - name: DB_BEARER_TOKEN valueFrom: secretKeyRef: name: {{ .Values.global.prometheus.queryServiceBearerTokenSecretName }} key: TOKEN {{- end }} {{- if .Values.global.thanos.queryServiceBearerTokenSecretName }} - name: MC_BEARER_TOKEN valueFrom: secretKeyRef: name: {{ .Values.global.thanos.queryServiceBearerTokenSecretName }} key: TOKEN {{- end }} {{- if .Values.global.prometheus.insecureSkipVerify }} - name: INSECURE_SKIP_VERIFY value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }} {{- end }} {{- if .Values.pricingCsv }} {{- if .Values.pricingCsv.enabled }} - name: USE_CSV_PROVIDER value: "true" - name: CSV_PATH value: {{ .Values.pricingCsv.location.URI }} - name: CSV_REGION value: {{ .Values.pricingCsv.location.region }} {{- if eq .Values.pricingCsv.location.provider "AWS"}} {{- if .Values.pricingCsv.location.csvAccessCredentials }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: {{ .Values.pricingCsv.location.csvAccessCredentials }} key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: {{ .Values.pricingCsv.location.csvAccessCredentials }} key: AWS_SECRET_ACCESS_KEY {{- end }} {{- end }} {{- end }} {{- end }} {{- if .Values.kubecostMetrics }} - name: EMIT_POD_ANNOTATIONS_METRIC value: {{ (quote .Values.kubecostMetrics.emitPodAnnotations) | default (quote false) }} - name: EMIT_NAMESPACE_ANNOTATIONS_METRIC value: {{ (quote .Values.kubecostMetrics.emitNamespaceAnnotations) | default (quote false) }} {{- end }} {{- if .Values.kubecostMetrics }} - name: EMIT_KSM_V1_METRICS value: {{ (quote .Values.kubecostMetrics.emitKsmV1Metrics) | default (quote true) }} {{- end }} {{- if .Values.reporting }} - name: LOG_COLLECTION_ENABLED value: {{ (quote .Values.reporting.logCollection) | default (quote true) }} - name: PRODUCT_ANALYTICS_ENABLED value: {{ (quote .Values.reporting.productAnalytics) | default (quote true) }} - name: ERROR_REPORTING_ENABLED value: {{ (quote .Values.reporting.errorReporting ) | default (quote true) }} - name: VALUES_REPORTING_ENABLED value: {{ (quote .Values.reporting.valuesReporting) | default (quote true) }} {{- if .Values.reporting.errorReporting }} - name: SENTRY_DSN value: "https://71964476292e4087af8d5072afe43abd@o394722.ingest.sentry.io/5245431" {{- end }} {{- end }} - name: LEGACY_EXTERNAL_API_DISABLED value: {{ (quote .Values.kubecostModel.legacyOutOfClusterAPIDisabled) | default (quote false) }} - name: OUT_OF_CLUSTER_PROM_METRICS_ENABLED value: {{ (quote .Values.kubecostModel.outOfClusterPromMetricsEnabled) | default (quote false) }} - name: CACHE_WARMING_ENABLED value: {{ (quote .Values.kubecostModel.warmCache) | default (quote true) }} - name: SAVINGS_CACHE_WARMING_ENABLED value: {{ (quote .Values.kubecostModel.warmSavingsCache) | default (quote true) }} - name: ETL_ENABLED value: {{ (quote .Values.kubecostModel.etl) | default (quote true) }} {{- if .Values.kubecostModel.etlBucketConfigSecret }} - name: ETL_TO_DISK_ENABLED value: "false" - name: ETL_BUCKET_CONFIG value: "/var/configs/etl/object-store.yaml" {{- else }} - name: ETL_TO_DISK_ENABLED value: {{ (quote .Values.kubecostModel.etlToDisk) | default (quote true) }} {{- end }} - name : ETL_CLOUD_ASSETS_ENABLED value: {{ (quote .Values.kubecostModel.etlCloudAssets) | default (quote true) }} {{- if .Values.persistentVolume.dbPVEnabled }} - name: ETL_PATH_PREFIX value: "/var/db" {{- end }} - name: ETL_RESOLUTION_SECONDS value: {{ (quote .Values.kubecostModel.etlResolutionSeconds) | default (quote 300) }} - name: ETL_MAX_BATCH_HOURS value: {{ (quote .Values.kubecostModel.etlMaxBatchHours) | default (quote 6) }} - name: ETL_DAILY_STORE_DURATION_DAYS value: {{ (quote .Values.kubecostModel.etlDailyStoreDurationDays) | default (quote 91) }} - name: ETL_HOURLY_STORE_DURATION_HOURS value: {{ (quote .Values.kubecostModel.etlHourlyStoreDurationHours) | default (quote 49) }} - name: ETL_FILE_STORE_ENABLED value: {{ (quote .Values.kubecostModel.etlFileStoreEnabled) | default (quote false) }} - name: ETL_ASSET_RECONCILIATION_ENABLED value: {{ (quote .Values.kubecostModel.etlAssetReconciliationEnabled) | default (quote true) }} {{- if .Values.systemProxy.enabled }} - name: HTTP_PROXY value: {{ .Values.systemProxy.httpProxyUrl }} - name: http_proxy value: {{ .Values.systemProxy.httpProxyUrl }} - name: HTTPS_PROXY value: {{ .Values.systemProxy.httpsProxyUrl }} - name: https_proxy value: {{ .Values.systemProxy.httpsProxyUrl }} - name: NO_PROXY value: {{ .Values.systemProxy.noProxy }} - name: no_proxy value: {{ .Values.systemProxy.noProxy }} {{- end }} - name: PV_ENABLED value: {{ (quote .Values.persistentVolume.enabled) | default (quote true) }} - name: MAX_QUERY_CONCURRENCY value: {{ (quote .Values.kubecostModel.maxQueryConcurrency) | default (quote 5) }} - name: UTC_OFFSET value: {{ (quote .Values.kubecostModel.utcOffset) | default (quote ) }} {{- if .Values.networkCosts }} {{- if .Values.networkCosts.enabled }} - name: NETWORK_COSTS_PORT value: {{ quote .Values.networkCosts.port | default (quote 3001) }} {{- end }} {{- end }} {{- /* If queryService is set, the cost-analyzer will always pass THANOS_ENABLED as true to ensure that the custom query service target is used. The global.thanos.enabled flag does not have any affect on this behavior. */}} {{- if .Values.global.thanos.queryService }} - name: THANOS_ENABLED value: "true" - name: THANOS_QUERY_URL value: {{ .Values.global.thanos.queryService }} - name: THANOS_QUERY_OFFSET value: {{ .Values.global.thanos.queryOffset | default "3h" }} - name: THANOS_MAX_SOURCE_RESOLUTION value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} {{- else if and .Values.global.thanos.enabled .Values.thanos }} {{- if .Values.thanos.query }} {{- if .Values.thanos.query.enabled }} - name: THANOS_ENABLED value: "true" - name: THANOS_QUERY_URL value: http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:{{ .Values.thanos.queryFrontend.http.port }} - name: THANOS_QUERY_OFFSET value: {{ .Values.global.thanos.queryOffset | default "3h" }} - name: THANOS_MAX_SOURCE_RESOLUTION value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} {{- end }} {{- end }} {{- end }} {{- if .Values.saml }} {{- if .Values.saml.enabled }} - name: SAML_ENABLED value: "true" - name: IDP_URL value: {{ .Values.saml.idpMetadataURL }} - name: SP_HOST value: {{ .Values.saml.appRootURL }} {{- if .Values.saml.audienceURI }} - name: AUDIENCE_URI value: {{ .Values.saml.audienceURI }} {{- end }} {{- if .Values.saml.nameIDFormat }} - name: NAME_ID_FORMAT value: {{ .Values.saml.nameIDFormat }} {{- end}} {{- if .Values.saml.rbac.enabled }} - name: SAML_RBAC_ENABLED value: "true" {{- end }} {{- end }} {{- end }} {{- if and (.Values.prometheus.server.global.external_labels.cluster_id) (not .Values.prometheus.server.clusterIDConfigmap) }} - name: CLUSTER_ID value: {{ .Values.prometheus.server.global.external_labels.cluster_id }} {{- end }} {{- if .Values.prometheus.server.clusterIDConfigmap }} - name: CLUSTER_ID valueFrom: configMapKeyRef: name: {{ .Values.prometheus.server.clusterIDConfigmap }} key: CLUSTER_ID {{- end }} {{- if .Values.remoteWrite.postgres.installLocal }} - name: SQL_ADDRESS value: pgprometheus {{- else }} - name: SQL_ADDRESS value: {{ .Values.remoteWrite.postgres.remotePostgresAddress }} {{- end }} {{- if .Values.kubecostModel.promClusterIDLabel }} - name: PROM_CLUSTER_ID_LABEL value: {{ .Values.kubecostModel.promClusterIDLabel }} {{- end }} - name: RELEASE_NAME value: {{ .Release.Name }} - name: KUBECOST_NAMESPACE value: {{ .Release.Namespace }} - name: KUBECOST_TOKEN valueFrom: configMapKeyRef: name: {{ template "cost-analyzer.fullname" . }} key: kubecost-token {{- if .Values.kubecostFrontend }} {{- if .Values.kubecostFrontend.fullImageName }} - image: {{ .Values.kubecostFrontend.fullImageName }} {{- else if .Values.imageVersion }} - image: {{ .Values.kubecostFrontend.image }}:{{ .Values.imageVersion }} {{- else }} - image: {{ .Values.kubecostFrontend.image }}:prod-{{ $.Chart.AppVersion }} {{ end }} {{- else }} - image: gcr.io/kubecost1/frontend:prod-{{ $.Chart.AppVersion }} {{ end }} {{- if .Values.kubecostFrontend.tls }} {{- if .Values.kubecostFrontend.tls.enabled }} command: ["nginx", "-g", "daemon off;"] ports: - containerPort: 443 {{- end }} {{- end }} env: - name: GET_HOSTS_FROM value: dns name: cost-analyzer-frontend volumeMounts: - name: nginx-conf mountPath: /etc/nginx/conf.d/ {{- if .Values.kubecostFrontend.tls }} {{- if .Values.kubecostFrontend.tls.enabled }} - name: tls mountPath: /etc/ssl/certs {{- end }} {{- end }} resources: {{ toYaml .Values.kubecostFrontend.resources | indent 12 }} {{- if .Values.kubecostFrontend.imagePullPolicy }} imagePullPolicy: {{ .Values.kubecostFrontend.imagePullPolicy }} {{- else }} imagePullPolicy: Always {{- end }} readinessProbe: httpGet: path: /healthz port: 9003 initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 200 {{- if .Values.kubecost }} {{- if .Values.kubecost.fullImageName }} - image: {{ .Values.kubecost.fullImageName }} {{- else if .Values.imageVersion}} - image: {{ .Values.kubecost.image }}:{{ .Values.imageVersion }} {{- else }} - image: {{ .Values.kubecost.image }}:prod-{{ $.Chart.AppVersion }} {{ end }} {{- else }} - image: gcr.io/kubecost1/server:prod-{{ $.Chart.AppVersion }} {{ end }} resources: {{ toYaml .Values.kubecost.resources | indent 12 }} name: cost-analyzer-server readinessProbe: httpGet: path: /healthz port: 9003 initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 200 volumeMounts: - name: persistent-configs mountPath: /var/configs env: - name: PROMETHEUS_SERVER_ENDPOINT valueFrom: configMapKeyRef: name: {{ template "cost-analyzer.fullname" . }} key: prometheus-server-endpoint {{- if .Values.reporting }} {{- if .Values.reporting.valuesReporting }} - name: HELM_VALUES value: {{ template "cost-analyzer.filterEnabled" .Values }} {{- end }} {{- end }} {{- if .Values.global.prometheus.insecureSkipVerify }} - name: INSECURE_SKIP_VERIFY value: {{ (quote .Values.global.prometheus.insecureSkipVerify) }} {{- end }} {{- /* If queryService is set, the cost-analyzer will always pass THANOS_ENABLED as true to ensure that the custom query service target is used. The global.thanos.enabled flag does not have any affect on this behavior. */}} {{- if .Values.global.thanos.queryService }} - name: THANOS_ENABLED value: "true" - name: THANOS_QUERY_URL value: {{ .Values.global.thanos.queryService }} - name: THANOS_QUERY_OFFSET value: {{ .Values.global.thanos.queryOffset | default "3h" }} - name: THANOS_MAX_SOURCE_RESOLUTION value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} {{- else if and .Values.global.thanos.enabled .Values.thanos }} {{- if .Values.thanos.query }} {{- if .Values.thanos.query.enabled }} - name: THANOS_ENABLED value: "true" - name: THANOS_QUERY_URL value: http://{{ .Release.Name }}-thanos-query-frontend-http.{{ .Release.Namespace }}:{{ .Values.thanos.queryFrontend.http.port }} - name: THANOS_QUERY_OFFSET value: {{ .Values.global.thanos.queryOffset | default "3h" }} - name: THANOS_MAX_SOURCE_RESOLUTION value: {{ .Values.kubecostModel.maxSourceResolution | default "raw" }} {{- end }} {{- end }} {{- end }} {{- if .Values.global.thanos.queryServiceBasicAuthSecretName}} - name: MC_BASIC_AUTH_USERNAME valueFrom: secretKeyRef: name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} key: USERNAME - name: MC_BASIC_AUTH_PW valueFrom: secretKeyRef: name: {{ .Values.global.thanos.queryServiceBasicAuthSecretName }} key: PASSWORD {{- end }} {{- if .Values.global.prometheus.queryServiceBasicAuthSecretName}} - name: DB_BASIC_AUTH_USERNAME valueFrom: secretKeyRef: name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} key: USERNAME - name: DB_BASIC_AUTH_PW valueFrom: secretKeyRef: name: {{ .Values.global.prometheus.queryServiceBasicAuthSecretName }} key: PASSWORD {{- end }} {{- if .Values.global.prometheus.queryServiceBearerTokenSecretName }} - name: DB_BEARER_TOKEN valueFrom: secretKeyRef: name: {{ .Values.global.prometheus.queryServiceBearerTokenSecretName }} key: TOKEN {{- end }} {{- if .Values.global.thanos.queryServiceBearerTokenSecretName }} - name: MC_BEARER_TOKEN valueFrom: secretKeyRef: name: {{ .Values.global.thanos.queryServiceBearerTokenSecretName }} key: TOKEN {{- end }} - name: KUBECOST_NAMESPACE value: {{ .Release.Namespace }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/configs/key.json - name: KUBECOST_TOKEN valueFrom: configMapKeyRef: name: {{ template "cost-analyzer.fullname" . }} key: kubecost-token {{- if eq .Values.global.grafana.proxy false }} - name: GRAFANA_URL valueFrom: configMapKeyRef: name: external-grafana-config-map key: grafanaURL {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} {{- end }} {{- if .Values.priority }} {{- if .Values.priority.enabled }} priorityClassName: {{ template "cost-analyzer.fullname" . }}-priority {{- end }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }}