新增监控组件
This commit is contained in:
Sense T
@@ -0,0 +1,33 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
# helm/charts
|
||||
OWNERS
|
||||
hack/
|
||||
ci/
|
||||
kube-prometheus-*.tgz
|
||||
|
||||
unittests/
|
||||
files/dashboards/
|
||||
|
||||
UPGRADE.md
|
||||
CONTRIBUTING.md
|
||||
.editorconfig
|
||||
@@ -0,0 +1,18 @@
|
||||
dependencies:
|
||||
- name: crds
|
||||
repository: ""
|
||||
version: 0.0.0
|
||||
- name: kube-state-metrics
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 7.3.0
|
||||
- name: prometheus-node-exporter
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 4.55.0
|
||||
- name: grafana
|
||||
repository: https://grafana-community.github.io/helm-charts
|
||||
version: 12.3.3
|
||||
- name: prometheus-windows-exporter
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 0.12.7
|
||||
digest: sha256:c0a8d925127e08bc8476d30ea830cfc55464ea1642fdc54b162aa5a84a6fd563
|
||||
generated: "2026-05-19T17:49:27.635862373Z"
|
||||
@@ -0,0 +1,72 @@
|
||||
annotations:
|
||||
artifacthub.io/license: Apache-2.0
|
||||
artifacthub.io/links: |
|
||||
- name: Chart Source
|
||||
url: https://github.com/prometheus-community/helm-charts
|
||||
- name: Upstream Project
|
||||
url: https://github.com/prometheus-operator/kube-prometheus
|
||||
- name: Upgrade Process
|
||||
url: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/README.md#upgrading-chart
|
||||
artifacthub.io/operator: "true"
|
||||
apiVersion: v2
|
||||
appVersion: v0.90.1
|
||||
dependencies:
|
||||
- condition: crds.enabled
|
||||
name: crds
|
||||
repository: ""
|
||||
version: 0.0.0
|
||||
- condition: kubeStateMetrics.enabled
|
||||
name: kube-state-metrics
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 7.3.0
|
||||
- condition: nodeExporter.enabled
|
||||
name: prometheus-node-exporter
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 4.55.0
|
||||
- condition: grafana.enabled
|
||||
name: grafana
|
||||
repository: https://grafana-community.github.io/helm-charts
|
||||
version: 12.3.3
|
||||
- condition: windowsMonitoring.enabled
|
||||
name: prometheus-windows-exporter
|
||||
repository: https://prometheus-community.github.io/helm-charts
|
||||
version: 0.12.*
|
||||
description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
|
||||
and Prometheus rules combined with documentation and scripts to provide easy to
|
||||
operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus
|
||||
Operator.
|
||||
home: https://github.com/prometheus-operator/kube-prometheus
|
||||
icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png
|
||||
keywords:
|
||||
- operator
|
||||
- prometheus
|
||||
- kube-prometheus
|
||||
kubeVersion: '>=1.25.0-0'
|
||||
maintainers:
|
||||
- email: andrew@quadcorps.co.uk
|
||||
name: andrewgkew
|
||||
url: https://github.com/andrewgkew
|
||||
- email: gianrubio@gmail.com
|
||||
name: gianrubio
|
||||
url: https://github.com/gianrubio
|
||||
- email: github.gkarthiks@gmail.com
|
||||
name: gkarthiks
|
||||
url: https://github.com/gkarthiks
|
||||
- email: kube-prometheus-stack@sisti.pt
|
||||
name: GMartinez-Sisti
|
||||
url: https://github.com/GMartinez-Sisti
|
||||
- email: github@jkroepke.de
|
||||
name: jkroepke
|
||||
url: https://github.com/jkroepke
|
||||
- email: miroslav.hadzhiev@gmail.com
|
||||
name: Xtigyro
|
||||
url: https://github.com/Xtigyro
|
||||
- email: quentin.bisson@gmail.com
|
||||
name: QuentinBisson
|
||||
url: https://github.com/QuentinBisson
|
||||
name: kube-prometheus-stack
|
||||
sources:
|
||||
- https://github.com/prometheus-community/helm-charts
|
||||
- https://github.com/prometheus-operator/kube-prometheus
|
||||
type: application
|
||||
version: 85.2.0
|
||||
@@ -0,0 +1,382 @@
|
||||
# kube-prometheus-stack
|
||||
|
||||
Installs core components of the [kube-prometheus stack](https://github.com/prometheus-operator/kube-prometheus), a collection of Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator).
|
||||
|
||||
See the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) readme for details about components, dashboards, and alerts.
|
||||
|
||||
_Note: This chart was formerly named `prometheus-operator` chart, now renamed to more clearly reflect that it installs the `kube-prometheus` project stack, within which Prometheus Operator is only one component. This chart does not install all components of `kube-prometheus`, notably excluding the Prometheus Adapter and Prometheus black-box exporter._
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.19+
|
||||
- Helm 3+
|
||||
|
||||
## Usage
|
||||
|
||||
The chart is distributed as an [OCI Artifact](https://helm.sh/docs/topics/registries/) as well as via a traditional [Helm Repository](https://helm.sh/docs/topics/chart_repository/).
|
||||
|
||||
- OCI Artifact: `oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack`
|
||||
- Helm Repository: `https://prometheus-community.github.io/helm-charts` with chart `kube-prometheus-stack`
|
||||
|
||||
The installation instructions use the OCI registry. Refer to the [`helm repo`]([`helm repo`](https://helm.sh/docs/helm/helm_repo/)) command documentation for information on installing charts via the traditional repository.
|
||||
|
||||
### Install Helm Chart
|
||||
|
||||
```console
|
||||
helm install [RELEASE_NAME] oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack
|
||||
```
|
||||
|
||||
_See [configuration](#configuration) below._
|
||||
|
||||
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
|
||||
|
||||
### Dependencies
|
||||
|
||||
By default this chart installs additional, dependent charts:
|
||||
|
||||
- [prometheus-community/kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics)
|
||||
- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter)
|
||||
- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana)
|
||||
|
||||
To disable dependencies during installation, see [multiple releases](#multiple-releases) below.
|
||||
|
||||
_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._
|
||||
|
||||
#### Grafana Dashboards
|
||||
|
||||
This chart provisions a collection of curated Grafana dashboards that are automatically loaded into Grafana via ConfigMaps. These dashboards are rendered into the Helm chart under [`templates/grafana/`](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/templates/grafana/), but **this is not their source of truth**.
|
||||
|
||||
The dashboards originate from various upstream projects and are gathered and processed using scripts in the [`hack/`](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack) directory. For details on how these dashboards are sourced and kept up to date, refer to the [hack/README.md](https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/hack/README.md).
|
||||
|
||||
> **Note:** The dashboards referenced in the `hack` scripts are usually **not the original source** either. Most originate from separate **Prometheus mixin repositories** (e.g., [kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin)) and are processed through `jsonnet` tooling before being included here. To find the original source in case you want to modify it you may have to search even further upstream.
|
||||
|
||||
If you wish to contribute or modify dashboards, please follow the guidance in the `hack/README.md` to ensure consistency and reproducibility.
|
||||
|
||||
### Uninstall Helm Chart
|
||||
|
||||
```console
|
||||
helm uninstall [RELEASE_NAME]
|
||||
```
|
||||
|
||||
This removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
|
||||
|
||||
CRDs created by this chart are not removed by default and should be manually cleaned up:
|
||||
|
||||
```console
|
||||
kubectl delete crd alertmanagerconfigs.monitoring.coreos.com
|
||||
kubectl delete crd alertmanagers.monitoring.coreos.com
|
||||
kubectl delete crd podmonitors.monitoring.coreos.com
|
||||
kubectl delete crd probes.monitoring.coreos.com
|
||||
kubectl delete crd prometheusagents.monitoring.coreos.com
|
||||
kubectl delete crd prometheuses.monitoring.coreos.com
|
||||
kubectl delete crd prometheusrules.monitoring.coreos.com
|
||||
kubectl delete crd scrapeconfigs.monitoring.coreos.com
|
||||
kubectl delete crd servicemonitors.monitoring.coreos.com
|
||||
kubectl delete crd thanosrulers.monitoring.coreos.com
|
||||
```
|
||||
|
||||
### Upgrading Chart
|
||||
|
||||
```console
|
||||
helm upgrade [RELEASE_NAME] [CHART]
|
||||
```
|
||||
|
||||
With Helm v3, CRDs created by this chart are not updated by default and should be manually updated.
|
||||
Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions).
|
||||
|
||||
CRDs update lead to a major version bump.
|
||||
The Chart's [appVersion](https://github.com/prometheus-community/helm-charts/blob/13ed7098db2f78c2bbcdab6c1c3c7a95b4b94574/charts/kube-prometheus-stack/Chart.yaml#L36) refers to the [`prometheus-operator`](https://github.com/prometheus-operator/prometheus-operator/tree/main)'s version with matching CRDs.
|
||||
|
||||
_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._
|
||||
|
||||
#### Upgrading an existing Release to a new major version
|
||||
|
||||
A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions.
|
||||
|
||||
See [UPGRADE.md](https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/UPGRADE.md)
|
||||
for breaking changes between versions.
|
||||
|
||||
## Configuration
|
||||
|
||||
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
|
||||
|
||||
```console
|
||||
helm show values oci://ghcr.io/prometheus-community/charts/kube-prometheus-stack
|
||||
```
|
||||
|
||||
You may also `helm show values` on this chart's [dependencies](#dependencies) for additional options.
|
||||
|
||||
For templated Grafana datasource definitions (e.g. when using Helm flow control), use `grafana.additionalDataSourcesString`, which is rendered via `tpl`.
|
||||
|
||||
### Prometheus High Availability (HA)
|
||||
|
||||
For a basic HA setup, run multiple Prometheus replicas:
|
||||
|
||||
```yaml
|
||||
prometheus:
|
||||
prometheusSpec:
|
||||
replicas: 2
|
||||
podAntiAffinity: "hard"
|
||||
externalLabels:
|
||||
cluster: prod-eu1
|
||||
```
|
||||
|
||||
Important notes:
|
||||
|
||||
1. `replicas` controls how many Prometheus pods are deployed for each shard.
|
||||
2. Keep anti-affinity enabled (or hardened) to avoid scheduling all replicas on one node.
|
||||
3. Do not clear replica/instance external labels in HA setups (`replicaExternalLabelNameClear` / `prometheusExternalLabelNameClear`), otherwise deduplication and alert/source identification become harder.
|
||||
4. Querying replicas through a Kubernetes Service provides availability, but not sample deduplication across replicas by itself. For global/deduplicated querying, use a Thanos Query layer (or another backend that performs deduplication).
|
||||
|
||||
See also Prometheus Operator HA guidance:
|
||||
|
||||
- [Prometheus Operator HA docs](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/high-availability.md#prometheus)
|
||||
|
||||
### Multiple releases
|
||||
|
||||
The same chart can be used to run multiple Prometheus instances in the same cluster if required. To achieve this, it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration, while all other components need to be disabled. To disable a dependency during installation, set `kubeStateMetrics.enabled`, `nodeExporter.enabled` and `grafana.enabled` to `false`.
|
||||
|
||||
## Work-Arounds for Known Issues
|
||||
|
||||
### Running on private GKE clusters
|
||||
|
||||
When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod.
|
||||
|
||||
You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules)
|
||||
|
||||
Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`.
|
||||
|
||||
## PrometheusRules Admission Webhooks
|
||||
|
||||
With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent malformed rules from being added to the cluster.
|
||||
|
||||
### How the Chart Configures the Hooks
|
||||
|
||||
A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks.
|
||||
|
||||
1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits.
|
||||
2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate.
|
||||
3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set.
|
||||
4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations
|
||||
|
||||
### Alternatives
|
||||
|
||||
It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested.
|
||||
|
||||
You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `prometheusOperator.admissionWebhooks.certManager.enabled` value to true.
|
||||
|
||||
### Limitations
|
||||
|
||||
Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default.
|
||||
|
||||
## Developing Prometheus Rules and Grafana Dashboards
|
||||
|
||||
This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repository](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts.
|
||||
|
||||
## Further Information
|
||||
|
||||
For more in-depth documentation of configuration options meanings, please see
|
||||
|
||||
- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)
|
||||
- [Prometheus](https://prometheus.io/docs/introduction/overview/)
|
||||
- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart)
|
||||
|
||||
## prometheus.io/scrape
|
||||
|
||||
The prometheus operator does not support annotation-based discovery of services, using the `PodMonitor` or `ServiceMonitor` CRD in its place as they provide far more configuration options.
|
||||
For information on how to use PodMonitors/ServiceMonitors, please see the documentation on the `prometheus-operator/prometheus-operator` documentation here:
|
||||
|
||||
- [ServiceMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/developer/getting-started.md#using-servicemonitors)
|
||||
- [PodMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/developer/getting-started.md#using-podmonitors)
|
||||
- [Running Exporters](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/running-exporters.md)
|
||||
|
||||
By default, Prometheus discovers PodMonitors and ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release.
|
||||
Sometimes, you may need to discover custom PodMonitors/ServiceMonitors, for example used to scrape data from third-party applications.
|
||||
An easy way of doing this, without compromising the default PodMonitors/ServiceMonitors discovery, is allowing Prometheus to discover all PodMonitors/ServiceMonitors within its namespace, without applying label filtering.
|
||||
To do so, you can set `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` and `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`.
|
||||
|
||||
## Migrating from stable/prometheus-operator chart
|
||||
|
||||
## Zero downtime
|
||||
|
||||
Since `kube-prometheus-stack` is fully compatible with the `stable/prometheus-operator` chart, a migration without downtime can be achieved.
|
||||
However, the old name prefix needs to be kept. If you want the new name please follow the step by step guide below (with downtime).
|
||||
|
||||
You can override the name to achieve this:
|
||||
|
||||
```console
|
||||
helm upgrade prometheus-operator prometheus-community/kube-prometheus-stack -n monitoring --reuse-values --set nameOverride=prometheus-operator
|
||||
```
|
||||
|
||||
**Note**: It is recommended to run this first with `--dry-run --debug`.
|
||||
|
||||
## Redeploy with new name (downtime)
|
||||
|
||||
If the **prometheus-operator** values are compatible with the new **kube-prometheus-stack** chart, please follow the below steps for migration:
|
||||
|
||||
> The guide presumes that chart is deployed in `monitoring` namespace and the deployments are running there. If in other namespace, please replace the `monitoring` to the deployed namespace.
|
||||
|
||||
1. Patch the PersistenceVolume created/used by the prometheus-operator chart to `Retain` claim policy:
|
||||
|
||||
```console
|
||||
kubectl patch pv/<PersistentVolume name> -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'
|
||||
```
|
||||
|
||||
**Note:** To execute the above command, the user must have a cluster wide permission. Please refer [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
|
||||
|
||||
2. Uninstall the **prometheus-operator** release and delete the existing PersistentVolumeClaim, and verify PV become Released.
|
||||
|
||||
```console
|
||||
helm uninstall prometheus-operator -n monitoring
|
||||
kubectl delete pvc/<PersistenceVolumeClaim name> -n monitoring
|
||||
```
|
||||
|
||||
Additionally, you have to manually remove the remaining `prometheus-operator-kubelet` service.
|
||||
|
||||
```console
|
||||
kubectl delete service/prometheus-operator-kubelet -n kube-system
|
||||
```
|
||||
|
||||
You can choose to remove all your existing CRDs (ServiceMonitors, Podmonitors, etc.) if you want to.
|
||||
|
||||
3. Remove current `spec.claimRef` values to change the PV's status from Released to Available.
|
||||
|
||||
```console
|
||||
kubectl patch pv/<PersistentVolume name> --type json -p='[{"op": "remove", "path": "/spec/claimRef"}]' -n monitoring
|
||||
```
|
||||
|
||||
**Note:** To execute the above command, the user must have a cluster wide permission. Please refer to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
|
||||
|
||||
After these steps, proceed to a fresh **kube-prometheus-stack** installation and make sure the current release of **kube-prometheus-stack** matching the `volumeClaimTemplate` values in the `values.yaml`.
|
||||
|
||||
The binding is done via matching a specific amount of storage requested and with certain access modes.
|
||||
|
||||
For example, if you had storage specified as this with **prometheus-operator**:
|
||||
|
||||
```yaml
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
storageClassName: gp2
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 50Gi
|
||||
```
|
||||
|
||||
You have to specify matching `volumeClaimTemplate` with 50Gi storage and `ReadWriteOnce` access mode.
|
||||
|
||||
Additionally, you should check the current AZ of your legacy installation's PV, and configure the fresh release to use the same AZ as the old one. If the pods are in a different AZ than the PV, the release will fail to bind the existing one, hence creating a new PV.
|
||||
|
||||
This can be achieved either by specifying the labels through `values.yaml`, e.g. setting `prometheus.prometheusSpec.nodeSelector` to:
|
||||
|
||||
```yaml
|
||||
nodeSelector:
|
||||
failure-domain.beta.kubernetes.io/zone: east-west-1a
|
||||
```
|
||||
|
||||
or passing these values as `--set` overrides during installation.
|
||||
|
||||
The new release should now re-attach your previously released PV with its content.
|
||||
|
||||
## Migrating from coreos/prometheus-operator chart
|
||||
|
||||
The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster.
|
||||
|
||||
There is no simple and direct migration path between the charts as the changes are extensive and intended to make the chart easier to support.
|
||||
|
||||
The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy.
|
||||
|
||||
You can check out the tickets for this change at [prometheus-operator/prometheus-operator #592](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [helm/charts #6765](https://github.com/helm/charts/pull/6765).
|
||||
|
||||
### High-level overview of Changes
|
||||
|
||||
#### Added dependencies
|
||||
|
||||
The chart has added 3 [dependencies](#dependencies).
|
||||
|
||||
- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components
|
||||
- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md)
|
||||
|
||||
#### Kubelet Service
|
||||
|
||||
Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice.
|
||||
|
||||
#### Persistent Volumes
|
||||
|
||||
If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: pvc-prometheus-migration-prometheus-0
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
azureDisk:
|
||||
cachingMode: None
|
||||
diskName: pvc-prometheus-migration-prometheus-0
|
||||
diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0
|
||||
fsType: ""
|
||||
kind: Managed
|
||||
readOnly: false
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
persistentVolumeReclaimPolicy: Delete
|
||||
storageClassName: prometheus
|
||||
volumeMode: Filesystem
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: prometheus
|
||||
prometheus: prometheus-migration-prometheus
|
||||
name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0
|
||||
namespace: monitoring
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storageClassName: prometheus
|
||||
volumeMode: Filesystem
|
||||
volumeName: pvc-prometheus-migration-prometheus-0
|
||||
```
|
||||
|
||||
The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used.
|
||||
|
||||
#### KubeProxy
|
||||
|
||||
The metrics bind address of kube-proxy is default to `127.0.0.1:10249` that prometheus instances **cannot** access to. You should expose metrics by changing `metricsBindAddress` field value to `0.0.0.0:10249` if you want to collect them.
|
||||
|
||||
Depending on the cluster, the relevant part `config.conf` will be in ConfigMap `kube-system/kube-proxy` or `kube-system/kube-proxy-config`. For example:
|
||||
|
||||
```console
|
||||
kubectl -n kube-system edit cm kube-proxy
|
||||
```
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
data:
|
||||
config.conf: |-
|
||||
apiVersion: kubeproxy.config.k8s.io/v1alpha1
|
||||
kind: KubeProxyConfiguration
|
||||
# ...
|
||||
# metricsBindAddress: 127.0.0.1:10249
|
||||
metricsBindAddress: 0.0.0.0:10249
|
||||
# ...
|
||||
kubeconfig.conf: |-
|
||||
# ...
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
labels:
|
||||
app: kube-proxy
|
||||
name: kube-proxy
|
||||
namespace: kube-system
|
||||
```
|
||||
@@ -0,0 +1,18 @@
|
||||
{{ $.Chart.Name }} has been installed. Check its status by running:
|
||||
kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pods -l "release={{ $.Release.Name }}"
|
||||
|
||||
Get Grafana '{{ .Values.grafana.adminUser }}' user password by running:
|
||||
|
||||
kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get secrets {{ $.Release.Name }}-grafana -o jsonpath="{.data.admin-password}" | base64 -d ; echo
|
||||
|
||||
Access Grafana local instance:
|
||||
|
||||
export POD_NAME=$(kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pod -l "app.kubernetes.io/name={{ default "grafana" .Values.grafana.name }},app.kubernetes.io/instance={{ $.Release.Name }}" -oname)
|
||||
kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} port-forward $POD_NAME 3000
|
||||
|
||||
Get your grafana admin user password by running:
|
||||
|
||||
kubectl get secret --namespace {{ .Values.grafana.namespaceOverride | default (include "kube-prometheus-stack.namespace" .) }} -l app.kubernetes.io/component=admin-secret -o jsonpath="{.items[0].data.{{ .Values.grafana.admin.passwordKey | default "admin-password" }}}" | base64 --decode ; echo
|
||||
|
||||
|
||||
Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator.
|
||||
@@ -0,0 +1,399 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}}
|
||||
{{- define "kube-prometheus-stack.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
The components in this chart create additional resources that expand the longest created name strings.
|
||||
The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26.
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 26 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Fullname suffixed with -operator */}}
|
||||
{{/* Adding 9 to 26 truncation of kube-prometheus-stack.fullname */}}
|
||||
{{- define "kube-prometheus-stack.operator.fullname" -}}
|
||||
{{- if .Values.prometheusOperator.fullnameOverride -}}
|
||||
{{- .Values.prometheusOperator.fullnameOverride | trunc 35 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Prometheus custom resource instance name */}}
|
||||
{{- define "kube-prometheus-stack.prometheus.crname" -}}
|
||||
{{- if .Values.cleanPrometheusOperatorObjectNames }}
|
||||
{{- include "kube-prometheus-stack.fullname" . }}
|
||||
{{- else }}
|
||||
{{- print (include "kube-prometheus-stack.fullname" .) "-prometheus" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Alertmanager custom resource instance name */}}
|
||||
{{- define "kube-prometheus-stack.alertmanager.crname" -}}
|
||||
{{- if .Values.cleanPrometheusOperatorObjectNames }}
|
||||
{{- include "kube-prometheus-stack.fullname" . }}
|
||||
{{- else }}
|
||||
{{- print (include "kube-prometheus-stack.fullname" .) "-alertmanager" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* ThanosRuler custom resource instance name */}}
|
||||
{{/* Subtracting 1 from 26 truncation of kube-prometheus-stack.fullname */}}
|
||||
{{- define "kube-prometheus-stack.thanosRuler.crname" -}}
|
||||
{{- if .Values.cleanPrometheusOperatorObjectNames }}
|
||||
{{- include "kube-prometheus-stack.fullname" . }}
|
||||
{{- else }}
|
||||
{{- print (include "kube-prometheus-stack.fullname" . | trunc 25 | trimSuffix "-") "-thanos-ruler" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Shortened name suffixed with thanos-ruler */}}
|
||||
{{- define "kube-prometheus-stack.thanosRuler.name" -}}
|
||||
{{- default (printf "%s-thanos-ruler" (include "kube-prometheus-stack.name" .)) .Values.thanosRuler.name -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Create chart name and version as used by the chart label. */}}
|
||||
{{- define "kube-prometheus-stack.chartref" -}}
|
||||
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Generate basic labels */}}
|
||||
{{- define "kube-prometheus-stack.labels" }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}"
|
||||
app.kubernetes.io/part-of: {{ template "kube-prometheus-stack.name" . }}
|
||||
chart: {{ template "kube-prometheus-stack.chartref" . }}
|
||||
release: {{ $.Release.Name | quote }}
|
||||
heritage: {{ $.Release.Service | quote }}
|
||||
{{- if .Values.commonLabels}}
|
||||
{{ toYaml .Values.commonLabels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Create the name of kube-prometheus-stack service account to use */}}
|
||||
{{- define "kube-prometheus-stack.operator.serviceAccountName" -}}
|
||||
{{- if .Values.prometheusOperator.serviceAccount.create -}}
|
||||
{{ default (include "kube-prometheus-stack.operator.fullname" .) .Values.prometheusOperator.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.prometheusOperator.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of kube-prometheus-stack service account to use */}}
|
||||
{{- define "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" -}}
|
||||
{{- if .Values.prometheusOperator.serviceAccount.create -}}
|
||||
{{ default (printf "%s-webhook" (include "kube-prometheus-stack.operator.fullname" .)) .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of prometheus service account to use */}}
|
||||
{{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}}
|
||||
{{- if .Values.prometheus.serviceAccount.create -}}
|
||||
{{ default (print (include "kube-prometheus-stack.fullname" .) "-prometheus") .Values.prometheus.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.prometheus.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of alertmanager service account to use */}}
|
||||
{{- define "kube-prometheus-stack.alertmanager.serviceAccountName" -}}
|
||||
{{- if .Values.alertmanager.serviceAccount.create -}}
|
||||
{{ default (print (include "kube-prometheus-stack.fullname" .) "-alertmanager") .Values.alertmanager.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.alertmanager.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of thanosRuler service account to use */}}
|
||||
{{- define "kube-prometheus-stack.thanosRuler.serviceAccountName" -}}
|
||||
{{- if .Values.thanosRuler.serviceAccount.create -}}
|
||||
{{ default (include "kube-prometheus-stack.thanosRuler.name" .) .Values.thanosRuler.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.thanosRuler.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Use the grafana namespace override for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-grafana.namespace" -}}
|
||||
{{- if .Values.grafana.namespaceOverride -}}
|
||||
{{- .Values.grafana.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Use the Alertmanager namespace override for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-alertmanager.namespace" -}}
|
||||
{{- if .Values.alertmanager.namespaceOverride -}}
|
||||
{{- .Values.alertmanager.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- include "kube-prometheus-stack.namespace" . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow kubelet job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kubelet.name" -}}
|
||||
{{- if index .Values "kubelet" "jobNameOverride" -}}
|
||||
{{- index .Values "kubelet" "jobNameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "kubelet" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Allow kube-controller-manager job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-controller-manager.name" -}}
|
||||
{{- if index .Values "kubeControllerManager" "jobNameOverride" -}}
|
||||
{{- index .Values "kubeControllerManager" "jobNameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "kube-controller-manager" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Allow kube-scheduler job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-scheduler.name" -}}
|
||||
{{- if index .Values "kubeScheduler" "jobNameOverride" -}}
|
||||
{{- index .Values "kubeScheduler" "jobNameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "kube-scheduler" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Allow kube-proxy job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-proxy.name" -}}
|
||||
{{- if index .Values "kubeProxy" "jobNameOverride" -}}
|
||||
{{- index .Values "kubeProxy" "jobNameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "kube-proxy" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow kube-apiserver job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-apiserver.name" -}}
|
||||
{{- if index .Values "kubeApiServer" "jobNameOverride" -}}
|
||||
{{- index .Values "kubeApiServer" "jobNameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "apiserver" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow kube-state-metrics job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-state-metrics.name" -}}
|
||||
{{- if index .Values "kube-state-metrics" "nameOverride" -}}
|
||||
{{- index .Values "kube-state-metrics" "nameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "kube-state-metrics" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Use the kube-state-metrics namespace override for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-state-metrics.namespace" -}}
|
||||
{{- if index .Values "kube-state-metrics" "namespaceOverride" -}}
|
||||
{{- index .Values "kube-state-metrics" "namespaceOverride" -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Use the prometheus-node-exporter namespace override for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-prometheus-node-exporter.namespace" -}}
|
||||
{{- if index .Values "prometheus-node-exporter" "namespaceOverride" -}}
|
||||
{{- index .Values "prometheus-node-exporter" "namespaceOverride" -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Allow KubeVersion to be overridden. */}}
|
||||
{{- define "kube-prometheus-stack.kubeVersion" -}}
|
||||
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Get value based on current Kubernetes version */}}
|
||||
{{- define "kube-prometheus-stack.kubeVersionDefaultValue" -}}
|
||||
{{- $values := index . 0 -}}
|
||||
{{- $kubeVersion := index . 1 -}}
|
||||
{{- $old := index . 2 -}}
|
||||
{{- $new := index . 3 -}}
|
||||
{{- $default := index . 4 -}}
|
||||
{{- if kindIs "invalid" $default -}}
|
||||
{{- if semverCompare $kubeVersion (include "kube-prometheus-stack.kubeVersion" $values) -}}
|
||||
{{- print $new -}}
|
||||
{{- else -}}
|
||||
{{- print $old -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- print $default }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Get value for kube-controller-manager depending on insecure scraping availability */}}
|
||||
{{- define "kube-prometheus-stack.kubeControllerManager.insecureScrape" -}}
|
||||
{{- $values := index . 0 -}}
|
||||
{{- $insecure := index . 1 -}}
|
||||
{{- $secure := index . 2 -}}
|
||||
{{- $userValue := index . 3 -}}
|
||||
{{- include "kube-prometheus-stack.kubeVersionDefaultValue" (list $values ">= 1.22-0" $insecure $secure $userValue) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Get value for kube-scheduler depending on insecure scraping availability */}}
|
||||
{{- define "kube-prometheus-stack.kubeScheduler.insecureScrape" -}}
|
||||
{{- $values := index . 0 -}}
|
||||
{{- $insecure := index . 1 -}}
|
||||
{{- $secure := index . 2 -}}
|
||||
{{- $userValue := index . 3 -}}
|
||||
{{- include "kube-prometheus-stack.kubeVersionDefaultValue" (list $values ">= 1.23-0" $insecure $secure $userValue) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Sets default scrape limits for servicemonitor */}}
|
||||
{{- define "servicemonitor.scrapeLimits" -}}
|
||||
{{- with .sampleLimit }}
|
||||
sampleLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .targetLimit }}
|
||||
targetLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .labelLimit }}
|
||||
labelLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .labelNameLengthLimit }}
|
||||
labelNameLengthLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .labelValueLengthLimit }}
|
||||
labelValueLengthLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
To help compatibility with other charts which use global.imagePullSecrets.
|
||||
Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style).
|
||||
global:
|
||||
imagePullSecrets:
|
||||
- name: pullSecret1
|
||||
- name: pullSecret2
|
||||
|
||||
or
|
||||
|
||||
global:
|
||||
imagePullSecrets:
|
||||
- pullSecret1
|
||||
- pullSecret2
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack.imagePullSecrets" -}}
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
{{- if eq (typeOf .) "map[string]interface {}" }}
|
||||
- {{ toYaml . | trim }}
|
||||
{{- else }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kube-prometheus-stack.operator.admission-webhook.dnsNames" }}
|
||||
{{- $fullname := include "kube-prometheus-stack.operator.fullname" . }}
|
||||
{{- $namespace := include "kube-prometheus-stack.namespace" . }}
|
||||
{{- $fullname }}
|
||||
{{ $fullname }}.{{ $namespace }}.svc
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
|
||||
{{ $fullname }}-webhook
|
||||
{{ $fullname }}-webhook.{{ $namespace }}.svc
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* To help configure the kubelet servicemonitor for http or https. */}}
|
||||
{{- define "kube-prometheus-stack.kubelet.scheme" }}
|
||||
{{- if .Values.kubelet.serviceMonitor.https }}https{{ else }}http{{ end }}
|
||||
{{- end }}
|
||||
{{- define "kube-prometheus-stack.kubelet.authConfig" }}
|
||||
{{- if .Values.kubelet.serviceMonitor.https }}
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
insecureSkipVerify: {{ .Values.kubelet.serviceMonitor.insecureSkipVerify }}
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/* To help configure anti-affinity rules for Prometheus pods */}}
|
||||
{{- define "kube-prometheus-stack.prometheus.pod-anti-affinity.matchExpressions" }}
|
||||
{{- if .Values.prometheus.agentMode }}
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [prometheus-agent]}
|
||||
- {key: app.kubernetes.io/instance, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]}
|
||||
{{- else }}
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [prometheus]}
|
||||
- {key: app.kubernetes.io/instance, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* To help configure Grafana operator folder settings (folder, folderUID, or folderRef) */}}
|
||||
{{- define "kube-prometheus-stack.grafana.operator.folder" }}
|
||||
{{- $folder := .Values.grafana.operator.folder }}
|
||||
{{- $folderUID := .Values.grafana.operator.folderUID }}
|
||||
{{- $folderRef := .Values.grafana.operator.folderRef }}
|
||||
{{- if not (or
|
||||
(and $folder (not $folderUID) (not $folderRef))
|
||||
(and (not $folder) $folderUID (not $folderRef))
|
||||
(and (not $folder) (not $folderUID) $folderRef)
|
||||
)}}
|
||||
{{- fail "grafana.operator: only one of folder, folderUID, or folderRef must be set" }}
|
||||
{{- end }}
|
||||
{{- if $folder }}
|
||||
folder: {{ $folder | quote }}
|
||||
{{- else if $folderUID }}
|
||||
folderUID: {{ $folderUID | quote }}
|
||||
{{- else if $folderRef }}
|
||||
folderRef: {{ $folderRef | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,228 @@
|
||||
{{- if .Values.alertmanager.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: Alertmanager
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
|
||||
{{- with .Values.alertmanager.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.image }}
|
||||
{{- $registry := .Values.global.imageRegistry | default .Values.alertmanager.alertmanagerSpec.image.registry -}}
|
||||
{{- if and .Values.alertmanager.alertmanagerSpec.image.tag .Values.alertmanager.alertmanagerSpec.image.sha }}
|
||||
image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}@sha256:{{ .Values.alertmanager.alertmanagerSpec.image.sha }}"
|
||||
{{- else if .Values.alertmanager.alertmanagerSpec.image.sha }}
|
||||
image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}@sha256:{{ .Values.alertmanager.alertmanagerSpec.image.sha }}"
|
||||
{{- else if .Values.alertmanager.alertmanagerSpec.image.tag }}
|
||||
image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}"
|
||||
{{- else }}
|
||||
image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: "{{ .Values.alertmanager.alertmanagerSpec.image.pullPolicy }}"
|
||||
version: "{{ default .Values.alertmanager.alertmanagerSpec.image.tag .Values.alertmanager.alertmanagerSpec.version }}"
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.image.sha }}
|
||||
sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }}
|
||||
listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.serviceName }}
|
||||
serviceName: {{ tpl .Values.alertmanager.alertmanagerSpec.serviceName . }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.alertmanager.alertmanagerSpec.automountServiceAccountToken }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }}
|
||||
externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}"
|
||||
{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }}
|
||||
externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
|
||||
{{- else }}
|
||||
externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.nodeSelector | indent 4 }}
|
||||
{{- end }}
|
||||
paused: {{ .Values.alertmanager.alertmanagerSpec.paused }}
|
||||
logFormat: {{ .Values.alertmanager.alertmanagerSpec.logFormat | quote }}
|
||||
logLevel: {{ .Values.alertmanager.alertmanagerSpec.logLevel | quote }}
|
||||
retention: {{ .Values.alertmanager.alertmanagerSpec.retention | quote }}
|
||||
{{- with .Values.alertmanager.enableFeatures }}
|
||||
enableFeatures:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.secrets }}
|
||||
secrets:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.secrets | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.configSecret }}
|
||||
configSecret: {{ .Values.alertmanager.alertmanagerSpec.configSecret }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.configMaps }}
|
||||
configMaps:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.configMaps | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }}
|
||||
alertmanagerConfigSelector:
|
||||
{{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4) . }}
|
||||
{{ else }}
|
||||
alertmanagerConfigSelector: {}
|
||||
{{- end }}
|
||||
alertmanagerConfigNamespaceSelector:
|
||||
{{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4 | default "null") . }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.web }}
|
||||
web:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.web | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfiguration }}
|
||||
alertmanagerConfiguration:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfiguration | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigMatcherStrategy }}
|
||||
alertmanagerConfigMatcherStrategy:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigMatcherStrategy | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.resources | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.routePrefix }}
|
||||
routePrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if kindIs "bool" .Values.alertmanager.alertmanagerSpec.hostUsers }}
|
||||
hostUsers: {{ .Values.alertmanager.alertmanagerSpec.hostUsers }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.dnsConfig | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.dnsPolicy }}
|
||||
dnsPolicy: {{ .Values.alertmanager.alertmanagerSpec.dnsPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.storage }}
|
||||
storage:
|
||||
{{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.storage | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.alertmanagerSpec.persistentVolumeClaimRetentionPolicy }}
|
||||
persistentVolumeClaimRetentionPolicy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.podMetadata }}
|
||||
podMetadata:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.podMetadata | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.alertmanager.alertmanagerSpec.podAntiAffinity .Values.alertmanager.alertmanagerSpec.affinity }}
|
||||
affinity:
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.affinity }}
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.affinity | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "hard" }}
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [alertmanager]}
|
||||
- {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]}
|
||||
{{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }}
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [alertmanager]}
|
||||
- {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.containers }}
|
||||
containers:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.containers | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.initContainers }}
|
||||
initContainers:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.initContainers | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.priorityClassName }}
|
||||
priorityClassName: {{.Values.alertmanager.alertmanagerSpec.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.additionalPeers }}
|
||||
additionalPeers:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalPeers | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.volumes }}
|
||||
volumes:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.volumes | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.volumeMounts }}
|
||||
volumeMounts:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.volumeMounts | indent 4 }}
|
||||
{{- end }}
|
||||
portName: {{ .Values.alertmanager.alertmanagerSpec.portName }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }}
|
||||
clusterAdvertiseAddress: {{ .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterGossipInterval }}
|
||||
clusterGossipInterval: {{ .Values.alertmanager.alertmanagerSpec.clusterGossipInterval }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterPeerTimeout }}
|
||||
clusterPeerTimeout: {{ .Values.alertmanager.alertmanagerSpec.clusterPeerTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterPushpullInterval }}
|
||||
clusterPushpullInterval: {{ .Values.alertmanager.alertmanagerSpec.clusterPushpullInterval }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterLabel }}
|
||||
clusterLabel: {{ .Values.alertmanager.alertmanagerSpec.clusterLabel }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }}
|
||||
forceEnableClusterMode: {{ .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.minReadySeconds }}
|
||||
minReadySeconds: {{ .Values.alertmanager.alertmanagerSpec.minReadySeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.podManagementPolicy }}
|
||||
podManagementPolicy: {{ .Values.alertmanager.alertmanagerSpec.podManagementPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.updateStrategy }}
|
||||
updateStrategy:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.updateStrategy | indent 4 }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.alertmanager.alertmanagerSpec.hostNetwork }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.alertmanager.alertmanagerSpec.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.alertmanagerSpec.additionalConfig }}
|
||||
{{- tpl (toYaml .) $ | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.alertmanagerSpec.additionalConfigString }}
|
||||
{{- tpl . $ | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.additionalArgs }}
|
||||
additionalArgs:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalArgs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,20 @@
|
||||
{{- if .Values.alertmanager.extraSecret.data -}}
|
||||
{{- $secretName := printf "alertmanager-%s-extra" (include "kube-prometheus-stack.fullname" . ) -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ default $secretName .Values.alertmanager.extraSecret.name }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
{{- if .Values.alertmanager.extraSecret.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.extraSecret.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
app.kubernetes.io/component: alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
data:
|
||||
{{- range $key, $val := .Values.alertmanager.extraSecret.data }}
|
||||
{{ $key }}: {{ $val | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,67 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }}
|
||||
{{- $pathType := .Values.alertmanager.ingress.pathType | default "ImplementationSpecific" }}
|
||||
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
|
||||
{{- $backendServiceName := .Values.alertmanager.ingress.serviceName | default (printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager") }}
|
||||
{{- $servicePort := .Values.alertmanager.ingress.servicePort | default .Values.alertmanager.service.port -}}
|
||||
{{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }}
|
||||
{{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}}
|
||||
{{- $extraPaths := .Values.alertmanager.ingress.extraPaths | default list -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $serviceName }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
{{- if .Values.alertmanager.ingress.annotations }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .Values.alertmanager.ingress.annotations) . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{- if .Values.alertmanager.ingress.labels }}
|
||||
{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.ingress.ingressClassName }}
|
||||
ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if .Values.alertmanager.ingress.hosts }}
|
||||
{{- range $host := .Values.alertmanager.ingress.hosts }}
|
||||
- host: {{ tpl $host $ | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range $p := $paths }}
|
||||
{{- with $extraPaths }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ tpl $p $ }}
|
||||
pathType: {{ $pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $backendServiceName }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
- http:
|
||||
paths:
|
||||
{{- range $p := $paths }}
|
||||
{{- with $extraPaths }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ tpl $p $ }}
|
||||
pathType: {{ $pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $backendServiceName }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.alertmanager.ingress.tls }}
|
||||
tls:
|
||||
{{ tpl (toYaml .Values.alertmanager.ingress.tls | indent 4) . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,56 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }}
|
||||
{{- $pathType := .Values.alertmanager.ingressPerReplica.pathType | default "" }}
|
||||
{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}}
|
||||
{{- $servicePort := .Values.alertmanager.service.port -}}
|
||||
{{- $ingressValues := .Values.alertmanager.ingressPerReplica -}}
|
||||
apiVersion: v1
|
||||
kind: List
|
||||
metadata:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-ingressperreplica
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
items:
|
||||
{{ range $i, $e := until $count }}
|
||||
- kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
|
||||
labels:
|
||||
app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
|
||||
{{- if $ingressValues.labels }}
|
||||
{{ toYaml $ingressValues.labels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if $ingressValues.annotations }}
|
||||
annotations:
|
||||
{{- tpl (toYaml $ingressValues.annotations) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if $ingressValues.ingressClassName }}
|
||||
ingressClassName: {{ $ingressValues.ingressClassName }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
|
||||
http:
|
||||
paths:
|
||||
{{- range $p := $ingressValues.paths }}
|
||||
- path: {{ tpl $p $ }}
|
||||
pathType: {{ $pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- end -}}
|
||||
{{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
|
||||
{{- if $ingressValues.tlsSecretPerReplica.enabled }}
|
||||
secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }}
|
||||
{{- else }}
|
||||
secretName: {{ $ingressValues.tlsSecretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,76 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.networkPolicy.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
policyTypes:
|
||||
{{- toYaml .Values.alertmanager.networkPolicy.policyTypes | nindent 4 }}
|
||||
ingress:
|
||||
{{- if and (.Values.alertmanager.networkPolicy.gateway.namespace) (.Values.alertmanager.networkPolicy.gateway.podLabels) }}
|
||||
# Allow ingress from gateway
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: {{ .Values.alertmanager.networkPolicy.gateway.namespace }}
|
||||
{{- if and .Values.alertmanager.networkPolicy.gateway.podLabels (not (empty .Values.alertmanager.networkPolicy.gateway.podLabels)) }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- toYaml .Values.alertmanager.networkPolicy.gateway.podLabels | nindent 14 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.alertmanager.service.port }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.networkPolicy.monitoringRules.prometheus }}
|
||||
# Allow ingress from Prometheus
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: prometheus
|
||||
ports:
|
||||
- port: {{ .Values.alertmanager.service.port }}
|
||||
protocol: TCP
|
||||
{{- if .Values.alertmanager.networkPolicy.monitoringRules.configReloader }}
|
||||
- port: 8080
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and (.Values.alertmanager.networkPolicy.enableClusterRules) (.Values.alertmanager.service.clusterPort) }}
|
||||
# Allow ingress from other Alertmanager pods (for clustering)
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
ports:
|
||||
- port: {{ .Values.alertmanager.service.clusterPort }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.networkPolicy.monitoringRules.configReloader }}
|
||||
# Allow ingress for config reloader metrics
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
component: config-reloader
|
||||
ports:
|
||||
- port: 8080
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.networkPolicy.additionalIngress }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.networkPolicy.egress.enabled }}
|
||||
egress:
|
||||
{{- with .Values.alertmanager.networkPolicy.egress.rules }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,16 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- toYaml (omit .Values.alertmanager.podDisruptionBudget "enabled") | nindent 2 }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,63 @@
|
||||
{{- if .Values.alertmanager.enabled -}}
|
||||
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
|
||||
{{- $servicePort := .Values.alertmanager.ingress.servicePort | default .Values.alertmanager.service.port -}}
|
||||
{{- range $name, $route := .Values.alertmanager.route }}
|
||||
{{- if $route.enabled }}
|
||||
---
|
||||
apiVersion: {{ $route.apiVersion | default "gateway.networking.k8s.io/v1" }}
|
||||
kind: {{ $route.kind | default "HTTPRoute" }}
|
||||
metadata:
|
||||
{{- with $route.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ $serviceName }}{{ if ne $name "main" }}-{{ $name }}{{ end }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" $ }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-alertmanager
|
||||
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }}
|
||||
{{- with $route.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with $route.parentRefs }}
|
||||
parentRefs:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $route.hostnames }}
|
||||
hostnames:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if $route.additionalRules }}
|
||||
{{- tpl (toYaml $route.additionalRules) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $route.httpsRedirect }}
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
{{- else }}
|
||||
- backendRefs:
|
||||
- group: ""
|
||||
kind: Service
|
||||
weight: 1
|
||||
name: {{ $serviceName }}
|
||||
port: {{ $servicePort }}
|
||||
{{- with $route.filters }}
|
||||
filters:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $route.matches }}
|
||||
matches:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $route.sessionPersistence }}
|
||||
sessionPersistence:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,29 @@
|
||||
{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: alertmanager-{{ template "kube-prometheus-stack.alertmanager.crname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
{{- if .Values.alertmanager.secret.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
data:
|
||||
{{- if .Values.alertmanager.tplConfig }}
|
||||
{{- if .Values.alertmanager.stringConfig }}
|
||||
alertmanager.yaml: {{ tpl (.Values.alertmanager.stringConfig) . | b64enc | quote }}
|
||||
{{- else if eq (typeOf .Values.alertmanager.config) "string" }}
|
||||
alertmanager.yaml: {{ tpl (.Values.alertmanager.config) . | b64enc | quote }}
|
||||
{{- else }}
|
||||
alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- range $key, $val := .Values.alertmanager.templateFiles }}
|
||||
{{ $key }}: {{ $val | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,72 @@
|
||||
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.service.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
self-monitor: {{ .Values.alertmanager.serviceMonitor.selfMonitor | quote }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
{{- if .Values.alertmanager.service.labels }}
|
||||
{{ toYaml .Values.alertmanager.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.service.clusterIP }}
|
||||
clusterIP: {{ .Values.alertmanager.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if ne .Values.alertmanager.service.type "ClusterIP" }}
|
||||
externalTrafficPolicy: {{ .Values.alertmanager.service.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.alertmanager.alertmanagerSpec.portName }}
|
||||
{{- if eq .Values.alertmanager.service.type "NodePort" }}
|
||||
nodePort: {{ .Values.alertmanager.service.nodePort }}
|
||||
{{- end }}
|
||||
port: {{ .Values.alertmanager.service.port }}
|
||||
targetPort: {{ .Values.alertmanager.service.targetPort }}
|
||||
protocol: TCP
|
||||
- name: reloader-web
|
||||
{{- if semverCompare ">=1.20.0-0" $kubeTargetVersion }}
|
||||
appProtocol: http
|
||||
{{- end }}
|
||||
port: 8080
|
||||
targetPort: reloader-web
|
||||
{{- if .Values.alertmanager.service.additionalPorts }}
|
||||
{{ toYaml .Values.alertmanager.service.additionalPorts | indent 2 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
|
||||
{{- if .Values.alertmanager.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.alertmanager.service.sessionAffinity "ClientIP" }}
|
||||
sessionAffinityConfig:
|
||||
clientIP:
|
||||
timeoutSeconds: {{ .Values.alertmanager.service.sessionAffinityConfig.clientIP.timeoutSeconds }}
|
||||
{{- end }}
|
||||
type: "{{ .Values.alertmanager.service.type }}"
|
||||
{{- if .Values.alertmanager.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.alertmanager.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.alertmanager.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,21 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
app.kubernetes.io/component: alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
{{- if .Values.alertmanager.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.alertmanager.serviceAccount.automountServiceAccountToken }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,93 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
{{- with .Values.alertmanager.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.alertmanager.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
release: {{ $.Release.Name | quote }}
|
||||
self-monitor: "true"
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
|
||||
endpoints:
|
||||
- port: {{ .Values.alertmanager.alertmanagerSpec.portName }}
|
||||
enableHttp2: {{ .Values.alertmanager.serviceMonitor.enableHttp2 }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.interval }}
|
||||
interval: {{ .Values.alertmanager.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.scheme }}
|
||||
scheme: {{ .Values.alertmanager.serviceMonitor.scheme }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.alertmanager.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.tlsConfig }}
|
||||
tlsConfig: {{- toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }}
|
||||
{{- end }}
|
||||
path: "{{ trimSuffix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}/metrics"
|
||||
{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | nindent 6) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.relabelings }}
|
||||
relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 6 }}
|
||||
{{- end }}
|
||||
- port: reloader-web
|
||||
{{- if .Values.alertmanager.serviceMonitor.interval }}
|
||||
interval: {{ .Values.alertmanager.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.scheme }}
|
||||
scheme: {{ .Values.alertmanager.serviceMonitor.scheme }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.tlsConfig }}
|
||||
tlsConfig: {{- toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }}
|
||||
{{- end }}
|
||||
path: "/metrics"
|
||||
{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | nindent 6) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.relabelings }}
|
||||
relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- range .Values.alertmanager.serviceMonitor.additionalEndpoints }}
|
||||
- port: {{ .port }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.interval .interval }}
|
||||
interval: {{ default $.Values.alertmanager.serviceMonitor.interval .interval }}
|
||||
{{- end }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.proxyUrl .proxyUrl }}
|
||||
proxyUrl: {{ default $.Values.alertmanager.serviceMonitor.proxyUrl .proxyUrl }}
|
||||
{{- end }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.scheme .scheme }}
|
||||
scheme: {{ default $.Values.alertmanager.serviceMonitor.scheme .scheme }}
|
||||
{{- end }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.bearerTokenFile .bearerTokenFile }}
|
||||
bearerTokenFile: {{ default $.Values.alertmanager.serviceMonitor.bearerTokenFile .bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.tlsConfig .tlsConfig }}
|
||||
tlsConfig: {{- default $.Values.alertmanager.serviceMonitor.tlsConfig .tlsConfig | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
path: {{ .path }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.metricRelabelings .metricRelabelings }}
|
||||
metricRelabelings: {{- tpl (default $.Values.alertmanager.serviceMonitor.metricRelabelings .metricRelabelings | toYaml | nindent 6) . }}
|
||||
{{- end }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.relabelings .relabelings }}
|
||||
relabelings: {{- default $.Values.alertmanager.serviceMonitor.relabelings .relabelings | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,49 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled }}
|
||||
{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}}
|
||||
{{- $serviceValues := .Values.alertmanager.servicePerReplica -}}
|
||||
apiVersion: v1
|
||||
kind: List
|
||||
metadata:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-serviceperreplica
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
items:
|
||||
{{- range $i, $e := until $count }}
|
||||
- apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
|
||||
labels:
|
||||
app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
|
||||
{{- if $serviceValues.annotations }}
|
||||
annotations:
|
||||
{{ toYaml $serviceValues.annotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if $serviceValues.clusterIP }}
|
||||
clusterIP: {{ $serviceValues.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if $serviceValues.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := $serviceValues.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if ne $serviceValues.type "ClusterIP" }}
|
||||
externalTrafficPolicy: {{ $serviceValues.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ $.Values.alertmanager.alertmanagerSpec.portName }}
|
||||
{{- if eq $serviceValues.type "NodePort" }}
|
||||
nodePort: {{ $serviceValues.nodePort }}
|
||||
{{- end }}
|
||||
port: {{ $serviceValues.port }}
|
||||
targetPort: {{ $serviceValues.targetPort }}
|
||||
selector:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" $ }}
|
||||
statefulset.kubernetes.io/pod-name: alertmanager-{{ include "kube-prometheus-stack.alertmanager.crname" $ }}-{{ $i }}
|
||||
type: "{{ $serviceValues.type }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,41 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.verticalPodAutoscaler.enabled }}
|
||||
apiVersion: autoscaling.k8s.io/v1
|
||||
kind: VerticalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- with .Values.alertmanager.verticalPodAutoscaler.recommenders }}
|
||||
recommenders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
resourcePolicy:
|
||||
containerPolicies:
|
||||
- containerName: alertmanager
|
||||
{{- with .Values.alertmanager.verticalPodAutoscaler.controlledResources }}
|
||||
controlledResources:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.verticalPodAutoscaler.controlledValues }}
|
||||
controlledValues: {{ .Values.alertmanager.verticalPodAutoscaler.controlledValues }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.verticalPodAutoscaler.maxAllowed }}
|
||||
maxAllowed:
|
||||
{{- toYaml .Values.alertmanager.verticalPodAutoscaler.maxAllowed | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.verticalPodAutoscaler.minAllowed }}
|
||||
minAllowed:
|
||||
{{- toYaml .Values.alertmanager.verticalPodAutoscaler.minAllowed | nindent 8 }}
|
||||
{{- end }}
|
||||
targetRef:
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: Alertmanager
|
||||
name: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
|
||||
{{- with .Values.alertmanager.verticalPodAutoscaler.updatePolicy }}
|
||||
updatePolicy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,28 @@
|
||||
{{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-coredns
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-coredns
|
||||
jobLabel: coredns
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.coreDns.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.coreDns.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.coreDns.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.coreDns.serviceMonitor.port }}
|
||||
port: {{ .Values.coreDns.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.coreDns.service.targetPort }}
|
||||
selector:
|
||||
{{- if .Values.coreDns.service.selector }}
|
||||
{{ toYaml .Values.coreDns.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
k8s-app: kube-dns
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,54 @@
|
||||
{{- if and .Values.coreDns.enabled .Values.coreDns.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-coredns
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-coredns
|
||||
{{- with .Values.coreDns.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.coreDns.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.coreDns.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.coreDns.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.coreDns.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.coreDns.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-coredns
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: {{ .Values.coreDns.serviceMonitor.port }}
|
||||
{{- if .Values.coreDns.serviceMonitor.interval}}
|
||||
interval: {{ .Values.coreDns.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.coreDns.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.coreDns.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.coreDns.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.coreDns.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.coreDns.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.coreDns.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.coreDns.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,51 @@
|
||||
{{- if and .Values.kubeApiServer.enabled .Values.kubeApiServer.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-apiserver
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: default
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-apiserver
|
||||
{{- with .Values.kubeApiServer.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeApiServer.serviceMonitor | nindent 2 }}
|
||||
endpoints:
|
||||
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeApiServer.serviceMonitor.proxyUrl }}
|
||||
{{- end }}
|
||||
port: https
|
||||
scheme: https
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.metricRelabelings | indent 6) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.relabelings | indent 6) . }}
|
||||
{{- end }}
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
serverName: {{ .Values.kubeApiServer.tlsConfig.serverName }}
|
||||
insecureSkipVerify: {{ .Values.kubeApiServer.tlsConfig.insecureSkipVerify }}
|
||||
jobLabel: {{ .Values.kubeApiServer.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeApiServer.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- default
|
||||
selector:
|
||||
{{ toYaml .Values.kubeApiServer.serviceMonitor.selector | indent 4 }}
|
||||
{{- end}}
|
||||
@@ -0,0 +1,22 @@
|
||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
|
||||
k8s-app: kube-controller-manager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.kubeControllerManager.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeControllerManager.serviceMonitor.port }}
|
||||
{{- $kubeControllerManagerDefaultInsecurePort := 10252 }}
|
||||
{{- $kubeControllerManagerDefaultSecurePort := 10257 }}
|
||||
port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
@@ -0,0 +1,33 @@
|
||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
|
||||
jobLabel: kube-controller-manager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.kubeControllerManager.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.kubeControllerManager.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.kubeControllerManager.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeControllerManager.serviceMonitor.port }}
|
||||
{{- $kubeControllerManagerDefaultInsecurePort := 10252 }}
|
||||
{{- $kubeControllerManagerDefaultSecurePort := 10257 }}
|
||||
port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }}
|
||||
protocol: TCP
|
||||
targetPort: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.targetPort) }}
|
||||
{{- if .Values.kubeControllerManager.endpoints }}{{- else }}
|
||||
selector:
|
||||
{{- if .Values.kubeControllerManager.service.selector }}
|
||||
{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
component: kube-controller-manager
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
type: ClusterIP
|
||||
{{- end }}
|
||||
@@ -0,0 +1,63 @@
|
||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
|
||||
{{- with .Values.kubeControllerManager.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.kubeControllerManager.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeControllerManager.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeControllerManager.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: {{ .Values.kubeControllerManager.serviceMonitor.port }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeControllerManager.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . false true .Values.kubeControllerManager.serviceMonitor.https )) "true" }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
{{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . nil true .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify)) "true" }}
|
||||
insecureSkipVerify: true
|
||||
{{- end }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.serverName }}
|
||||
serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,32 @@
|
||||
{{- if and .Values.kubeDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
|
||||
jobLabel: kube-dns
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.kubeDns.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.kubeDns.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.kubeDns.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http-metrics-dnsmasq
|
||||
port: {{ .Values.kubeDns.service.dnsmasq.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.kubeDns.service.dnsmasq.targetPort }}
|
||||
- name: http-metrics-skydns
|
||||
port: {{ .Values.kubeDns.service.skydns.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.kubeDns.service.skydns.targetPort }}
|
||||
selector:
|
||||
{{- if .Values.kubeDns.service.selector }}
|
||||
{{ toYaml .Values.kubeDns.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
k8s-app: kube-dns
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,69 @@
|
||||
{{- if and .Values.kubeDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
|
||||
{{- with .Values.kubeDns.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.kubeDns.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeDns.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeDns.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.kubeDns.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: http-metrics-dnsmasq
|
||||
{{- if .Values.kubeDns.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeDns.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.kubeDns.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeDns.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.dnsmasqRelabelings }}
|
||||
relabelings:
|
||||
{{ toYaml .Values.kubeDns.serviceMonitor.dnsmasqRelabelings | indent 4 }}
|
||||
{{- end }}
|
||||
- port: http-metrics-skydns
|
||||
{{- if .Values.kubeDns.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeDns.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.kubeDns.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,20 @@
|
||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
|
||||
k8s-app: etcd-server
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.kubeEtcd.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeEtcd.serviceMonitor.port }}
|
||||
port: {{ .Values.kubeEtcd.service.port }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
@@ -0,0 +1,31 @@
|
||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
|
||||
jobLabel: kube-etcd
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.kubeEtcd.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.kubeEtcd.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.kubeEtcd.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeEtcd.serviceMonitor.port }}
|
||||
port: {{ .Values.kubeEtcd.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.kubeEtcd.service.targetPort }}
|
||||
{{- if .Values.kubeEtcd.endpoints }}{{- else }}
|
||||
selector:
|
||||
{{- if .Values.kubeEtcd.service.selector }}
|
||||
{{ toYaml .Values.kubeEtcd.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
component: etcd
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
type: ClusterIP
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,71 @@
|
||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
|
||||
{{- with .Values.kubeEtcd.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.kubeEtcd.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeEtcd.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeEtcd.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: {{ .Values.kubeEtcd.serviceMonitor.port }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeEtcd.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.kubeEtcd.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeEtcd.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if eq .Values.kubeEtcd.serviceMonitor.scheme "https" }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.serverName }}
|
||||
serverName: {{ .Values.kubeEtcd.serviceMonitor.serverName }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.caFile }}
|
||||
caFile: {{ .Values.kubeEtcd.serviceMonitor.caFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.certFile }}
|
||||
certFile: {{ .Values.kubeEtcd.serviceMonitor.certFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.keyFile }}
|
||||
keyFile: {{ .Values.kubeEtcd.serviceMonitor.keyFile }}
|
||||
{{- end}}
|
||||
insecureSkipVerify: {{ .Values.kubeEtcd.serviceMonitor.insecureSkipVerify }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,20 @@
|
||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
|
||||
k8s-app: kube-proxy
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.kubeProxy.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeProxy.serviceMonitor.port }}
|
||||
port: {{ .Values.kubeProxy.service.port }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
@@ -0,0 +1,31 @@
|
||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
|
||||
jobLabel: kube-proxy
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.kubeProxy.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.kubeProxy.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.kubeProxy.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeProxy.serviceMonitor.port }}
|
||||
port: {{ .Values.kubeProxy.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.kubeProxy.service.targetPort }}
|
||||
{{- if .Values.kubeProxy.endpoints }}{{- else }}
|
||||
selector:
|
||||
{{- if .Values.kubeProxy.service.selector }}
|
||||
{{ toYaml .Values.kubeProxy.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
k8s-app: kube-proxy
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
type: ClusterIP
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,59 @@
|
||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
|
||||
{{- with .Values.kubeProxy.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.kubeProxy.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeProxy.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeProxy.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.kubeProxy.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: {{ .Values.kubeProxy.serviceMonitor.port }}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeProxy.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.kubeProxy.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeProxy.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.https }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
{{- end}}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,22 @@
|
||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
|
||||
k8s-app: kube-scheduler
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.kubeScheduler.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeScheduler.serviceMonitor.port }}
|
||||
{{- $kubeSchedulerDefaultInsecurePort := 10251 }}
|
||||
{{- $kubeSchedulerDefaultSecurePort := 10259 }}
|
||||
port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
@@ -0,0 +1,33 @@
|
||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
|
||||
jobLabel: kube-scheduler
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.kubeScheduler.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.kubeScheduler.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.kubeScheduler.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeScheduler.serviceMonitor.port }}
|
||||
{{- $kubeSchedulerDefaultInsecurePort := 10251 }}
|
||||
{{- $kubeSchedulerDefaultSecurePort := 10259 }}
|
||||
port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }}
|
||||
protocol: TCP
|
||||
targetPort: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.targetPort) }}
|
||||
{{- if .Values.kubeScheduler.endpoints }}{{- else }}
|
||||
selector:
|
||||
{{- if .Values.kubeScheduler.service.selector }}
|
||||
{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
component: kube-scheduler
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
type: ClusterIP
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,63 @@
|
||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
|
||||
{{- with .Values.kubeScheduler.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.kubeScheduler.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeScheduler.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeScheduler.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: {{ .Values.kubeScheduler.serviceMonitor.port }}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeScheduler.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . false true .Values.kubeScheduler.serviceMonitor.https )) "true" }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
{{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . nil true .Values.kubeScheduler.serviceMonitor.insecureSkipVerify)) "true" }}
|
||||
insecureSkipVerify: true
|
||||
{{- end }}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.serverName }}
|
||||
serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }}
|
||||
{{- end}}
|
||||
{{- end}}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,149 @@
|
||||
{{- if and .Values.kubelet.enabled .Values.kubelet.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kubelet
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: {{ .Values.kubelet.namespace }}
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kubelet
|
||||
{{- with .Values.kubelet.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubelet.serviceMonitor | nindent 2 }}
|
||||
{{- with .Values.kubelet.serviceMonitor.attachMetadata }}
|
||||
attachMetadata:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
jobLabel: k8s-app
|
||||
{{- with .Values.kubelet.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Values.kubelet.namespace }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: kubelet
|
||||
k8s-app: kubelet
|
||||
endpoints:
|
||||
{{- if .Values.kubelet.serviceMonitor.kubelet }}
|
||||
- port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
|
||||
scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
{{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
|
||||
honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
|
||||
honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
|
||||
{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.cAdvisor }}
|
||||
- port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
|
||||
scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
|
||||
path: /metrics/cadvisor
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- else }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.cAdvisorInterval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
|
||||
{{- if .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
|
||||
honorTimestamps: true
|
||||
{{- else }}
|
||||
honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
|
||||
{{- end }}
|
||||
trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
|
||||
{{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
|
||||
{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.probes }}
|
||||
- port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
|
||||
scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
|
||||
path: /metrics/probes
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
|
||||
honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
|
||||
{{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
|
||||
{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.probesRelabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.resource }}
|
||||
- port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
|
||||
scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
|
||||
path: {{ .Values.kubelet.serviceMonitor.resourcePath }}
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- else }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.resourceInterval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
|
||||
{{- if .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
|
||||
honorTimestamps: true
|
||||
{{- else }}
|
||||
honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
|
||||
{{- end }}
|
||||
trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
|
||||
{{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
|
||||
{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,15 @@
|
||||
{{- /* Normalize extraObjects to a list, easier to loop over */ -}}
|
||||
{{- $extraObjects := .Values.extraManifests | default (list) -}}
|
||||
|
||||
{{- if kindIs "map" $extraObjects -}}
|
||||
{{- $extraObjects = values $extraObjects -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $extraObjects }}
|
||||
---
|
||||
{{- if kindIs "map" . }}
|
||||
{{- tpl (toYaml .) $ | nindent 0 }}
|
||||
{{- else if kindIs "string" . }}
|
||||
{{- tpl . $ | nindent 0 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,98 @@
|
||||
{{- if or (and .Values.grafana.enabled .Values.grafana.sidecar.datasources.enabled) .Values.grafana.forceDeployDatasources }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-grafana-datasource
|
||||
namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
|
||||
{{- if .Values.grafana.sidecar.datasources.annotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.grafana.sidecar.datasources.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{ tpl $.Values.grafana.sidecar.datasources.label $ }}: {{ (tpl $.Values.grafana.sidecar.datasources.labelValue $) | quote }}
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
|
||||
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
|
||||
data:
|
||||
datasource.yaml: |-
|
||||
apiVersion: 1
|
||||
{{- if .Values.grafana.deleteDatasources }}
|
||||
deleteDatasources:
|
||||
{{ tpl (toYaml .Values.grafana.deleteDatasources | indent 6) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.prune }}
|
||||
prune: {{ .Values.grafana.prune }}
|
||||
{{- end }}
|
||||
datasources:
|
||||
{{- $scrapeInterval := .Values.grafana.sidecar.datasources.defaultDatasourceScrapeInterval | default .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }}
|
||||
{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }}
|
||||
- name: "{{ .Values.grafana.sidecar.datasources.name }}"
|
||||
type: prometheus
|
||||
uid: {{ .Values.grafana.sidecar.datasources.uid }}
|
||||
{{- if .Values.grafana.sidecar.datasources.url }}
|
||||
url: {{ .Values.grafana.sidecar.datasources.url }}
|
||||
{{- else }}
|
||||
url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }}
|
||||
{{- end }}
|
||||
access: proxy
|
||||
isDefault: {{ .Values.grafana.sidecar.datasources.isDefaultDatasource }}
|
||||
jsonData:
|
||||
{{- with .Values.grafana.sidecar.datasources.extraJsonData -}}
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
httpMethod: {{ .Values.grafana.sidecar.datasources.httpMethod }}
|
||||
timeInterval: {{ $scrapeInterval }}
|
||||
{{- if .Values.grafana.sidecar.datasources.timeout }}
|
||||
timeout: {{ .Values.grafana.sidecar.datasources.timeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.sidecar.datasources.customQueryParameters }}
|
||||
customQueryParameters: {{ .Values.grafana.sidecar.datasources.customQueryParameters }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
|
||||
exemplarTraceIdDestinations:
|
||||
- datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }}
|
||||
name: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.traceIdLabelName }}
|
||||
urlDisplayLabel: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.urlDisplayLabel }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }}
|
||||
{{- range until (int .Values.prometheus.prometheusSpec.replicas) }}
|
||||
- name: "{{ $.Values.grafana.sidecar.datasources.name }}-{{ . }}"
|
||||
type: prometheus
|
||||
uid: {{ $.Values.grafana.sidecar.datasources.uid }}-replica-{{ . }}
|
||||
url: http://prometheus-{{ template "kube-prometheus-stack.prometheus.crname" $ }}-{{ . }}.{{ $.Values.grafana.sidecar.datasources.prometheusServiceName}}:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }}
|
||||
access: proxy
|
||||
isDefault: false
|
||||
jsonData:
|
||||
{{- with $.Values.grafana.sidecar.datasources.extraJsonData -}}
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
timeInterval: {{ $scrapeInterval }}
|
||||
{{- if $.Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
|
||||
exemplarTraceIdDestinations:
|
||||
- datasourceUid: {{ $.Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }}
|
||||
name: {{ $.Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.traceIdLabelName }}
|
||||
urlDisplayLabel: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.urlDisplayLabel }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.sidecar.datasources.alertmanager.enabled }}
|
||||
- name: "{{ .Values.grafana.sidecar.datasources.alertmanager.name }}"
|
||||
type: alertmanager
|
||||
uid: {{ .Values.grafana.sidecar.datasources.alertmanager.uid }}
|
||||
{{- if .Values.grafana.sidecar.datasources.alertmanager.url }}
|
||||
url: {{ .Values.grafana.sidecar.datasources.alertmanager.url }}
|
||||
{{- else }}
|
||||
url: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }}/{{ trimPrefix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}
|
||||
{{- end }}
|
||||
access: proxy
|
||||
jsonData:
|
||||
handleGrafanaManagedAlerts: {{ .Values.grafana.sidecar.datasources.alertmanager.handleGrafanaManagedAlerts }}
|
||||
implementation: {{ .Values.grafana.sidecar.datasources.alertmanager.implementation }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.additionalDataSources }}
|
||||
{{ tpl (toYaml .Values.grafana.additionalDataSources | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- with .Values.grafana.additionalDataSourcesString }}
|
||||
{{ tpl . $ | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
+57
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
+56
File diff suppressed because one or more lines are too long
+56
File diff suppressed because one or more lines are too long
+56
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
+57
File diff suppressed because one or more lines are too long
+56
File diff suppressed because one or more lines are too long
+56
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@@ -0,0 +1,7 @@
|
||||
{{/* Generate basic labels for prometheus-operator */}}
|
||||
{{- define "kube-prometheus-stack.prometheus-operator.labels" }}
|
||||
{{- include "kube-prometheus-stack.labels" . }}
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
|
||||
app.kubernetes.io/component: prometheus-operator
|
||||
{{- end }}
|
||||
+13
@@ -0,0 +1,13 @@
|
||||
{{/* Generate basic labels for prometheus-operator-webhook */}}
|
||||
{{- define "kube-prometheus-stack.prometheus-operator-webhook.labels" }}
|
||||
{{- include "kube-prometheus-stack.labels" . }}
|
||||
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
|
||||
app.kubernetes.io/component: prometheus-operator-webhook
|
||||
{{- end }}
|
||||
|
||||
{{- define "kube-prometheus-stack.prometheus-operator-webhook.annotations" }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
|
||||
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+145
@@ -0,0 +1,145 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.labels }}
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.prometheusOperator.admissionWebhooks.deployment.replicas }}
|
||||
revisionHistoryLimit: {{ .Values.prometheusOperator.admissionWebhooks.deployment.revisionHistoryLimit }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.strategy }}
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
release: {{ $.Release.Name | quote }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 8 }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.priorityClassName }}
|
||||
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.deployment.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: prometheus-operator-admission-webhook
|
||||
{{- $operatorRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.admissionWebhooks.deployment.image.registry -}}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.image.sha }}
|
||||
image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.tag | default .Chart.AppVersion }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: "{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.pullPolicy }}"
|
||||
args:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.logFormat }}
|
||||
- --log-format={{ .Values.prometheusOperator.admissionWebhooks.deployment.logFormat }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.logLevel }}
|
||||
- --log-level={{ .Values.prometheusOperator.admissionWebhooks.deployment.logLevel }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
|
||||
- "--web.enable-tls=true"
|
||||
- "--web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }}"
|
||||
- "--web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }}"
|
||||
- "--web.listen-address=:{{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.internalPort }}"
|
||||
- "--web.tls-min-version={{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.tlsMinVersion }}"
|
||||
ports:
|
||||
- containerPort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.internalPort }}
|
||||
name: https
|
||||
{{- else }}
|
||||
- "--web.enable-tls=false"
|
||||
- "--web.listen-address=:8080"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "https" "http" }}
|
||||
scheme: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "HTTPS" "HTTP" }}
|
||||
initialDelaySeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "https" "http" }}
|
||||
scheme: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "HTTPS" "HTTP" }}
|
||||
initialDelaySeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.resources | indent 12 }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.containerSecurityContext | indent 12 }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
|
||||
volumeMounts:
|
||||
- name: tls-secret
|
||||
mountPath: /cert
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: tls-secret
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.deployment.automountServiceAccountToken }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.hostNetwork }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+15
@@ -0,0 +1,15 @@
|
||||
{{- if and .Values.prometheusOperator.admissionWebhooks.deployment.enabled .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.enabled -}}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{ toYaml (omit .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget "enabled") | indent 2 }}
|
||||
{{- end }}
|
||||
+62
@@ -0,0 +1,62 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.labels }}
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.clusterIP }}
|
||||
clusterIP: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if ne .Values.prometheusOperator.admissionWebhooks.deployment.service.type "ClusterIP" }}
|
||||
externalTrafficPolicy: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
{{- if not .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
|
||||
- name: http
|
||||
{{- if eq .Values.prometheusOperator.admissionWebhooks.deployment.service.type "NodePort" }}
|
||||
nodePort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.nodePort }}
|
||||
{{- end }}
|
||||
port: 8080
|
||||
targetPort: http
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
|
||||
- name: https
|
||||
{{- if eq .Values.prometheusOperator.admissionWebhooks.deployment.service.type "NodePort"}}
|
||||
nodePort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.nodePortTls }}
|
||||
{{- end }}
|
||||
port: 443
|
||||
targetPort: https
|
||||
{{- end }}
|
||||
selector:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
release: {{ $.Release.Name | quote }}
|
||||
type: "{{ .Values.prometheusOperator.admissionWebhooks.deployment.service.type }}"
|
||||
{{- end }}
|
||||
+18
@@ -0,0 +1,18 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.automountServiceAccountToken }}
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | indent 4 }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.annotations }}
|
||||
annotations: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+36
@@ -0,0 +1,36 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
helm.sh/hook: pre-install,pre-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
## Ensure this is run before the job
|
||||
helm.sh/hook-weight: "-5"
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- else }}
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
|
||||
{{- end }}
|
||||
egress:
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||
{{- else }}
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+36
@@ -0,0 +1,36 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
## Ensure this is run before the job
|
||||
helm.sh/hook-weight: "-5"
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- else }}
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
|
||||
{{- end }}
|
||||
egress:
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||
{{- else }}
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+22
@@ -0,0 +1,22 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- admissionregistration.k8s.io
|
||||
resources:
|
||||
- validatingwebhookconfigurations
|
||||
- mutatingwebhookconfigurations
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- patch
|
||||
{{- end }}
|
||||
+20
@@ -0,0 +1,20 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
+74
@@ -0,0 +1,74 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
ttlSecondsAfterFinished: {{ .Values.prometheusOperator.admissionWebhooks.patch.ttlSecondsAfterFinished }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 8 }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
|
||||
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: create
|
||||
{{- $registry := .Values.global.imageRegistry | default .Values.prometheusOperator.admissionWebhooks.patch.image.registry -}}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
|
||||
image: {{ $registry }}/{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
|
||||
{{- else }}
|
||||
image: {{ $registry }}/{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
|
||||
args:
|
||||
- create
|
||||
- --host={{- include "kube-prometheus-stack.operator.admission-webhook.dnsNames" . | replace "\n" "," }}
|
||||
- --namespace={{ template "kube-prometheus-stack.namespace" . }}
|
||||
- --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.createSecretJob }}
|
||||
securityContext:
|
||||
{{ toYaml .securityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+83
@@ -0,0 +1,83 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
{{- $failurePolicy := .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
{{- if eq $failurePolicy "IgnoreOnInstallOnly" }}
|
||||
{{- if .Release.IsInstall }}
|
||||
{{- $failurePolicy = "Ignore" }}
|
||||
{{- else }}
|
||||
{{- $failurePolicy = "Fail" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
ttlSecondsAfterFinished: {{ .Values.prometheusOperator.admissionWebhooks.patch.ttlSecondsAfterFinished }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 8 }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
|
||||
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: patch
|
||||
{{- $registry := .Values.global.imageRegistry | default .Values.prometheusOperator.admissionWebhooks.patch.image.registry -}}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
|
||||
image: {{ $registry }}/{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
|
||||
{{- else }}
|
||||
image: {{ $registry }}/{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
|
||||
args:
|
||||
- patch
|
||||
- --webhook-name={{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
- --namespace={{ template "kube-prometheus-stack.namespace" . }}
|
||||
- --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
- --patch-failure-policy={{ $failurePolicy }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patchWebhookJob }}
|
||||
securityContext:
|
||||
{{ toYaml .securityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+33
@@ -0,0 +1,33 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
## Ensure this is run before the job
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- else }}
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
|
||||
{{- end }}
|
||||
egress:
|
||||
- {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+33
@@ -0,0 +1,33 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
## Ensure this is run before the job
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- else }}
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
|
||||
{{- end }}
|
||||
egress:
|
||||
- {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+21
@@ -0,0 +1,21 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
{{- end }}
|
||||
+21
@@ -0,0 +1,21 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
+21
@@ -0,0 +1,21 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.prometheusOperator.admissionWebhooks.patch.serviceAccount.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.serviceAccount.annotations }}
|
||||
annotations: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+85
@@ -0,0 +1,85 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }}
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
annotations:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.annotations" $ | trim |nindent 4 }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.mutatingWebhookConfiguration.annotations }}
|
||||
{{- toYaml . | nindent 4}}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
webhooks:
|
||||
- name: prometheusrulemutate.monitoring.coreos.com
|
||||
{{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }}
|
||||
failurePolicy: {{ .Release.IsInstall | ternary "Ignore" "Fail" }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
|
||||
failurePolicy: Ignore
|
||||
{{- else }}
|
||||
failurePolicy: Fail
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
apiVersions:
|
||||
- "*"
|
||||
resources:
|
||||
- prometheusrules
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
clientConfig:
|
||||
service:
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
|
||||
path: /admission-prometheusrules/mutate
|
||||
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
|
||||
{{- end }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
||||
admissionReviewVersions: ["v1", "v1beta1"]
|
||||
sideEffects: None
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector }}
|
||||
namespaceSelector:
|
||||
{{- with (omit .Values.prometheusOperator.admissionWebhooks.namespaceSelector "matchExpressions") }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- with (.Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions) }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: NotIn
|
||||
values:
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: In
|
||||
values:
|
||||
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
|
||||
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.objectSelector }}
|
||||
objectSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.matchConditions }}
|
||||
matchConditions:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+155
@@ -0,0 +1,155 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }}
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
annotations:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.annotations" $ | trim | nindent 4 }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.validatingWebhookConfiguration.annotations }}
|
||||
{{- toYaml . | nindent 4}}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
webhooks:
|
||||
- name: prometheusrulevalidate.monitoring.coreos.com
|
||||
{{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }}
|
||||
failurePolicy: {{ .Release.IsInstall | ternary "Ignore" "Fail" }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
|
||||
failurePolicy: Ignore
|
||||
{{- else }}
|
||||
failurePolicy: Fail
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
apiVersions:
|
||||
- "*"
|
||||
resources:
|
||||
- prometheusrules
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
clientConfig:
|
||||
service:
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
|
||||
path: /admission-prometheusrules/validate
|
||||
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
|
||||
{{- end }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
||||
admissionReviewVersions: ["v1", "v1beta1"]
|
||||
sideEffects: None
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector }}
|
||||
namespaceSelector:
|
||||
{{- with (omit .Values.prometheusOperator.admissionWebhooks.namespaceSelector "matchExpressions") }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- with (.Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions) }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: NotIn
|
||||
values:
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: In
|
||||
values:
|
||||
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
|
||||
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.objectSelector }}
|
||||
objectSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.matchConditions }}
|
||||
matchConditions:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
- name: alertmanagerconfigsvalidate.monitoring.coreos.com
|
||||
{{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }}
|
||||
failurePolicy: {{ .Release.IsInstall | ternary "Ignore" "Fail" }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
|
||||
failurePolicy: Ignore
|
||||
{{- else }}
|
||||
failurePolicy: Fail
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
apiVersions:
|
||||
- v1alpha1
|
||||
resources:
|
||||
- alertmanagerconfigs
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
clientConfig:
|
||||
service:
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
|
||||
path: /admission-alertmanagerconfigs/validate
|
||||
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
|
||||
{{- end }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
||||
admissionReviewVersions: ["v1", "v1beta1"]
|
||||
sideEffects: None
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector }}
|
||||
namespaceSelector:
|
||||
{{- with (omit .Values.prometheusOperator.admissionWebhooks.namespaceSelector "matchExpressions") }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- with (.Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions) }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: NotIn
|
||||
values:
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: In
|
||||
values:
|
||||
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
|
||||
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.objectSelector }}
|
||||
objectSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.matchConditions }}
|
||||
matchConditions:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,29 @@
|
||||
{{/* This file is based on https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/rbac-crd.md */}}
|
||||
{{- if and .Values.global.rbac.create .Values.global.rbac.createAggregateClusterRoles }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-crd-view
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: ["monitoring.coreos.com"]
|
||||
resources: ["alertmanagers", "alertmanagerconfigs", "podmonitors", "probes", "prometheuses", "prometheusagents", "prometheusrules", "scrapeconfigs", "servicemonitors"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-crd-edit
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: ["monitoring.coreos.com"]
|
||||
resources: ["alertmanagers", "alertmanagerconfigs", "podmonitors", "probes", "prometheuses", "prometheusagents", "prometheusrules", "scrapeconfigs", "servicemonitors"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
{{- end }}
|
||||
@@ -0,0 +1,61 @@
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}}
|
||||
{{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}}
|
||||
# Create a selfsigned Issuer, in order to create a root CA certificate for
|
||||
# signing webhook serving certificates
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
spec:
|
||||
selfSigned: {}
|
||||
---
|
||||
# Generate a CA Certificate used to sign certificates for the webhook
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
spec:
|
||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
|
||||
duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.certManager.rootCert.revisionHistoryLimit }}
|
||||
revisionHistoryLimit: {{ . }}
|
||||
{{- end }}
|
||||
issuerRef:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
|
||||
commonName: "ca.webhook.kube-prometheus-stack"
|
||||
isCA: true
|
||||
---
|
||||
# Create an Issuer that uses the above generated CA certificate to issue certs
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
spec:
|
||||
ca:
|
||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
|
||||
{{- end }}
|
||||
---
|
||||
# generate a server certificate for the apiservices to use
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
spec:
|
||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.certManager.admissionCert.revisionHistoryLimit }}
|
||||
revisionHistoryLimit: {{ . }}
|
||||
{{- end }}
|
||||
issuerRef:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }}
|
||||
{{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }}
|
||||
{{- else }}
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
|
||||
{{- end }}
|
||||
dnsNames:
|
||||
{{- include "kube-prometheus-stack.operator.admission-webhook.dnsNames" . | splitList "\n" | toYaml | nindent 4 }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,40 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- else }}
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" $ | nindent 6 }}
|
||||
{{- end }}
|
||||
egress:
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||
{{- else }}
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
{{- end }}
|
||||
ingress:
|
||||
- toPorts:
|
||||
- ports:
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- port: {{ .Values.prometheusOperator.tls.internalPort | quote }}
|
||||
{{- else }}
|
||||
- port: "8080"
|
||||
{{- end }}
|
||||
protocol: "TCP"
|
||||
{{- if not .Values.prometheusOperator.tls.enabled }}
|
||||
rules:
|
||||
http:
|
||||
- method: "GET"
|
||||
path: "/metrics"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,117 @@
|
||||
{{/* This file is based on https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/rbac.md */}}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
resources:
|
||||
- alertmanagers
|
||||
- alertmanagers/finalizers
|
||||
- alertmanagers/status
|
||||
- alertmanagerconfigs
|
||||
- prometheuses
|
||||
- prometheuses/finalizers
|
||||
- prometheuses/status
|
||||
- prometheusagents
|
||||
- prometheusagents/finalizers
|
||||
- prometheusagents/status
|
||||
- thanosrulers
|
||||
- thanosrulers/finalizers
|
||||
- thanosrulers/status
|
||||
- scrapeconfigs
|
||||
- scrapeconfigs/status
|
||||
- servicemonitors
|
||||
- servicemonitors/status
|
||||
- podmonitors
|
||||
- podmonitors/status
|
||||
- probes
|
||||
- probes/status
|
||||
- prometheusrules
|
||||
- prometheusrules/status
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- secrets
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- list
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- services/finalizers
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
- events.k8s.io
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- patch
|
||||
- create
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- storage.k8s.io
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- discovery.k8s.io
|
||||
resources:
|
||||
- endpointslices
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- delete
|
||||
{{- end }}
|
||||
@@ -0,0 +1,16 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,249 @@
|
||||
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||
{{- $defaultKubeletSvcName := printf "%s-kubelet" (include "kube-prometheus-stack.fullname" .) }}
|
||||
{{- if .Values.prometheusOperator.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
{{- if .Values.prometheusOperator.labels }}
|
||||
{{ toYaml .Values.prometheusOperator.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: 1
|
||||
revisionHistoryLimit: {{ .Values.prometheusOperator.revisionHistoryLimit }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- with .Values.prometheusOperator.strategy }}
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 8 }}
|
||||
{{- if .Values.prometheusOperator.podLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.priorityClassName }}
|
||||
priorityClassName: {{ .Values.prometheusOperator.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "kube-prometheus-stack.name" . }}
|
||||
{{- $configReloaderRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.prometheusConfigReloader.image.registry -}}
|
||||
{{- $operatorRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.image.registry -}}
|
||||
{{- $thanosRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.thanosImage.registry -}}
|
||||
{{- if .Values.prometheusOperator.image.sha }}
|
||||
image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.prometheusOperator.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag | default .Chart.AppVersion }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}"
|
||||
args:
|
||||
{{- if .Values.prometheusOperator.kubeletService.enabled }}
|
||||
- --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ default $defaultKubeletSvcName .Values.prometheusOperator.kubeletService.name }}
|
||||
{{- if .Values.prometheusOperator.kubeletService.selector }}
|
||||
- --kubelet-selector={{ .Values.prometheusOperator.kubeletService.selector }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- --kubelet-endpoints={{ .Values.prometheusOperator.kubeletEndpointsEnabled }}
|
||||
- --kubelet-endpointslice={{ .Values.prometheusOperator.kubeletEndpointSliceEnabled }}
|
||||
{{- if .Values.prometheusOperator.logFormat }}
|
||||
- --log-format={{ .Values.prometheusOperator.logFormat }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.logLevel }}
|
||||
- --log-level={{ .Values.prometheusOperator.logLevel }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||
- --deny-namespaces={{ tpl (.Values.prometheusOperator.denyNamespaces | join ",") $ }}
|
||||
{{- end }}
|
||||
{{- with $.Values.prometheusOperator.namespaces }}
|
||||
{{- $namespaces := list }}
|
||||
{{- if .releaseNamespace }}
|
||||
{{- $namespaces = append $namespaces $namespace }}
|
||||
{{- end }}
|
||||
{{- if .additional }}
|
||||
{{- range $ns := .additional }}
|
||||
{{- $namespaces = append $namespaces (tpl $ns $) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- --namespaces={{ $namespaces | mustUniq | join "," }}
|
||||
{{- end }}
|
||||
- --localhost=127.0.0.1
|
||||
{{- if .Values.prometheusOperator.prometheusDefaultBaseImage }}
|
||||
- --prometheus-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.prometheusDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.prometheusDefaultBaseImage }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
|
||||
- --alertmanager-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.alertmanagerDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.prometheusConfigReloader.image.sha }}
|
||||
- --prometheus-config-reloader={{ $configReloaderRegistry }}/{{ .Values.prometheusOperator.prometheusConfigReloader.image.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloader.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloader.image.sha }}
|
||||
{{- else }}
|
||||
- --prometheus-config-reloader={{ $configReloaderRegistry }}/{{ .Values.prometheusOperator.prometheusConfigReloader.image.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloader.image.tag | default .Chart.AppVersion }}
|
||||
{{- end }}
|
||||
- --config-reloader-cpu-request={{ (((.Values.prometheusOperator.prometheusConfigReloader.resources).requests).cpu) | default 0 }}
|
||||
- --config-reloader-cpu-limit={{ (((.Values.prometheusOperator.prometheusConfigReloader.resources).limits).cpu) | default 0 }}
|
||||
- --config-reloader-memory-request={{ (((.Values.prometheusOperator.prometheusConfigReloader.resources).requests).memory) | default 0 }}
|
||||
- --config-reloader-memory-limit={{ (((.Values.prometheusOperator.prometheusConfigReloader.resources).limits).memory) | default 0 }}
|
||||
{{- if .Values.prometheusOperator.prometheusConfigReloader.enableProbe }}
|
||||
- --enable-config-reloader-probes=true
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }}
|
||||
- --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerInstanceSelector }}
|
||||
- --alertmanager-instance-selector={{ .Values.prometheusOperator.alertmanagerInstanceSelector }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerConfigNamespaces }}
|
||||
- --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.prometheusInstanceNamespaces }}
|
||||
- --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.prometheusInstanceSelector }}
|
||||
- --prometheus-instance-selector={{ .Values.prometheusOperator.prometheusInstanceSelector }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.thanosImage.sha }}
|
||||
- --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}@sha256:{{ .Values.prometheusOperator.thanosImage.sha }}
|
||||
{{- else }}
|
||||
- --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }}
|
||||
- --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.thanosRulerInstanceSelector }}
|
||||
- --thanos-ruler-instance-selector={{ .Values.prometheusOperator.thanosRulerInstanceSelector }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.secretFieldSelector }}
|
||||
- --secret-field-selector={{ tpl (.Values.prometheusOperator.secretFieldSelector) $ }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.clusterDomain }}
|
||||
- --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- --web.enable-tls=true
|
||||
- --web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }}
|
||||
- --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }}
|
||||
- --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }}
|
||||
- --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }}
|
||||
{{- else }}
|
||||
- --web.enable-tls=false
|
||||
- --web.listen-address=:8080
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.extraArgs }}
|
||||
{{- tpl (toYaml .) $ | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.lifecycle }}
|
||||
lifecycle: {{ toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.prometheusOperator.tls.internalPort }}
|
||||
name: https
|
||||
{{- else }}
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
{{- end }}
|
||||
env:
|
||||
{{- range $key, $value := .Values.prometheusOperator.env }}
|
||||
- name: {{ $key }}
|
||||
value: {{ $value | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.prometheusOperator.resources | indent 12 }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.containerSecurityContext | indent 12 }}
|
||||
volumeMounts:
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- name: tls-secret
|
||||
mountPath: /cert
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.prometheusOperator.tls.enabled | ternary "https" "http" }}
|
||||
scheme: {{ .Values.prometheusOperator.tls.enabled | ternary "HTTPS" "HTTP" }}
|
||||
initialDelaySeconds: {{ .Values.prometheusOperator.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheusOperator.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.prometheusOperator.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.prometheusOperator.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.prometheusOperator.tls.enabled | ternary "https" "http" }}
|
||||
scheme: {{ .Values.prometheusOperator.tls.enabled | ternary "HTTPS" "HTTP" }}
|
||||
initialDelaySeconds: {{ .Values.prometheusOperator.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheusOperator.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.prometheusOperator.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.prometheusOperator.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- name: tls-secret
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if kindIs "bool" .Values.prometheusOperator.hostUsers }}
|
||||
hostUsers: {{ .Values.prometheusOperator.hostUsers }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.prometheusOperator.automountServiceAccountToken }}
|
||||
{{- if .Values.prometheusOperator.hostNetwork }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,29 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
spec:
|
||||
egress:
|
||||
- {}
|
||||
ingress:
|
||||
- ports:
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- port: {{ .Values.prometheusOperator.tls.internalPort }}
|
||||
{{- else }}
|
||||
- port: 8080
|
||||
{{- end }}
|
||||
policyTypes:
|
||||
- Egress
|
||||
- Ingress
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,15 @@
|
||||
{{- if .Values.prometheusOperator.podDisruptionBudget.enabled -}}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- toYaml (omit .Values.prometheusOperator.podDisruptionBudget "enabled") | nindent 2 }}
|
||||
{{- end }}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user