新增监控组件
This commit is contained in:
Sense T
@@ -0,0 +1,18 @@
|
||||
{{ $.Chart.Name }} has been installed. Check its status by running:
|
||||
kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pods -l "release={{ $.Release.Name }}"
|
||||
|
||||
Get Grafana '{{ .Values.grafana.adminUser }}' user password by running:
|
||||
|
||||
kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get secrets {{ $.Release.Name }}-grafana -o jsonpath="{.data.admin-password}" | base64 -d ; echo
|
||||
|
||||
Access Grafana local instance:
|
||||
|
||||
export POD_NAME=$(kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pod -l "app.kubernetes.io/name={{ default "grafana" .Values.grafana.name }},app.kubernetes.io/instance={{ $.Release.Name }}" -oname)
|
||||
kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} port-forward $POD_NAME 3000
|
||||
|
||||
Get your grafana admin user password by running:
|
||||
|
||||
kubectl get secret --namespace {{ .Values.grafana.namespaceOverride | default (include "kube-prometheus-stack.namespace" .) }} -l app.kubernetes.io/component=admin-secret -o jsonpath="{.items[0].data.{{ .Values.grafana.admin.passwordKey | default "admin-password" }}}" | base64 --decode ; echo
|
||||
|
||||
|
||||
Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator.
|
||||
@@ -0,0 +1,399 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}}
|
||||
{{- define "kube-prometheus-stack.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
The components in this chart create additional resources that expand the longest created name strings.
|
||||
The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26.
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 26 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Fullname suffixed with -operator */}}
|
||||
{{/* Adding 9 to 26 truncation of kube-prometheus-stack.fullname */}}
|
||||
{{- define "kube-prometheus-stack.operator.fullname" -}}
|
||||
{{- if .Values.prometheusOperator.fullnameOverride -}}
|
||||
{{- .Values.prometheusOperator.fullnameOverride | trunc 35 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Prometheus custom resource instance name */}}
|
||||
{{- define "kube-prometheus-stack.prometheus.crname" -}}
|
||||
{{- if .Values.cleanPrometheusOperatorObjectNames }}
|
||||
{{- include "kube-prometheus-stack.fullname" . }}
|
||||
{{- else }}
|
||||
{{- print (include "kube-prometheus-stack.fullname" .) "-prometheus" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Alertmanager custom resource instance name */}}
|
||||
{{- define "kube-prometheus-stack.alertmanager.crname" -}}
|
||||
{{- if .Values.cleanPrometheusOperatorObjectNames }}
|
||||
{{- include "kube-prometheus-stack.fullname" . }}
|
||||
{{- else }}
|
||||
{{- print (include "kube-prometheus-stack.fullname" .) "-alertmanager" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* ThanosRuler custom resource instance name */}}
|
||||
{{/* Subtracting 1 from 26 truncation of kube-prometheus-stack.fullname */}}
|
||||
{{- define "kube-prometheus-stack.thanosRuler.crname" -}}
|
||||
{{- if .Values.cleanPrometheusOperatorObjectNames }}
|
||||
{{- include "kube-prometheus-stack.fullname" . }}
|
||||
{{- else }}
|
||||
{{- print (include "kube-prometheus-stack.fullname" . | trunc 25 | trimSuffix "-") "-thanos-ruler" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Shortened name suffixed with thanos-ruler */}}
|
||||
{{- define "kube-prometheus-stack.thanosRuler.name" -}}
|
||||
{{- default (printf "%s-thanos-ruler" (include "kube-prometheus-stack.name" .)) .Values.thanosRuler.name -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Create chart name and version as used by the chart label. */}}
|
||||
{{- define "kube-prometheus-stack.chartref" -}}
|
||||
{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}}
|
||||
{{- end }}
|
||||
|
||||
{{/* Generate basic labels */}}
|
||||
{{- define "kube-prometheus-stack.labels" }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}"
|
||||
app.kubernetes.io/part-of: {{ template "kube-prometheus-stack.name" . }}
|
||||
chart: {{ template "kube-prometheus-stack.chartref" . }}
|
||||
release: {{ $.Release.Name | quote }}
|
||||
heritage: {{ $.Release.Service | quote }}
|
||||
{{- if .Values.commonLabels}}
|
||||
{{ toYaml .Values.commonLabels }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* Create the name of kube-prometheus-stack service account to use */}}
|
||||
{{- define "kube-prometheus-stack.operator.serviceAccountName" -}}
|
||||
{{- if .Values.prometheusOperator.serviceAccount.create -}}
|
||||
{{ default (include "kube-prometheus-stack.operator.fullname" .) .Values.prometheusOperator.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.prometheusOperator.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of kube-prometheus-stack service account to use */}}
|
||||
{{- define "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" -}}
|
||||
{{- if .Values.prometheusOperator.serviceAccount.create -}}
|
||||
{{ default (printf "%s-webhook" (include "kube-prometheus-stack.operator.fullname" .)) .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of prometheus service account to use */}}
|
||||
{{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}}
|
||||
{{- if .Values.prometheus.serviceAccount.create -}}
|
||||
{{ default (print (include "kube-prometheus-stack.fullname" .) "-prometheus") .Values.prometheus.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.prometheus.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of alertmanager service account to use */}}
|
||||
{{- define "kube-prometheus-stack.alertmanager.serviceAccountName" -}}
|
||||
{{- if .Values.alertmanager.serviceAccount.create -}}
|
||||
{{ default (print (include "kube-prometheus-stack.fullname" .) "-alertmanager") .Values.alertmanager.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.alertmanager.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{/* Create the name of thanosRuler service account to use */}}
|
||||
{{- define "kube-prometheus-stack.thanosRuler.serviceAccountName" -}}
|
||||
{{- if .Values.thanosRuler.serviceAccount.create -}}
|
||||
{{ default (include "kube-prometheus-stack.thanosRuler.name" .) .Values.thanosRuler.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.thanosRuler.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow the release namespace to be overridden for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack.namespace" -}}
|
||||
{{- if .Values.namespaceOverride -}}
|
||||
{{- .Values.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Use the grafana namespace override for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-grafana.namespace" -}}
|
||||
{{- if .Values.grafana.namespaceOverride -}}
|
||||
{{- .Values.grafana.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Use the Alertmanager namespace override for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-alertmanager.namespace" -}}
|
||||
{{- if .Values.alertmanager.namespaceOverride -}}
|
||||
{{- .Values.alertmanager.namespaceOverride -}}
|
||||
{{- else -}}
|
||||
{{- include "kube-prometheus-stack.namespace" . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow kubelet job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kubelet.name" -}}
|
||||
{{- if index .Values "kubelet" "jobNameOverride" -}}
|
||||
{{- index .Values "kubelet" "jobNameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "kubelet" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Allow kube-controller-manager job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-controller-manager.name" -}}
|
||||
{{- if index .Values "kubeControllerManager" "jobNameOverride" -}}
|
||||
{{- index .Values "kubeControllerManager" "jobNameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "kube-controller-manager" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Allow kube-scheduler job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-scheduler.name" -}}
|
||||
{{- if index .Values "kubeScheduler" "jobNameOverride" -}}
|
||||
{{- index .Values "kubeScheduler" "jobNameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "kube-scheduler" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Allow kube-proxy job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-proxy.name" -}}
|
||||
{{- if index .Values "kubeProxy" "jobNameOverride" -}}
|
||||
{{- index .Values "kubeProxy" "jobNameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "kube-proxy" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow kube-apiserver job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-apiserver.name" -}}
|
||||
{{- if index .Values "kubeApiServer" "jobNameOverride" -}}
|
||||
{{- index .Values "kubeApiServer" "jobNameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "apiserver" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Allow kube-state-metrics job name to be overridden
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-state-metrics.name" -}}
|
||||
{{- if index .Values "kube-state-metrics" "nameOverride" -}}
|
||||
{{- index .Values "kube-state-metrics" "nameOverride" -}}
|
||||
{{- else -}}
|
||||
{{- print "kube-state-metrics" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Use the kube-state-metrics namespace override for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-kube-state-metrics.namespace" -}}
|
||||
{{- if index .Values "kube-state-metrics" "namespaceOverride" -}}
|
||||
{{- index .Values "kube-state-metrics" "namespaceOverride" -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Use the prometheus-node-exporter namespace override for multi-namespace deployments in combined charts
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack-prometheus-node-exporter.namespace" -}}
|
||||
{{- if index .Values "prometheus-node-exporter" "namespaceOverride" -}}
|
||||
{{- index .Values "prometheus-node-exporter" "namespaceOverride" -}}
|
||||
{{- else -}}
|
||||
{{- .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Allow KubeVersion to be overridden. */}}
|
||||
{{- define "kube-prometheus-stack.kubeVersion" -}}
|
||||
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Get value based on current Kubernetes version */}}
|
||||
{{- define "kube-prometheus-stack.kubeVersionDefaultValue" -}}
|
||||
{{- $values := index . 0 -}}
|
||||
{{- $kubeVersion := index . 1 -}}
|
||||
{{- $old := index . 2 -}}
|
||||
{{- $new := index . 3 -}}
|
||||
{{- $default := index . 4 -}}
|
||||
{{- if kindIs "invalid" $default -}}
|
||||
{{- if semverCompare $kubeVersion (include "kube-prometheus-stack.kubeVersion" $values) -}}
|
||||
{{- print $new -}}
|
||||
{{- else -}}
|
||||
{{- print $old -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- print $default }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Get value for kube-controller-manager depending on insecure scraping availability */}}
|
||||
{{- define "kube-prometheus-stack.kubeControllerManager.insecureScrape" -}}
|
||||
{{- $values := index . 0 -}}
|
||||
{{- $insecure := index . 1 -}}
|
||||
{{- $secure := index . 2 -}}
|
||||
{{- $userValue := index . 3 -}}
|
||||
{{- include "kube-prometheus-stack.kubeVersionDefaultValue" (list $values ">= 1.22-0" $insecure $secure $userValue) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Get value for kube-scheduler depending on insecure scraping availability */}}
|
||||
{{- define "kube-prometheus-stack.kubeScheduler.insecureScrape" -}}
|
||||
{{- $values := index . 0 -}}
|
||||
{{- $insecure := index . 1 -}}
|
||||
{{- $secure := index . 2 -}}
|
||||
{{- $userValue := index . 3 -}}
|
||||
{{- include "kube-prometheus-stack.kubeVersionDefaultValue" (list $values ">= 1.23-0" $insecure $secure $userValue) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Sets default scrape limits for servicemonitor */}}
|
||||
{{- define "servicemonitor.scrapeLimits" -}}
|
||||
{{- with .sampleLimit }}
|
||||
sampleLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .targetLimit }}
|
||||
targetLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .labelLimit }}
|
||||
labelLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .labelNameLengthLimit }}
|
||||
labelNameLengthLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .labelValueLengthLimit }}
|
||||
labelValueLengthLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
To help compatibility with other charts which use global.imagePullSecrets.
|
||||
Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style).
|
||||
global:
|
||||
imagePullSecrets:
|
||||
- name: pullSecret1
|
||||
- name: pullSecret2
|
||||
|
||||
or
|
||||
|
||||
global:
|
||||
imagePullSecrets:
|
||||
- pullSecret1
|
||||
- pullSecret2
|
||||
*/}}
|
||||
{{- define "kube-prometheus-stack.imagePullSecrets" -}}
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
{{- if eq (typeOf .) "map[string]interface {}" }}
|
||||
- {{ toYaml . | trim }}
|
||||
{{- else }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "kube-prometheus-stack.operator.admission-webhook.dnsNames" }}
|
||||
{{- $fullname := include "kube-prometheus-stack.operator.fullname" . }}
|
||||
{{- $namespace := include "kube-prometheus-stack.namespace" . }}
|
||||
{{- $fullname }}
|
||||
{{ $fullname }}.{{ $namespace }}.svc
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
|
||||
{{ $fullname }}-webhook
|
||||
{{ $fullname }}-webhook.{{ $namespace }}.svc
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* To help configure the kubelet servicemonitor for http or https. */}}
|
||||
{{- define "kube-prometheus-stack.kubelet.scheme" }}
|
||||
{{- if .Values.kubelet.serviceMonitor.https }}https{{ else }}http{{ end }}
|
||||
{{- end }}
|
||||
{{- define "kube-prometheus-stack.kubelet.authConfig" }}
|
||||
{{- if .Values.kubelet.serviceMonitor.https }}
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
insecureSkipVerify: {{ .Values.kubelet.serviceMonitor.insecureSkipVerify }}
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/* To help configure anti-affinity rules for Prometheus pods */}}
|
||||
{{- define "kube-prometheus-stack.prometheus.pod-anti-affinity.matchExpressions" }}
|
||||
{{- if .Values.prometheus.agentMode }}
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [prometheus-agent]}
|
||||
- {key: app.kubernetes.io/instance, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]}
|
||||
{{- else }}
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [prometheus]}
|
||||
- {key: app.kubernetes.io/instance, operator: In, values: [{{ template "kube-prometheus-stack.prometheus.crname" . }}]}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/* To help configure Grafana operator folder settings (folder, folderUID, or folderRef) */}}
|
||||
{{- define "kube-prometheus-stack.grafana.operator.folder" }}
|
||||
{{- $folder := .Values.grafana.operator.folder }}
|
||||
{{- $folderUID := .Values.grafana.operator.folderUID }}
|
||||
{{- $folderRef := .Values.grafana.operator.folderRef }}
|
||||
{{- if not (or
|
||||
(and $folder (not $folderUID) (not $folderRef))
|
||||
(and (not $folder) $folderUID (not $folderRef))
|
||||
(and (not $folder) (not $folderUID) $folderRef)
|
||||
)}}
|
||||
{{- fail "grafana.operator: only one of folder, folderUID, or folderRef must be set" }}
|
||||
{{- end }}
|
||||
{{- if $folder }}
|
||||
folder: {{ $folder | quote }}
|
||||
{{- else if $folderUID }}
|
||||
folderUID: {{ $folderUID | quote }}
|
||||
{{- else if $folderRef }}
|
||||
folderRef: {{ $folderRef | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,228 @@
|
||||
{{- if .Values.alertmanager.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: Alertmanager
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
|
||||
{{- with .Values.alertmanager.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.image }}
|
||||
{{- $registry := .Values.global.imageRegistry | default .Values.alertmanager.alertmanagerSpec.image.registry -}}
|
||||
{{- if and .Values.alertmanager.alertmanagerSpec.image.tag .Values.alertmanager.alertmanagerSpec.image.sha }}
|
||||
image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}@sha256:{{ .Values.alertmanager.alertmanagerSpec.image.sha }}"
|
||||
{{- else if .Values.alertmanager.alertmanagerSpec.image.sha }}
|
||||
image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}@sha256:{{ .Values.alertmanager.alertmanagerSpec.image.sha }}"
|
||||
{{- else if .Values.alertmanager.alertmanagerSpec.image.tag }}
|
||||
image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}"
|
||||
{{- else }}
|
||||
image: "{{ $registry }}/{{ .Values.alertmanager.alertmanagerSpec.image.repository }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: "{{ .Values.alertmanager.alertmanagerSpec.image.pullPolicy }}"
|
||||
version: "{{ default .Values.alertmanager.alertmanagerSpec.image.tag .Values.alertmanager.alertmanagerSpec.version }}"
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.image.sha }}
|
||||
sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }}
|
||||
listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.serviceName }}
|
||||
serviceName: {{ tpl .Values.alertmanager.alertmanagerSpec.serviceName . }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.alertmanager.alertmanagerSpec.automountServiceAccountToken }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }}
|
||||
externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}"
|
||||
{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }}
|
||||
externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
|
||||
{{- else }}
|
||||
externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.nodeSelector | indent 4 }}
|
||||
{{- end }}
|
||||
paused: {{ .Values.alertmanager.alertmanagerSpec.paused }}
|
||||
logFormat: {{ .Values.alertmanager.alertmanagerSpec.logFormat | quote }}
|
||||
logLevel: {{ .Values.alertmanager.alertmanagerSpec.logLevel | quote }}
|
||||
retention: {{ .Values.alertmanager.alertmanagerSpec.retention | quote }}
|
||||
{{- with .Values.alertmanager.enableFeatures }}
|
||||
enableFeatures:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.secrets }}
|
||||
secrets:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.secrets | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.configSecret }}
|
||||
configSecret: {{ .Values.alertmanager.alertmanagerSpec.configSecret }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.configMaps }}
|
||||
configMaps:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.configMaps | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }}
|
||||
alertmanagerConfigSelector:
|
||||
{{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4) . }}
|
||||
{{ else }}
|
||||
alertmanagerConfigSelector: {}
|
||||
{{- end }}
|
||||
alertmanagerConfigNamespaceSelector:
|
||||
{{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4 | default "null") . }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.web }}
|
||||
web:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.web | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfiguration }}
|
||||
alertmanagerConfiguration:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfiguration | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigMatcherStrategy }}
|
||||
alertmanagerConfigMatcherStrategy:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigMatcherStrategy | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.resources | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.routePrefix }}
|
||||
routePrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}"
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if kindIs "bool" .Values.alertmanager.alertmanagerSpec.hostUsers }}
|
||||
hostUsers: {{ .Values.alertmanager.alertmanagerSpec.hostUsers }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.dnsConfig | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.dnsPolicy }}
|
||||
dnsPolicy: {{ .Values.alertmanager.alertmanagerSpec.dnsPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.storage }}
|
||||
storage:
|
||||
{{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.storage | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.alertmanagerSpec.persistentVolumeClaimRetentionPolicy }}
|
||||
persistentVolumeClaimRetentionPolicy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.podMetadata }}
|
||||
podMetadata:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.podMetadata | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.alertmanager.alertmanagerSpec.podAntiAffinity .Values.alertmanager.alertmanagerSpec.affinity }}
|
||||
affinity:
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.affinity }}
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.affinity | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "hard" }}
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [alertmanager]}
|
||||
- {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]}
|
||||
{{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }}
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }}
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- {key: app.kubernetes.io/name, operator: In, values: [alertmanager]}
|
||||
- {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.containers }}
|
||||
containers:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.containers | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.initContainers }}
|
||||
initContainers:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.initContainers | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.priorityClassName }}
|
||||
priorityClassName: {{.Values.alertmanager.alertmanagerSpec.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.additionalPeers }}
|
||||
additionalPeers:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalPeers | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.volumes }}
|
||||
volumes:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.volumes | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.volumeMounts }}
|
||||
volumeMounts:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.volumeMounts | indent 4 }}
|
||||
{{- end }}
|
||||
portName: {{ .Values.alertmanager.alertmanagerSpec.portName }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }}
|
||||
clusterAdvertiseAddress: {{ .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterGossipInterval }}
|
||||
clusterGossipInterval: {{ .Values.alertmanager.alertmanagerSpec.clusterGossipInterval }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterPeerTimeout }}
|
||||
clusterPeerTimeout: {{ .Values.alertmanager.alertmanagerSpec.clusterPeerTimeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterPushpullInterval }}
|
||||
clusterPushpullInterval: {{ .Values.alertmanager.alertmanagerSpec.clusterPushpullInterval }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.clusterLabel }}
|
||||
clusterLabel: {{ .Values.alertmanager.alertmanagerSpec.clusterLabel }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }}
|
||||
forceEnableClusterMode: {{ .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.minReadySeconds }}
|
||||
minReadySeconds: {{ .Values.alertmanager.alertmanagerSpec.minReadySeconds }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.podManagementPolicy }}
|
||||
podManagementPolicy: {{ .Values.alertmanager.alertmanagerSpec.podManagementPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.updateStrategy }}
|
||||
updateStrategy:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.updateStrategy | indent 4 }}
|
||||
{{- end }}
|
||||
hostNetwork: {{ .Values.alertmanager.alertmanagerSpec.hostNetwork }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ .Values.alertmanager.alertmanagerSpec.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.alertmanagerSpec.additionalConfig }}
|
||||
{{- tpl (toYaml .) $ | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.alertmanagerSpec.additionalConfigString }}
|
||||
{{- tpl . $ | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.alertmanagerSpec.additionalArgs }}
|
||||
additionalArgs:
|
||||
{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalArgs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,20 @@
|
||||
{{- if .Values.alertmanager.extraSecret.data -}}
|
||||
{{- $secretName := printf "alertmanager-%s-extra" (include "kube-prometheus-stack.fullname" . ) -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ default $secretName .Values.alertmanager.extraSecret.name }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
{{- if .Values.alertmanager.extraSecret.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.extraSecret.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
app.kubernetes.io/component: alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
data:
|
||||
{{- range $key, $val := .Values.alertmanager.extraSecret.data }}
|
||||
{{ $key }}: {{ $val | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,67 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }}
|
||||
{{- $pathType := .Values.alertmanager.ingress.pathType | default "ImplementationSpecific" }}
|
||||
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
|
||||
{{- $backendServiceName := .Values.alertmanager.ingress.serviceName | default (printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager") }}
|
||||
{{- $servicePort := .Values.alertmanager.ingress.servicePort | default .Values.alertmanager.service.port -}}
|
||||
{{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }}
|
||||
{{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}}
|
||||
{{- $extraPaths := .Values.alertmanager.ingress.extraPaths | default list -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $serviceName }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
{{- if .Values.alertmanager.ingress.annotations }}
|
||||
annotations:
|
||||
{{- tpl (toYaml .Values.alertmanager.ingress.annotations) . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{- if .Values.alertmanager.ingress.labels }}
|
||||
{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.ingress.ingressClassName }}
|
||||
ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if .Values.alertmanager.ingress.hosts }}
|
||||
{{- range $host := .Values.alertmanager.ingress.hosts }}
|
||||
- host: {{ tpl $host $ | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range $p := $paths }}
|
||||
{{- with $extraPaths }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ tpl $p $ }}
|
||||
pathType: {{ $pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $backendServiceName }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
- http:
|
||||
paths:
|
||||
{{- range $p := $paths }}
|
||||
{{- with $extraPaths }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
- path: {{ tpl $p $ }}
|
||||
pathType: {{ $pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $backendServiceName }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.alertmanager.ingress.tls }}
|
||||
tls:
|
||||
{{ tpl (toYaml .Values.alertmanager.ingress.tls | indent 4) . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,56 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }}
|
||||
{{- $pathType := .Values.alertmanager.ingressPerReplica.pathType | default "" }}
|
||||
{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}}
|
||||
{{- $servicePort := .Values.alertmanager.service.port -}}
|
||||
{{- $ingressValues := .Values.alertmanager.ingressPerReplica -}}
|
||||
apiVersion: v1
|
||||
kind: List
|
||||
metadata:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-ingressperreplica
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
items:
|
||||
{{ range $i, $e := until $count }}
|
||||
- kind: Ingress
|
||||
apiVersion: networking.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
|
||||
labels:
|
||||
app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
|
||||
{{- if $ingressValues.labels }}
|
||||
{{ toYaml $ingressValues.labels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if $ingressValues.annotations }}
|
||||
annotations:
|
||||
{{- tpl (toYaml $ingressValues.annotations) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if $ingressValues.ingressClassName }}
|
||||
ingressClassName: {{ $ingressValues.ingressClassName }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
|
||||
http:
|
||||
paths:
|
||||
{{- range $p := $ingressValues.paths }}
|
||||
- path: {{ tpl $p $ }}
|
||||
pathType: {{ $pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
|
||||
port:
|
||||
number: {{ $servicePort }}
|
||||
{{- end -}}
|
||||
{{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }}
|
||||
{{- if $ingressValues.tlsSecretPerReplica.enabled }}
|
||||
secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }}
|
||||
{{- else }}
|
||||
secretName: {{ $ingressValues.tlsSecretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,76 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.networkPolicy.enabled }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
policyTypes:
|
||||
{{- toYaml .Values.alertmanager.networkPolicy.policyTypes | nindent 4 }}
|
||||
ingress:
|
||||
{{- if and (.Values.alertmanager.networkPolicy.gateway.namespace) (.Values.alertmanager.networkPolicy.gateway.podLabels) }}
|
||||
# Allow ingress from gateway
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: {{ .Values.alertmanager.networkPolicy.gateway.namespace }}
|
||||
{{- if and .Values.alertmanager.networkPolicy.gateway.podLabels (not (empty .Values.alertmanager.networkPolicy.gateway.podLabels)) }}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
{{- toYaml .Values.alertmanager.networkPolicy.gateway.podLabels | nindent 14 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.alertmanager.service.port }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.networkPolicy.monitoringRules.prometheus }}
|
||||
# Allow ingress from Prometheus
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: prometheus
|
||||
ports:
|
||||
- port: {{ .Values.alertmanager.service.port }}
|
||||
protocol: TCP
|
||||
{{- if .Values.alertmanager.networkPolicy.monitoringRules.configReloader }}
|
||||
- port: 8080
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and (.Values.alertmanager.networkPolicy.enableClusterRules) (.Values.alertmanager.service.clusterPort) }}
|
||||
# Allow ingress from other Alertmanager pods (for clustering)
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
ports:
|
||||
- port: {{ .Values.alertmanager.service.clusterPort }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.networkPolicy.monitoringRules.configReloader }}
|
||||
# Allow ingress for config reloader metrics
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
component: config-reloader
|
||||
ports:
|
||||
- port: 8080
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
{{- with .Values.alertmanager.networkPolicy.additionalIngress }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.networkPolicy.egress.enabled }}
|
||||
egress:
|
||||
{{- with .Values.alertmanager.networkPolicy.egress.rules }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,16 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- toYaml (omit .Values.alertmanager.podDisruptionBudget "enabled") | nindent 2 }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,63 @@
|
||||
{{- if .Values.alertmanager.enabled -}}
|
||||
{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }}
|
||||
{{- $servicePort := .Values.alertmanager.ingress.servicePort | default .Values.alertmanager.service.port -}}
|
||||
{{- range $name, $route := .Values.alertmanager.route }}
|
||||
{{- if $route.enabled }}
|
||||
---
|
||||
apiVersion: {{ $route.apiVersion | default "gateway.networking.k8s.io/v1" }}
|
||||
kind: {{ $route.kind | default "HTTPRoute" }}
|
||||
metadata:
|
||||
{{- with $route.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
name: {{ $serviceName }}{{ if ne $name "main" }}-{{ $name }}{{ end }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" $ }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-alertmanager
|
||||
{{- include "kube-prometheus-stack.labels" $ | nindent 4 }}
|
||||
{{- with $route.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with $route.parentRefs }}
|
||||
parentRefs:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $route.hostnames }}
|
||||
hostnames:
|
||||
{{- tpl (toYaml .) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- if $route.additionalRules }}
|
||||
{{- tpl (toYaml $route.additionalRules) $ | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $route.httpsRedirect }}
|
||||
- filters:
|
||||
- type: RequestRedirect
|
||||
requestRedirect:
|
||||
scheme: https
|
||||
statusCode: 301
|
||||
{{- else }}
|
||||
- backendRefs:
|
||||
- group: ""
|
||||
kind: Service
|
||||
weight: 1
|
||||
name: {{ $serviceName }}
|
||||
port: {{ $servicePort }}
|
||||
{{- with $route.filters }}
|
||||
filters:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $route.matches }}
|
||||
matches:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $route.sessionPersistence }}
|
||||
sessionPersistence:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,29 @@
|
||||
{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: alertmanager-{{ template "kube-prometheus-stack.alertmanager.crname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
{{- if .Values.alertmanager.secret.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
data:
|
||||
{{- if .Values.alertmanager.tplConfig }}
|
||||
{{- if .Values.alertmanager.stringConfig }}
|
||||
alertmanager.yaml: {{ tpl (.Values.alertmanager.stringConfig) . | b64enc | quote }}
|
||||
{{- else if eq (typeOf .Values.alertmanager.config) "string" }}
|
||||
alertmanager.yaml: {{ tpl (.Values.alertmanager.config) . | b64enc | quote }}
|
||||
{{- else }}
|
||||
alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- range $key, $val := .Values.alertmanager.templateFiles }}
|
||||
{{ $key }}: {{ $val | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,72 @@
|
||||
{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.service.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
self-monitor: {{ .Values.alertmanager.serviceMonitor.selfMonitor | quote }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
{{- if .Values.alertmanager.service.labels }}
|
||||
{{ toYaml .Values.alertmanager.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.alertmanager.service.clusterIP }}
|
||||
clusterIP: {{ .Values.alertmanager.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if ne .Values.alertmanager.service.type "ClusterIP" }}
|
||||
externalTrafficPolicy: {{ .Values.alertmanager.service.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.alertmanager.alertmanagerSpec.portName }}
|
||||
{{- if eq .Values.alertmanager.service.type "NodePort" }}
|
||||
nodePort: {{ .Values.alertmanager.service.nodePort }}
|
||||
{{- end }}
|
||||
port: {{ .Values.alertmanager.service.port }}
|
||||
targetPort: {{ .Values.alertmanager.service.targetPort }}
|
||||
protocol: TCP
|
||||
- name: reloader-web
|
||||
{{- if semverCompare ">=1.20.0-0" $kubeTargetVersion }}
|
||||
appProtocol: http
|
||||
{{- end }}
|
||||
port: 8080
|
||||
targetPort: reloader-web
|
||||
{{- if .Values.alertmanager.service.additionalPorts }}
|
||||
{{ toYaml .Values.alertmanager.service.additionalPorts | indent 2 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
|
||||
{{- if .Values.alertmanager.service.sessionAffinity }}
|
||||
sessionAffinity: {{ .Values.alertmanager.service.sessionAffinity }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.alertmanager.service.sessionAffinity "ClientIP" }}
|
||||
sessionAffinityConfig:
|
||||
clientIP:
|
||||
timeoutSeconds: {{ .Values.alertmanager.service.sessionAffinityConfig.clientIP.timeoutSeconds }}
|
||||
{{- end }}
|
||||
type: "{{ .Values.alertmanager.service.type }}"
|
||||
{{- if .Values.alertmanager.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.alertmanager.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.alertmanager.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,21 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
app.kubernetes.io/component: alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
{{- if .Values.alertmanager.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.alertmanager.serviceAccount.automountServiceAccountToken }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,93 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
{{- with .Values.alertmanager.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.alertmanager.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
release: {{ $.Release.Name | quote }}
|
||||
self-monitor: "true"
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
|
||||
endpoints:
|
||||
- port: {{ .Values.alertmanager.alertmanagerSpec.portName }}
|
||||
enableHttp2: {{ .Values.alertmanager.serviceMonitor.enableHttp2 }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.interval }}
|
||||
interval: {{ .Values.alertmanager.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.scheme }}
|
||||
scheme: {{ .Values.alertmanager.serviceMonitor.scheme }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.alertmanager.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.tlsConfig }}
|
||||
tlsConfig: {{- toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }}
|
||||
{{- end }}
|
||||
path: "{{ trimSuffix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}/metrics"
|
||||
{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | nindent 6) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.relabelings }}
|
||||
relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 6 }}
|
||||
{{- end }}
|
||||
- port: reloader-web
|
||||
{{- if .Values.alertmanager.serviceMonitor.interval }}
|
||||
interval: {{ .Values.alertmanager.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.scheme }}
|
||||
scheme: {{ .Values.alertmanager.serviceMonitor.scheme }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.tlsConfig }}
|
||||
tlsConfig: {{- toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }}
|
||||
{{- end }}
|
||||
path: "/metrics"
|
||||
{{- if .Values.alertmanager.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings: {{- tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | nindent 6) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.serviceMonitor.relabelings }}
|
||||
relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- range .Values.alertmanager.serviceMonitor.additionalEndpoints }}
|
||||
- port: {{ .port }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.interval .interval }}
|
||||
interval: {{ default $.Values.alertmanager.serviceMonitor.interval .interval }}
|
||||
{{- end }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.proxyUrl .proxyUrl }}
|
||||
proxyUrl: {{ default $.Values.alertmanager.serviceMonitor.proxyUrl .proxyUrl }}
|
||||
{{- end }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.scheme .scheme }}
|
||||
scheme: {{ default $.Values.alertmanager.serviceMonitor.scheme .scheme }}
|
||||
{{- end }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.bearerTokenFile .bearerTokenFile }}
|
||||
bearerTokenFile: {{ default $.Values.alertmanager.serviceMonitor.bearerTokenFile .bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.tlsConfig .tlsConfig }}
|
||||
tlsConfig: {{- default $.Values.alertmanager.serviceMonitor.tlsConfig .tlsConfig | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
path: {{ .path }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.metricRelabelings .metricRelabelings }}
|
||||
metricRelabelings: {{- tpl (default $.Values.alertmanager.serviceMonitor.metricRelabelings .metricRelabelings | toYaml | nindent 6) . }}
|
||||
{{- end }}
|
||||
{{- if or $.Values.alertmanager.serviceMonitor.relabelings .relabelings }}
|
||||
relabelings: {{- default $.Values.alertmanager.serviceMonitor.relabelings .relabelings | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,49 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled }}
|
||||
{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}}
|
||||
{{- $serviceValues := .Values.alertmanager.servicePerReplica -}}
|
||||
apiVersion: v1
|
||||
kind: List
|
||||
metadata:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-serviceperreplica
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
items:
|
||||
{{- range $i, $e := until $count }}
|
||||
- apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" $ }}
|
||||
labels:
|
||||
app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager
|
||||
{{ include "kube-prometheus-stack.labels" $ | indent 8 }}
|
||||
{{- if $serviceValues.annotations }}
|
||||
annotations:
|
||||
{{ toYaml $serviceValues.annotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if $serviceValues.clusterIP }}
|
||||
clusterIP: {{ $serviceValues.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if $serviceValues.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := $serviceValues.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if ne $serviceValues.type "ClusterIP" }}
|
||||
externalTrafficPolicy: {{ $serviceValues.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ $.Values.alertmanager.alertmanagerSpec.portName }}
|
||||
{{- if eq $serviceValues.type "NodePort" }}
|
||||
nodePort: {{ $serviceValues.nodePort }}
|
||||
{{- end }}
|
||||
port: {{ $serviceValues.port }}
|
||||
targetPort: {{ $serviceValues.targetPort }}
|
||||
selector:
|
||||
app.kubernetes.io/name: alertmanager
|
||||
alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" $ }}
|
||||
statefulset.kubernetes.io/pod-name: alertmanager-{{ include "kube-prometheus-stack.alertmanager.crname" $ }}-{{ $i }}
|
||||
type: "{{ $serviceValues.type }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,41 @@
|
||||
{{- if and .Values.alertmanager.enabled .Values.alertmanager.verticalPodAutoscaler.enabled }}
|
||||
apiVersion: autoscaling.k8s.io/v1
|
||||
kind: VerticalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager
|
||||
namespace: {{ template "kube-prometheus-stack-alertmanager.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-alertmanager
|
||||
{{- include "kube-prometheus-stack.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- with .Values.alertmanager.verticalPodAutoscaler.recommenders }}
|
||||
recommenders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
resourcePolicy:
|
||||
containerPolicies:
|
||||
- containerName: alertmanager
|
||||
{{- with .Values.alertmanager.verticalPodAutoscaler.controlledResources }}
|
||||
controlledResources:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.verticalPodAutoscaler.controlledValues }}
|
||||
controlledValues: {{ .Values.alertmanager.verticalPodAutoscaler.controlledValues }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.verticalPodAutoscaler.maxAllowed }}
|
||||
maxAllowed:
|
||||
{{- toYaml .Values.alertmanager.verticalPodAutoscaler.maxAllowed | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.alertmanager.verticalPodAutoscaler.minAllowed }}
|
||||
minAllowed:
|
||||
{{- toYaml .Values.alertmanager.verticalPodAutoscaler.minAllowed | nindent 8 }}
|
||||
{{- end }}
|
||||
targetRef:
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: Alertmanager
|
||||
name: {{ template "kube-prometheus-stack.alertmanager.crname" . }}
|
||||
{{- with .Values.alertmanager.verticalPodAutoscaler.updatePolicy }}
|
||||
updatePolicy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,28 @@
|
||||
{{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-coredns
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-coredns
|
||||
jobLabel: coredns
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.coreDns.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.coreDns.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.coreDns.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.coreDns.serviceMonitor.port }}
|
||||
port: {{ .Values.coreDns.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.coreDns.service.targetPort }}
|
||||
selector:
|
||||
{{- if .Values.coreDns.service.selector }}
|
||||
{{ toYaml .Values.coreDns.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
k8s-app: kube-dns
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,54 @@
|
||||
{{- if and .Values.coreDns.enabled .Values.coreDns.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-coredns
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-coredns
|
||||
{{- with .Values.coreDns.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.coreDns.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.coreDns.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.coreDns.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.coreDns.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.coreDns.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-coredns
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: {{ .Values.coreDns.serviceMonitor.port }}
|
||||
{{- if .Values.coreDns.serviceMonitor.interval}}
|
||||
interval: {{ .Values.coreDns.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.coreDns.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.coreDns.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.coreDns.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.coreDns.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.coreDns.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.coreDns.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.coreDns.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.coreDns.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,51 @@
|
||||
{{- if and .Values.kubeApiServer.enabled .Values.kubeApiServer.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-apiserver
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: default
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-apiserver
|
||||
{{- with .Values.kubeApiServer.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeApiServer.serviceMonitor | nindent 2 }}
|
||||
endpoints:
|
||||
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeApiServer.serviceMonitor.proxyUrl }}
|
||||
{{- end }}
|
||||
port: https
|
||||
scheme: https
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.metricRelabelings | indent 6) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeApiServer.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.relabelings | indent 6) . }}
|
||||
{{- end }}
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
serverName: {{ .Values.kubeApiServer.tlsConfig.serverName }}
|
||||
insecureSkipVerify: {{ .Values.kubeApiServer.tlsConfig.insecureSkipVerify }}
|
||||
jobLabel: {{ .Values.kubeApiServer.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeApiServer.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- default
|
||||
selector:
|
||||
{{ toYaml .Values.kubeApiServer.serviceMonitor.selector | indent 4 }}
|
||||
{{- end}}
|
||||
@@ -0,0 +1,22 @@
|
||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
|
||||
k8s-app: kube-controller-manager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.kubeControllerManager.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeControllerManager.serviceMonitor.port }}
|
||||
{{- $kubeControllerManagerDefaultInsecurePort := 10252 }}
|
||||
{{- $kubeControllerManagerDefaultSecurePort := 10257 }}
|
||||
port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
@@ -0,0 +1,33 @@
|
||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
|
||||
jobLabel: kube-controller-manager
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.kubeControllerManager.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.kubeControllerManager.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.kubeControllerManager.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeControllerManager.serviceMonitor.port }}
|
||||
{{- $kubeControllerManagerDefaultInsecurePort := 10252 }}
|
||||
{{- $kubeControllerManagerDefaultSecurePort := 10257 }}
|
||||
port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }}
|
||||
protocol: TCP
|
||||
targetPort: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.targetPort) }}
|
||||
{{- if .Values.kubeControllerManager.endpoints }}{{- else }}
|
||||
selector:
|
||||
{{- if .Values.kubeControllerManager.service.selector }}
|
||||
{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
component: kube-controller-manager
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
type: ClusterIP
|
||||
{{- end }}
|
||||
@@ -0,0 +1,63 @@
|
||||
{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
|
||||
{{- with .Values.kubeControllerManager.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.kubeControllerManager.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeControllerManager.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeControllerManager.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: {{ .Values.kubeControllerManager.serviceMonitor.port }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeControllerManager.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . false true .Values.kubeControllerManager.serviceMonitor.https )) "true" }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
{{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . nil true .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify)) "true" }}
|
||||
insecureSkipVerify: true
|
||||
{{- end }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.serverName }}
|
||||
serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,32 @@
|
||||
{{- if and .Values.kubeDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
|
||||
jobLabel: kube-dns
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.kubeDns.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.kubeDns.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.kubeDns.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http-metrics-dnsmasq
|
||||
port: {{ .Values.kubeDns.service.dnsmasq.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.kubeDns.service.dnsmasq.targetPort }}
|
||||
- name: http-metrics-skydns
|
||||
port: {{ .Values.kubeDns.service.skydns.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.kubeDns.service.skydns.targetPort }}
|
||||
selector:
|
||||
{{- if .Values.kubeDns.service.selector }}
|
||||
{{ toYaml .Values.kubeDns.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
k8s-app: kube-dns
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,69 @@
|
||||
{{- if and .Values.kubeDns.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
|
||||
{{- with .Values.kubeDns.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.kubeDns.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeDns.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeDns.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.kubeDns.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-dns
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: http-metrics-dnsmasq
|
||||
{{- if .Values.kubeDns.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeDns.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.kubeDns.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeDns.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.dnsmasqRelabelings }}
|
||||
relabelings:
|
||||
{{ toYaml .Values.kubeDns.serviceMonitor.dnsmasqRelabelings | indent 4 }}
|
||||
{{- end }}
|
||||
- port: http-metrics-skydns
|
||||
{{- if .Values.kubeDns.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeDns.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.kubeDns.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeDns.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeDns.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,20 @@
|
||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
|
||||
k8s-app: etcd-server
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.kubeEtcd.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeEtcd.serviceMonitor.port }}
|
||||
port: {{ .Values.kubeEtcd.service.port }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
@@ -0,0 +1,31 @@
|
||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
|
||||
jobLabel: kube-etcd
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.kubeEtcd.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.kubeEtcd.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.kubeEtcd.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeEtcd.serviceMonitor.port }}
|
||||
port: {{ .Values.kubeEtcd.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.kubeEtcd.service.targetPort }}
|
||||
{{- if .Values.kubeEtcd.endpoints }}{{- else }}
|
||||
selector:
|
||||
{{- if .Values.kubeEtcd.service.selector }}
|
||||
{{ toYaml .Values.kubeEtcd.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
component: etcd
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
type: ClusterIP
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,71 @@
|
||||
{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
|
||||
{{- with .Values.kubeEtcd.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.kubeEtcd.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeEtcd.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeEtcd.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: {{ .Values.kubeEtcd.serviceMonitor.port }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeEtcd.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.kubeEtcd.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeEtcd.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if eq .Values.kubeEtcd.serviceMonitor.scheme "https" }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.serverName }}
|
||||
serverName: {{ .Values.kubeEtcd.serviceMonitor.serverName }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.caFile }}
|
||||
caFile: {{ .Values.kubeEtcd.serviceMonitor.caFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.certFile }}
|
||||
certFile: {{ .Values.kubeEtcd.serviceMonitor.certFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.keyFile }}
|
||||
keyFile: {{ .Values.kubeEtcd.serviceMonitor.keyFile }}
|
||||
{{- end}}
|
||||
insecureSkipVerify: {{ .Values.kubeEtcd.serviceMonitor.insecureSkipVerify }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeEtcd.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,20 @@
|
||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
|
||||
k8s-app: kube-proxy
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.kubeProxy.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeProxy.serviceMonitor.port }}
|
||||
port: {{ .Values.kubeProxy.service.port }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
@@ -0,0 +1,31 @@
|
||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
|
||||
jobLabel: kube-proxy
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.kubeProxy.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.kubeProxy.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.kubeProxy.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeProxy.serviceMonitor.port }}
|
||||
port: {{ .Values.kubeProxy.service.port }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.kubeProxy.service.targetPort }}
|
||||
{{- if .Values.kubeProxy.endpoints }}{{- else }}
|
||||
selector:
|
||||
{{- if .Values.kubeProxy.service.selector }}
|
||||
{{ toYaml .Values.kubeProxy.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
k8s-app: kube-proxy
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
type: ClusterIP
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,59 @@
|
||||
{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
|
||||
{{- with .Values.kubeProxy.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.kubeProxy.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeProxy.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeProxy.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.kubeProxy.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: {{ .Values.kubeProxy.serviceMonitor.port }}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeProxy.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.bearerTokenFile }}
|
||||
bearerTokenFile: {{ .Values.kubeProxy.serviceMonitor.bearerTokenFile }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeProxy.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.https }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
{{- end}}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeProxy.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,22 @@
|
||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
|
||||
k8s-app: kube-scheduler
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
subsets:
|
||||
- addresses:
|
||||
{{- range .Values.kubeScheduler.endpoints }}
|
||||
- ip: {{ . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeScheduler.serviceMonitor.port }}
|
||||
{{- $kubeSchedulerDefaultInsecurePort := 10251 }}
|
||||
{{- $kubeSchedulerDefaultSecurePort := 10259 }}
|
||||
port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }}
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
@@ -0,0 +1,33 @@
|
||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
|
||||
jobLabel: kube-scheduler
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
namespace: kube-system
|
||||
spec:
|
||||
clusterIP: None
|
||||
{{- if .Values.kubeScheduler.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.kubeScheduler.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.kubeScheduler.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: {{ .Values.kubeScheduler.serviceMonitor.port }}
|
||||
{{- $kubeSchedulerDefaultInsecurePort := 10251 }}
|
||||
{{- $kubeSchedulerDefaultSecurePort := 10259 }}
|
||||
port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }}
|
||||
protocol: TCP
|
||||
targetPort: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.targetPort) }}
|
||||
{{- if .Values.kubeScheduler.endpoints }}{{- else }}
|
||||
selector:
|
||||
{{- if .Values.kubeScheduler.service.selector }}
|
||||
{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }}
|
||||
{{- else}}
|
||||
component: kube-scheduler
|
||||
{{- end}}
|
||||
{{- end }}
|
||||
type: ClusterIP
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,63 @@
|
||||
{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: kube-system
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
|
||||
{{- with .Values.kubeScheduler.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
jobLabel: {{ .Values.kubeScheduler.serviceMonitor.jobLabel }}
|
||||
{{- with .Values.kubeScheduler.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubeScheduler.serviceMonitor | nindent 2 }}
|
||||
selector:
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.selector }}
|
||||
{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.selector | nindent 4) . }}
|
||||
{{- else }}
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- "kube-system"
|
||||
endpoints:
|
||||
- port: {{ .Values.kubeScheduler.serviceMonitor.port }}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubeScheduler.serviceMonitor.proxyUrl}}
|
||||
{{- end }}
|
||||
{{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . false true .Values.kubeScheduler.serviceMonitor.https )) "true" }}
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
{{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . nil true .Values.kubeScheduler.serviceMonitor.insecureSkipVerify)) "true" }}
|
||||
insecureSkipVerify: true
|
||||
{{- end }}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.serverName }}
|
||||
serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }}
|
||||
{{- end}}
|
||||
{{- end}}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubeScheduler.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,149 @@
|
||||
{{- if and .Values.kubelet.enabled .Values.kubelet.serviceMonitor.enabled .Values.kubernetesServiceMonitors.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-kubelet
|
||||
{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }}
|
||||
namespace: {{ .Values.kubelet.namespace }}
|
||||
{{- else }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-kubelet
|
||||
{{- with .Values.kubelet.serviceMonitor.additionalLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- include "kube-prometheus-stack.labels" . | indent 4 }}
|
||||
spec:
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.kubelet.serviceMonitor | nindent 2 }}
|
||||
{{- with .Values.kubelet.serviceMonitor.attachMetadata }}
|
||||
attachMetadata:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
jobLabel: k8s-app
|
||||
{{- with .Values.kubelet.serviceMonitor.targetLabels }}
|
||||
targetLabels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Values.kubelet.namespace }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: kubelet
|
||||
k8s-app: kubelet
|
||||
endpoints:
|
||||
{{- if .Values.kubelet.serviceMonitor.kubelet }}
|
||||
- port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
|
||||
scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
{{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
|
||||
honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
|
||||
honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
|
||||
{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.cAdvisor }}
|
||||
- port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
|
||||
scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
|
||||
path: /metrics/cadvisor
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- else }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.cAdvisorInterval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
|
||||
{{- if .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
|
||||
honorTimestamps: true
|
||||
{{- else }}
|
||||
honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
|
||||
{{- end }}
|
||||
trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
|
||||
{{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
|
||||
{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.probes }}
|
||||
- port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
|
||||
scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
|
||||
path: /metrics/probes
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
|
||||
honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
|
||||
{{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
|
||||
{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.probesRelabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.resource }}
|
||||
- port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
|
||||
scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
|
||||
path: {{ .Values.kubelet.serviceMonitor.resourcePath }}
|
||||
{{- if .Values.kubelet.serviceMonitor.interval }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.interval }}
|
||||
{{- else }}
|
||||
interval: {{ .Values.kubelet.serviceMonitor.resourceInterval }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
|
||||
{{- end }}
|
||||
honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
|
||||
{{- if .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
|
||||
honorTimestamps: true
|
||||
{{- else }}
|
||||
honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
|
||||
{{- end }}
|
||||
trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
|
||||
{{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
|
||||
{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }}
|
||||
relabelings:
|
||||
{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,15 @@
|
||||
{{- /* Normalize extraObjects to a list, easier to loop over */ -}}
|
||||
{{- $extraObjects := .Values.extraManifests | default (list) -}}
|
||||
|
||||
{{- if kindIs "map" $extraObjects -}}
|
||||
{{- $extraObjects = values $extraObjects -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range $extraObjects }}
|
||||
---
|
||||
{{- if kindIs "map" . }}
|
||||
{{- tpl (toYaml .) $ | nindent 0 }}
|
||||
{{- else if kindIs "string" . }}
|
||||
{{- tpl . $ | nindent 0 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,98 @@
|
||||
{{- if or (and .Values.grafana.enabled .Values.grafana.sidecar.datasources.enabled) .Values.grafana.forceDeployDatasources }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-grafana-datasource
|
||||
namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }}
|
||||
{{- if .Values.grafana.sidecar.datasources.annotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.grafana.sidecar.datasources.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{ tpl $.Values.grafana.sidecar.datasources.label $ }}: {{ (tpl $.Values.grafana.sidecar.datasources.labelValue $) | quote }}
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-grafana
|
||||
{{ include "kube-prometheus-stack.labels" $ | indent 4 }}
|
||||
data:
|
||||
datasource.yaml: |-
|
||||
apiVersion: 1
|
||||
{{- if .Values.grafana.deleteDatasources }}
|
||||
deleteDatasources:
|
||||
{{ tpl (toYaml .Values.grafana.deleteDatasources | indent 6) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.prune }}
|
||||
prune: {{ .Values.grafana.prune }}
|
||||
{{- end }}
|
||||
datasources:
|
||||
{{- $scrapeInterval := .Values.grafana.sidecar.datasources.defaultDatasourceScrapeInterval | default .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }}
|
||||
{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }}
|
||||
- name: "{{ .Values.grafana.sidecar.datasources.name }}"
|
||||
type: prometheus
|
||||
uid: {{ .Values.grafana.sidecar.datasources.uid }}
|
||||
{{- if .Values.grafana.sidecar.datasources.url }}
|
||||
url: {{ .Values.grafana.sidecar.datasources.url }}
|
||||
{{- else }}
|
||||
url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }}
|
||||
{{- end }}
|
||||
access: proxy
|
||||
isDefault: {{ .Values.grafana.sidecar.datasources.isDefaultDatasource }}
|
||||
jsonData:
|
||||
{{- with .Values.grafana.sidecar.datasources.extraJsonData -}}
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
httpMethod: {{ .Values.grafana.sidecar.datasources.httpMethod }}
|
||||
timeInterval: {{ $scrapeInterval }}
|
||||
{{- if .Values.grafana.sidecar.datasources.timeout }}
|
||||
timeout: {{ .Values.grafana.sidecar.datasources.timeout }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.sidecar.datasources.customQueryParameters }}
|
||||
customQueryParameters: {{ .Values.grafana.sidecar.datasources.customQueryParameters }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
|
||||
exemplarTraceIdDestinations:
|
||||
- datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }}
|
||||
name: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.traceIdLabelName }}
|
||||
urlDisplayLabel: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.urlDisplayLabel }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }}
|
||||
{{- range until (int .Values.prometheus.prometheusSpec.replicas) }}
|
||||
- name: "{{ $.Values.grafana.sidecar.datasources.name }}-{{ . }}"
|
||||
type: prometheus
|
||||
uid: {{ $.Values.grafana.sidecar.datasources.uid }}-replica-{{ . }}
|
||||
url: http://prometheus-{{ template "kube-prometheus-stack.prometheus.crname" $ }}-{{ . }}.{{ $.Values.grafana.sidecar.datasources.prometheusServiceName}}:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }}
|
||||
access: proxy
|
||||
isDefault: false
|
||||
jsonData:
|
||||
{{- with $.Values.grafana.sidecar.datasources.extraJsonData -}}
|
||||
{{- tpl (toYaml .) $ | nindent 8 }}
|
||||
{{- end }}
|
||||
timeInterval: {{ $scrapeInterval }}
|
||||
{{- if $.Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }}
|
||||
exemplarTraceIdDestinations:
|
||||
- datasourceUid: {{ $.Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }}
|
||||
name: {{ $.Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.traceIdLabelName }}
|
||||
urlDisplayLabel: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.urlDisplayLabel }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.sidecar.datasources.alertmanager.enabled }}
|
||||
- name: "{{ .Values.grafana.sidecar.datasources.alertmanager.name }}"
|
||||
type: alertmanager
|
||||
uid: {{ .Values.grafana.sidecar.datasources.alertmanager.uid }}
|
||||
{{- if .Values.grafana.sidecar.datasources.alertmanager.url }}
|
||||
url: {{ .Values.grafana.sidecar.datasources.alertmanager.url }}
|
||||
{{- else }}
|
||||
url: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }}/{{ trimPrefix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}
|
||||
{{- end }}
|
||||
access: proxy
|
||||
jsonData:
|
||||
handleGrafanaManagedAlerts: {{ .Values.grafana.sidecar.datasources.alertmanager.handleGrafanaManagedAlerts }}
|
||||
implementation: {{ .Values.grafana.sidecar.datasources.alertmanager.implementation }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.grafana.additionalDataSources }}
|
||||
{{ tpl (toYaml .Values.grafana.additionalDataSources | indent 4) . }}
|
||||
{{- end }}
|
||||
{{- with .Values.grafana.additionalDataSourcesString }}
|
||||
{{ tpl . $ | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
+57
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
+56
File diff suppressed because one or more lines are too long
+56
File diff suppressed because one or more lines are too long
+56
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
+57
File diff suppressed because one or more lines are too long
+56
File diff suppressed because one or more lines are too long
+56
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@@ -0,0 +1,7 @@
|
||||
{{/* Generate basic labels for prometheus-operator */}}
|
||||
{{- define "kube-prometheus-stack.prometheus-operator.labels" }}
|
||||
{{- include "kube-prometheus-stack.labels" . }}
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
|
||||
app.kubernetes.io/component: prometheus-operator
|
||||
{{- end }}
|
||||
+13
@@ -0,0 +1,13 @@
|
||||
{{/* Generate basic labels for prometheus-operator-webhook */}}
|
||||
{{- define "kube-prometheus-stack.prometheus-operator-webhook.labels" }}
|
||||
{{- include "kube-prometheus-stack.labels" . }}
|
||||
app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator
|
||||
app.kubernetes.io/component: prometheus-operator-webhook
|
||||
{{- end }}
|
||||
|
||||
{{- define "kube-prometheus-stack.prometheus-operator-webhook.annotations" }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
|
||||
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+145
@@ -0,0 +1,145 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.labels }}
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.prometheusOperator.admissionWebhooks.deployment.replicas }}
|
||||
revisionHistoryLimit: {{ .Values.prometheusOperator.admissionWebhooks.deployment.revisionHistoryLimit }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.strategy }}
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
release: {{ $.Release.Name | quote }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 8 }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.priorityClassName }}
|
||||
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.deployment.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: prometheus-operator-admission-webhook
|
||||
{{- $operatorRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.admissionWebhooks.deployment.image.registry -}}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.image.sha }}
|
||||
image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.tag | default .Chart.AppVersion }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: "{{ .Values.prometheusOperator.admissionWebhooks.deployment.image.pullPolicy }}"
|
||||
args:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.logFormat }}
|
||||
- --log-format={{ .Values.prometheusOperator.admissionWebhooks.deployment.logFormat }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.logLevel }}
|
||||
- --log-level={{ .Values.prometheusOperator.admissionWebhooks.deployment.logLevel }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
|
||||
- "--web.enable-tls=true"
|
||||
- "--web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }}"
|
||||
- "--web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }}"
|
||||
- "--web.listen-address=:{{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.internalPort }}"
|
||||
- "--web.tls-min-version={{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.tlsMinVersion }}"
|
||||
ports:
|
||||
- containerPort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.internalPort }}
|
||||
name: https
|
||||
{{- else }}
|
||||
- "--web.enable-tls=false"
|
||||
- "--web.listen-address=:8080"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "https" "http" }}
|
||||
scheme: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "HTTPS" "HTTP" }}
|
||||
initialDelaySeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "https" "http" }}
|
||||
scheme: {{ .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled | ternary "HTTPS" "HTTP" }}
|
||||
initialDelaySeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.prometheusOperator.admissionWebhooks.deployment.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.resources | indent 12 }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.containerSecurityContext | indent 12 }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
|
||||
volumeMounts:
|
||||
- name: tls-secret
|
||||
mountPath: /cert
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: tls-secret
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.deployment.automountServiceAccountToken }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.hostNetwork }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+15
@@ -0,0 +1,15 @@
|
||||
{{- if and .Values.prometheusOperator.admissionWebhooks.deployment.enabled .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.enabled -}}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{ toYaml (omit .Values.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget "enabled") | indent 2 }}
|
||||
{{- end }}
|
||||
+62
@@ -0,0 +1,62 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}-webhook
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | nindent 4 }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.labels }}
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.clusterIP }}
|
||||
clusterIP: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.deployment.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := .Values.prometheusOperator.admissionWebhooks.deployment.service.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if ne .Values.prometheusOperator.admissionWebhooks.deployment.service.type "ClusterIP" }}
|
||||
externalTrafficPolicy: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
{{- if not .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
|
||||
- name: http
|
||||
{{- if eq .Values.prometheusOperator.admissionWebhooks.deployment.service.type "NodePort" }}
|
||||
nodePort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.nodePort }}
|
||||
{{- end }}
|
||||
port: 8080
|
||||
targetPort: http
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.deployment.tls.enabled }}
|
||||
- name: https
|
||||
{{- if eq .Values.prometheusOperator.admissionWebhooks.deployment.service.type "NodePort"}}
|
||||
nodePort: {{ .Values.prometheusOperator.admissionWebhooks.deployment.service.nodePortTls }}
|
||||
{{- end }}
|
||||
port: 443
|
||||
targetPort: https
|
||||
{{- end }}
|
||||
selector:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator-webhook
|
||||
release: {{ $.Release.Name | quote }}
|
||||
type: "{{ .Values.prometheusOperator.admissionWebhooks.deployment.service.type }}"
|
||||
{{- end }}
|
||||
+18
@@ -0,0 +1,18 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.automountServiceAccountToken }}
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.admissionWebhooks.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" . | indent 4 }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.deployment.serviceAccount.annotations }}
|
||||
annotations: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+36
@@ -0,0 +1,36 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
helm.sh/hook: pre-install,pre-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
## Ensure this is run before the job
|
||||
helm.sh/hook-weight: "-5"
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- else }}
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
|
||||
{{- end }}
|
||||
egress:
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||
{{- else }}
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+36
@@ -0,0 +1,36 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
## Ensure this is run before the job
|
||||
helm.sh/hook-weight: "-5"
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- else }}
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
|
||||
{{- end }}
|
||||
egress:
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||
{{- else }}
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+22
@@ -0,0 +1,22 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- admissionregistration.k8s.io
|
||||
resources:
|
||||
- validatingwebhookconfigurations
|
||||
- mutatingwebhookconfigurations
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- patch
|
||||
{{- end }}
|
||||
+20
@@ -0,0 +1,20 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
+74
@@ -0,0 +1,74 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
ttlSecondsAfterFinished: {{ .Values.prometheusOperator.admissionWebhooks.patch.ttlSecondsAfterFinished }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 8 }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
|
||||
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: create
|
||||
{{- $registry := .Values.global.imageRegistry | default .Values.prometheusOperator.admissionWebhooks.patch.image.registry -}}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
|
||||
image: {{ $registry }}/{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
|
||||
{{- else }}
|
||||
image: {{ $registry }}/{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
|
||||
args:
|
||||
- create
|
||||
- --host={{- include "kube-prometheus-stack.operator.admission-webhook.dnsNames" . | replace "\n" "," }}
|
||||
- --namespace={{ template "kube-prometheus-stack.namespace" . }}
|
||||
- --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.createSecretJob }}
|
||||
securityContext:
|
||||
{{ toYaml .securityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+83
@@ -0,0 +1,83 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
{{- $failurePolicy := .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
{{- if eq $failurePolicy "IgnoreOnInstallOnly" }}
|
||||
{{- if .Release.IsInstall }}
|
||||
{{- $failurePolicy = "Ignore" }}
|
||||
{{- else }}
|
||||
{{- $failurePolicy = "Fail" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
ttlSecondsAfterFinished: {{ .Values.prometheusOperator.admissionWebhooks.patch.ttlSecondsAfterFinished }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 8 }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
|
||||
priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: patch
|
||||
{{- $registry := .Values.global.imageRegistry | default .Values.prometheusOperator.admissionWebhooks.patch.image.registry -}}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
|
||||
image: {{ $registry }}/{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
|
||||
{{- else }}
|
||||
image: {{ $registry }}/{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
|
||||
args:
|
||||
- patch
|
||||
- --webhook-name={{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
- --namespace={{ template "kube-prometheus-stack.namespace" . }}
|
||||
- --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
- --patch-failure-policy={{ $failurePolicy }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patchWebhookJob }}
|
||||
securityContext:
|
||||
{{ toYaml .securityContext | nindent 12 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }}
|
||||
restartPolicy: OnFailure
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+33
@@ -0,0 +1,33 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
## Ensure this is run before the job
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.annotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-create
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- else }}
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
|
||||
{{- end }}
|
||||
egress:
|
||||
- {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+33
@@ -0,0 +1,33 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
## Ensure this is run before the job
|
||||
"helm.sh/hook-weight": "-5"
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.annotations }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- else }}
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 6 }}
|
||||
{{- end }}
|
||||
egress:
|
||||
- {}
|
||||
policyTypes:
|
||||
- Egress
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+21
@@ -0,0 +1,21 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
{{- end }}
|
||||
+21
@@ -0,0 +1,21 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
+21
@@ -0,0 +1,21 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.prometheusOperator.admissionWebhooks.patch.serviceAccount.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.patch.serviceAccount.annotations }}
|
||||
annotations: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.prometheusOperator.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+85
@@ -0,0 +1,85 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }}
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
annotations:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.annotations" $ | trim |nindent 4 }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.mutatingWebhookConfiguration.annotations }}
|
||||
{{- toYaml . | nindent 4}}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
webhooks:
|
||||
- name: prometheusrulemutate.monitoring.coreos.com
|
||||
{{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }}
|
||||
failurePolicy: {{ .Release.IsInstall | ternary "Ignore" "Fail" }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
|
||||
failurePolicy: Ignore
|
||||
{{- else }}
|
||||
failurePolicy: Fail
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
apiVersions:
|
||||
- "*"
|
||||
resources:
|
||||
- prometheusrules
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
clientConfig:
|
||||
service:
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
|
||||
path: /admission-prometheusrules/mutate
|
||||
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
|
||||
{{- end }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
||||
admissionReviewVersions: ["v1", "v1beta1"]
|
||||
sideEffects: None
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector }}
|
||||
namespaceSelector:
|
||||
{{- with (omit .Values.prometheusOperator.admissionWebhooks.namespaceSelector "matchExpressions") }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- with (.Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions) }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: NotIn
|
||||
values:
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: In
|
||||
values:
|
||||
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
|
||||
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.objectSelector }}
|
||||
objectSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.matchConditions }}
|
||||
matchConditions:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
+155
@@ -0,0 +1,155 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }}
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
annotations:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.annotations" $ | trim | nindent 4 }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.validatingWebhookConfiguration.annotations }}
|
||||
{{- toYaml . | nindent 4}}
|
||||
{{- end }}
|
||||
labels:
|
||||
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
||||
{{- include "kube-prometheus-stack.prometheus-operator-webhook.labels" $ | nindent 4 }}
|
||||
webhooks:
|
||||
- name: prometheusrulevalidate.monitoring.coreos.com
|
||||
{{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }}
|
||||
failurePolicy: {{ .Release.IsInstall | ternary "Ignore" "Fail" }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
|
||||
failurePolicy: Ignore
|
||||
{{- else }}
|
||||
failurePolicy: Fail
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
apiVersions:
|
||||
- "*"
|
||||
resources:
|
||||
- prometheusrules
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
clientConfig:
|
||||
service:
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
|
||||
path: /admission-prometheusrules/validate
|
||||
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
|
||||
{{- end }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
||||
admissionReviewVersions: ["v1", "v1beta1"]
|
||||
sideEffects: None
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector }}
|
||||
namespaceSelector:
|
||||
{{- with (omit .Values.prometheusOperator.admissionWebhooks.namespaceSelector "matchExpressions") }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- with (.Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions) }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: NotIn
|
||||
values:
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: In
|
||||
values:
|
||||
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
|
||||
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.objectSelector }}
|
||||
objectSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.matchConditions }}
|
||||
matchConditions:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
- name: alertmanagerconfigsvalidate.monitoring.coreos.com
|
||||
{{- if eq .Values.prometheusOperator.admissionWebhooks.failurePolicy "IgnoreOnInstallOnly" }}
|
||||
failurePolicy: {{ .Release.IsInstall | ternary "Ignore" "Fail" }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
||||
{{- else if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
|
||||
failurePolicy: Ignore
|
||||
{{- else }}
|
||||
failurePolicy: Fail
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
apiVersions:
|
||||
- v1alpha1
|
||||
resources:
|
||||
- alertmanagerconfigs
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
clientConfig:
|
||||
service:
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" $ }}{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
|
||||
path: /admission-alertmanagerconfigs/validate
|
||||
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
||||
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
|
||||
{{- end }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
|
||||
admissionReviewVersions: ["v1", "v1beta1"]
|
||||
sideEffects: None
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector }}
|
||||
namespaceSelector:
|
||||
{{- with (omit .Values.prometheusOperator.admissionWebhooks.namespaceSelector "matchExpressions") }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces .Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions }}
|
||||
matchExpressions:
|
||||
{{- with (.Values.prometheusOperator.admissionWebhooks.namespaceSelector.matchExpressions) }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: NotIn
|
||||
values:
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
|
||||
- key: kubernetes.io/metadata.name
|
||||
operator: In
|
||||
values:
|
||||
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
|
||||
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
|
||||
- {{ $namespace }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.objectSelector }}
|
||||
objectSelector:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.matchConditions }}
|
||||
matchConditions:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,29 @@
|
||||
{{/* This file is based on https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/rbac-crd.md */}}
|
||||
{{- if and .Values.global.rbac.create .Values.global.rbac.createAggregateClusterRoles }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-crd-view
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: ["monitoring.coreos.com"]
|
||||
resources: ["alertmanagers", "alertmanagerconfigs", "podmonitors", "probes", "prometheuses", "prometheusagents", "prometheusrules", "scrapeconfigs", "servicemonitors"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-crd-edit
|
||||
labels:
|
||||
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: ["monitoring.coreos.com"]
|
||||
resources: ["alertmanagers", "alertmanagerconfigs", "podmonitors", "probes", "prometheuses", "prometheusagents", "prometheusrules", "scrapeconfigs", "servicemonitors"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
{{- end }}
|
||||
@@ -0,0 +1,61 @@
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}}
|
||||
{{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}}
|
||||
# Create a selfsigned Issuer, in order to create a root CA certificate for
|
||||
# signing webhook serving certificates
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
spec:
|
||||
selfSigned: {}
|
||||
---
|
||||
# Generate a CA Certificate used to sign certificates for the webhook
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
spec:
|
||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
|
||||
duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.certManager.rootCert.revisionHistoryLimit }}
|
||||
revisionHistoryLimit: {{ . }}
|
||||
{{- end }}
|
||||
issuerRef:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer
|
||||
commonName: "ca.webhook.kube-prometheus-stack"
|
||||
isCA: true
|
||||
---
|
||||
# Create an Issuer that uses the above generated CA certificate to issue certs
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
spec:
|
||||
ca:
|
||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert
|
||||
{{- end }}
|
||||
---
|
||||
# generate a server certificate for the apiservices to use
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
spec:
|
||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
|
||||
{{- with .Values.prometheusOperator.admissionWebhooks.certManager.admissionCert.revisionHistoryLimit }}
|
||||
revisionHistoryLimit: {{ . }}
|
||||
{{- end }}
|
||||
issuerRef:
|
||||
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }}
|
||||
{{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }}
|
||||
{{- else }}
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer
|
||||
{{- end }}
|
||||
dnsNames:
|
||||
{{- include "kube-prometheus-stack.operator.admission-webhook.dnsNames" . | splitList "\n" | toYaml | nindent 4 }}
|
||||
{{- end -}}
|
||||
@@ -0,0 +1,40 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "cilium") }}
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- else }}
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" $ | nindent 6 }}
|
||||
{{- end }}
|
||||
egress:
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.cilium .Values.prometheusOperator.networkPolicy.cilium.egress }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.cilium.egress | nindent 6 }}
|
||||
{{- else }}
|
||||
- toEntities:
|
||||
- kube-apiserver
|
||||
{{- end }}
|
||||
ingress:
|
||||
- toPorts:
|
||||
- ports:
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- port: {{ .Values.prometheusOperator.tls.internalPort | quote }}
|
||||
{{- else }}
|
||||
- port: "8080"
|
||||
{{- end }}
|
||||
protocol: "TCP"
|
||||
{{- if not .Values.prometheusOperator.tls.enabled }}
|
||||
rules:
|
||||
http:
|
||||
- method: "GET"
|
||||
path: "/metrics"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,117 @@
|
||||
{{/* This file is based on https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/platform/rbac.md */}}
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- monitoring.coreos.com
|
||||
resources:
|
||||
- alertmanagers
|
||||
- alertmanagers/finalizers
|
||||
- alertmanagers/status
|
||||
- alertmanagerconfigs
|
||||
- prometheuses
|
||||
- prometheuses/finalizers
|
||||
- prometheuses/status
|
||||
- prometheusagents
|
||||
- prometheusagents/finalizers
|
||||
- prometheusagents/status
|
||||
- thanosrulers
|
||||
- thanosrulers/finalizers
|
||||
- thanosrulers/status
|
||||
- scrapeconfigs
|
||||
- scrapeconfigs/status
|
||||
- servicemonitors
|
||||
- servicemonitors/status
|
||||
- podmonitors
|
||||
- podmonitors/status
|
||||
- probes
|
||||
- probes/status
|
||||
- prometheusrules
|
||||
- prometheusrules/status
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- statefulsets
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- secrets
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- list
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- services/finalizers
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
- events.k8s.io
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- patch
|
||||
- create
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- storage.k8s.io
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- discovery.k8s.io
|
||||
resources:
|
||||
- endpointslices
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- delete
|
||||
{{- end }}
|
||||
@@ -0,0 +1,16 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,249 @@
|
||||
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
|
||||
{{- $defaultKubeletSvcName := printf "%s-kubelet" (include "kube-prometheus-stack.fullname" .) }}
|
||||
{{- if .Values.prometheusOperator.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
{{- if .Values.prometheusOperator.labels }}
|
||||
{{ toYaml .Values.prometheusOperator.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: 1
|
||||
revisionHistoryLimit: {{ .Values.prometheusOperator.revisionHistoryLimit }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- with .Values.prometheusOperator.strategy }}
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 8 }}
|
||||
{{- if .Values.prometheusOperator.podLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.priorityClassName }}
|
||||
priorityClassName: {{ .Values.prometheusOperator.priorityClassName }}
|
||||
{{- end }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- include "kube-prometheus-stack.imagePullSecrets" . | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "kube-prometheus-stack.name" . }}
|
||||
{{- $configReloaderRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.prometheusConfigReloader.image.registry -}}
|
||||
{{- $operatorRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.image.registry -}}
|
||||
{{- $thanosRegistry := .Values.global.imageRegistry | default .Values.prometheusOperator.thanosImage.registry -}}
|
||||
{{- if .Values.prometheusOperator.image.sha }}
|
||||
image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.prometheusOperator.image.sha }}"
|
||||
{{- else }}
|
||||
image: "{{ $operatorRegistry }}/{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag | default .Chart.AppVersion }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}"
|
||||
args:
|
||||
{{- if .Values.prometheusOperator.kubeletService.enabled }}
|
||||
- --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ default $defaultKubeletSvcName .Values.prometheusOperator.kubeletService.name }}
|
||||
{{- if .Values.prometheusOperator.kubeletService.selector }}
|
||||
- --kubelet-selector={{ .Values.prometheusOperator.kubeletService.selector }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- --kubelet-endpoints={{ .Values.prometheusOperator.kubeletEndpointsEnabled }}
|
||||
- --kubelet-endpointslice={{ .Values.prometheusOperator.kubeletEndpointSliceEnabled }}
|
||||
{{- if .Values.prometheusOperator.logFormat }}
|
||||
- --log-format={{ .Values.prometheusOperator.logFormat }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.logLevel }}
|
||||
- --log-level={{ .Values.prometheusOperator.logLevel }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.denyNamespaces }}
|
||||
- --deny-namespaces={{ tpl (.Values.prometheusOperator.denyNamespaces | join ",") $ }}
|
||||
{{- end }}
|
||||
{{- with $.Values.prometheusOperator.namespaces }}
|
||||
{{- $namespaces := list }}
|
||||
{{- if .releaseNamespace }}
|
||||
{{- $namespaces = append $namespaces $namespace }}
|
||||
{{- end }}
|
||||
{{- if .additional }}
|
||||
{{- range $ns := .additional }}
|
||||
{{- $namespaces = append $namespaces (tpl $ns $) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- --namespaces={{ $namespaces | mustUniq | join "," }}
|
||||
{{- end }}
|
||||
- --localhost=127.0.0.1
|
||||
{{- if .Values.prometheusOperator.prometheusDefaultBaseImage }}
|
||||
- --prometheus-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.prometheusDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.prometheusDefaultBaseImage }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
|
||||
- --alertmanager-default-base-image={{ .Values.global.imageRegistry | default .Values.prometheusOperator.alertmanagerDefaultBaseImageRegistry }}/{{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.prometheusConfigReloader.image.sha }}
|
||||
- --prometheus-config-reloader={{ $configReloaderRegistry }}/{{ .Values.prometheusOperator.prometheusConfigReloader.image.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloader.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloader.image.sha }}
|
||||
{{- else }}
|
||||
- --prometheus-config-reloader={{ $configReloaderRegistry }}/{{ .Values.prometheusOperator.prometheusConfigReloader.image.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloader.image.tag | default .Chart.AppVersion }}
|
||||
{{- end }}
|
||||
- --config-reloader-cpu-request={{ (((.Values.prometheusOperator.prometheusConfigReloader.resources).requests).cpu) | default 0 }}
|
||||
- --config-reloader-cpu-limit={{ (((.Values.prometheusOperator.prometheusConfigReloader.resources).limits).cpu) | default 0 }}
|
||||
- --config-reloader-memory-request={{ (((.Values.prometheusOperator.prometheusConfigReloader.resources).requests).memory) | default 0 }}
|
||||
- --config-reloader-memory-limit={{ (((.Values.prometheusOperator.prometheusConfigReloader.resources).limits).memory) | default 0 }}
|
||||
{{- if .Values.prometheusOperator.prometheusConfigReloader.enableProbe }}
|
||||
- --enable-config-reloader-probes=true
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }}
|
||||
- --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerInstanceSelector }}
|
||||
- --alertmanager-instance-selector={{ .Values.prometheusOperator.alertmanagerInstanceSelector }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.alertmanagerConfigNamespaces }}
|
||||
- --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.prometheusInstanceNamespaces }}
|
||||
- --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.prometheusInstanceSelector }}
|
||||
- --prometheus-instance-selector={{ .Values.prometheusOperator.prometheusInstanceSelector }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.thanosImage.sha }}
|
||||
- --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}@sha256:{{ .Values.prometheusOperator.thanosImage.sha }}
|
||||
{{- else }}
|
||||
- --thanos-default-base-image={{ $thanosRegistry }}/{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }}
|
||||
- --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.thanosRulerInstanceSelector }}
|
||||
- --thanos-ruler-instance-selector={{ .Values.prometheusOperator.thanosRulerInstanceSelector }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.secretFieldSelector }}
|
||||
- --secret-field-selector={{ tpl (.Values.prometheusOperator.secretFieldSelector) $ }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.clusterDomain }}
|
||||
- --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- --web.enable-tls=true
|
||||
- --web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }}
|
||||
- --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }}
|
||||
- --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }}
|
||||
- --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }}
|
||||
{{- else }}
|
||||
- --web.enable-tls=false
|
||||
- --web.listen-address=:8080
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.extraArgs }}
|
||||
{{- tpl (toYaml .) $ | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.lifecycle }}
|
||||
lifecycle: {{ toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
ports:
|
||||
- containerPort: {{ .Values.prometheusOperator.tls.internalPort }}
|
||||
name: https
|
||||
{{- else }}
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
{{- end }}
|
||||
env:
|
||||
{{- range $key, $value := .Values.prometheusOperator.env }}
|
||||
- name: {{ $key }}
|
||||
value: {{ $value | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.prometheusOperator.resources | indent 12 }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.containerSecurityContext | indent 12 }}
|
||||
volumeMounts:
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- name: tls-secret
|
||||
mountPath: /cert
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.readinessProbe.enabled }}
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.prometheusOperator.tls.enabled | ternary "https" "http" }}
|
||||
scheme: {{ .Values.prometheusOperator.tls.enabled | ternary "HTTPS" "HTTP" }}
|
||||
initialDelaySeconds: {{ .Values.prometheusOperator.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheusOperator.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.prometheusOperator.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.prometheusOperator.readinessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.livenessProbe.enabled }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.prometheusOperator.tls.enabled | ternary "https" "http" }}
|
||||
scheme: {{ .Values.prometheusOperator.tls.enabled | ternary "HTTPS" "HTTP" }}
|
||||
initialDelaySeconds: {{ .Values.prometheusOperator.livenessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.prometheusOperator.livenessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.prometheusOperator.livenessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.prometheusOperator.livenessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.prometheusOperator.livenessProbe.failureThreshold }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- name: tls-secret
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.extraVolumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.dnsConfig }}
|
||||
dnsConfig:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if kindIs "bool" .Values.prometheusOperator.hostUsers }}
|
||||
hostUsers: {{ .Values.prometheusOperator.hostUsers }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.securityContext }}
|
||||
securityContext:
|
||||
{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
|
||||
automountServiceAccountToken: {{ .Values.prometheusOperator.automountServiceAccountToken }}
|
||||
{{- if .Values.prometheusOperator.hostNetwork }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.prometheusOperator.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,29 @@
|
||||
{{- if and .Values.prometheusOperator.networkPolicy.enabled (eq .Values.prometheusOperator.networkPolicy.flavor "kubernetes") }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
spec:
|
||||
egress:
|
||||
- {}
|
||||
ingress:
|
||||
- ports:
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- port: {{ .Values.prometheusOperator.tls.internalPort }}
|
||||
{{- else }}
|
||||
- port: 8080
|
||||
{{- end }}
|
||||
policyTypes:
|
||||
- Egress
|
||||
- Ingress
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- if .Values.prometheusOperator.networkPolicy.matchLabels }}
|
||||
{{ toYaml .Values.prometheusOperator.networkPolicy.matchLabels | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,15 @@
|
||||
{{- if .Values.prometheusOperator.podDisruptionBudget.enabled -}}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
release: {{ $.Release.Name | quote }}
|
||||
{{- toYaml (omit .Values.prometheusOperator.podDisruptionBudget "enabled") | nindent 2 }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,61 @@
|
||||
{{- if .Values.prometheusOperator.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
{{- if .Values.prometheusOperator.service.labels }}
|
||||
{{ toYaml .Values.prometheusOperator.service.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.service.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.prometheusOperator.service.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.prometheusOperator.service.clusterIP }}
|
||||
clusterIP: {{ .Values.prometheusOperator.service.clusterIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.service.ipDualStack.enabled }}
|
||||
ipFamilies: {{ toYaml .Values.prometheusOperator.service.ipDualStack.ipFamilies | nindent 4 }}
|
||||
ipFamilyPolicy: {{ .Values.prometheusOperator.service.ipDualStack.ipFamilyPolicy }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.service.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.prometheusOperator.service.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.prometheusOperator.service.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{- range $cidr := .Values.prometheusOperator.service.loadBalancerSourceRanges }}
|
||||
- {{ $cidr }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if ne .Values.prometheusOperator.service.type "ClusterIP" }}
|
||||
externalTrafficPolicy: {{ .Values.prometheusOperator.service.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
{{- if not .Values.prometheusOperator.tls.enabled }}
|
||||
- name: http
|
||||
{{- if eq .Values.prometheusOperator.service.type "NodePort" }}
|
||||
nodePort: {{ .Values.prometheusOperator.service.nodePort }}
|
||||
{{- end }}
|
||||
port: 8080
|
||||
targetPort: http
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- name: https
|
||||
{{- if eq .Values.prometheusOperator.service.type "NodePort"}}
|
||||
nodePort: {{ .Values.prometheusOperator.service.nodePortTls }}
|
||||
{{- end }}
|
||||
port: 443
|
||||
targetPort: https
|
||||
{{- end }}
|
||||
selector:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
release: {{ $.Release.Name | quote }}
|
||||
type: "{{ .Values.prometheusOperator.service.type }}"
|
||||
{{- end }}
|
||||
@@ -0,0 +1,17 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
{{- with .Values.prometheusOperator.serviceAccount.annotations }}
|
||||
annotations: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.prometheusOperator.serviceAccount.automountServiceAccountToken }}
|
||||
{{- if .Values.global.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,47 @@
|
||||
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceMonitor.selfMonitor }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
{{- with .Values.prometheusOperator.serviceMonitor.additionalLabels }}
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include "servicemonitor.scrapeLimits" .Values.prometheusOperator.serviceMonitor | nindent 2 }}
|
||||
endpoints:
|
||||
{{- if .Values.prometheusOperator.tls.enabled }}
|
||||
- port: https
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
serverName: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
ca:
|
||||
secret:
|
||||
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
||||
key: {{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}ca.crt{{ else }}ca{{ end }}
|
||||
optional: false
|
||||
{{- else }}
|
||||
- port: http
|
||||
{{- end }}
|
||||
honorLabels: true
|
||||
{{- if .Values.prometheusOperator.serviceMonitor.interval }}
|
||||
interval: {{ .Values.prometheusOperator.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{ tpl (toYaml .Values.prometheusOperator.serviceMonitor.metricRelabelings | indent 6) . }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ toYaml .Values.prometheusOperator.serviceMonitor.relabelings | indent 6 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "kube-prometheus-stack.name" . }}-operator
|
||||
release: {{ $.Release.Name | quote }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,40 @@
|
||||
{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.prometheusOperator.verticalPodAutoscaler.enabled) }}
|
||||
apiVersion: autoscaling.k8s.io/v1
|
||||
kind: VerticalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
||||
labels:
|
||||
{{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- with .Values.prometheusOperator.verticalPodAutoscaler.recommenders }}
|
||||
recommenders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
resourcePolicy:
|
||||
containerPolicies:
|
||||
- containerName: {{ template "kube-prometheus-stack.name" . }}
|
||||
{{- with .Values.prometheusOperator.verticalPodAutoscaler.controlledResources }}
|
||||
controlledResources:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.verticalPodAutoscaler.controlledValues }}
|
||||
controlledValues: {{ .Values.prometheusOperator.verticalPodAutoscaler.controlledValues }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed }}
|
||||
maxAllowed:
|
||||
{{- toYaml .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.prometheusOperator.verticalPodAutoscaler.minAllowed }}
|
||||
minAllowed:
|
||||
{{- toYaml .Values.prometheusOperator.verticalPodAutoscaler.minAllowed | nindent 8 }}
|
||||
{{- end }}
|
||||
targetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ template "kube-prometheus-stack.operator.fullname" . }}
|
||||
{{- with .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy }}
|
||||
updatePolicy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user